Guys wanna know more about my college?
admin admin works for the whole fucking students' network!

@Linuxxx @xkill @sifun @ceee @Floydian @undef

🤦‍♂️ go kill it all

Hott, i wish it worked with me too :/
Would have a hell lot of mother fuckin attendence

In this kind of situation I just disable DHCP to fuck with them, because if you have admin:admin than you deserve it

fucking LOL.

@gitlog what kind of god powers have you achieved?

That's really cool !
never tried any such thing, wonder if it'll work for us. 🤔 TBH it better not !

Drop table students

You're hacker like zucc.

I think you should stay in the network silently gathering information. Don't do anything batshit crazy. Ethically speaking at least.

@karma @TitanLannister @Floydian @http418 it's not a database or attendance system. It's the college network

@inpothet @Pogromist @tacticalKimchi did something better. Informed the sysadmin (it office). Hoped for something good but they started a blame game!

Finally told the technician. He told he'd update "tomorrow"

Gotta check today

@TitanLannister as for the attendance, our seniors already broke the fingerprint system by similar ways.

Since then they shifted to manual. LoL

@gitlog o I report and do things to make sure it gets done fast

Don't report, just sit on it. I've been kicked out of my previous school for reporting something far more innocent than that. Incompetent teachers being pushed in a corner and trying to not lose their face are strange creatures indeed...
The ethical choice would be reporting, but in some cases the unethical choice of keeping it for yourself really is the best one.

@Condor yea I report of I know it's safe but turn of DHCP and WiFi if I'm ready to fuck around

@inpothet in that case, don't cry after I warned you 🙂 there's always a nonzero chance of getting shat on, something which apparently linearly increases with responsible person's incompetence. And teachers are notorious for being *extremely* incompetent. I've experienced that firsthand, and all I want is for that to be the last time that I or anyone that I know a bit experience it. Sometimes the best way to win is not to play. Don't report it, or report it anonymously. However, an admin:admin is willful ignorance and incompetence. I wouldn't risk it, even after I'm done "studying" there. Hence why you should sit on it and keep it for yourself. Post about it here all you want, just keep quiet to your teachers about it.

Yea, I had fights with teachers that gave us assignments like setting up tomorrow login from GUI, still pissed

@Condor @inpothet calm down...
I reported to a bit knowledgeable sysadmins.
I ain't reporting to a random guy

@gitlog I hope that you'll be okay then. The "sysadmin" from our school was one that boasted about his ability to monitor the server with what I strongly suspect was a GUI to tcpdump. How he took pride in being "root" on the servers. How he took pride in his alleged ability to "decrypt OpenVPN traffic to my servers in real-time, thanks to some Cisco box" because fuck NSA's efforts to do the same with virtually unlimited budget and the world's best cryptographers, right?

How they boycotted against me for being an "evil h4xx0r" after I mentioned to them that running the Moodle server without TLS is a really bad idea, since anyone in class can harvest everyone else's login credentials that way. Asked "nutzwurking & sakurite" lass whether I could make a PoC and privately disclose it, which I was allowed to. So I went back home, set up bettercap-ng (aka Ruby clusterfuck) and harvested the login credentials from the phone that I'd poisoned the network connection of. Recorded the whole thing, sent it back.

From there, they blocked my VPN servers (why?!) for some strange reasons like "bypassing firewall means that you can watch porn in class". I had my seat right next to the fucking teacher. Totally great for watching fucking porn, isn't it?! Afterwards I left and looked them directly in the eyes, something which I don't do very often. Told them how much of a joke they are, for doing this to preserve their underserved pride over ensuring that their students are secure. And I left. Later they even had the guts to ask me for financial compensation "for disrupting good service" which I not so politely declined. Sue me fuckers, but I already know who's going to win that case.

Hence my point. Be careful. Ask him how he maintains his systems first. Why he went with admin:admin because that's incompetent as shit. I lost my education over this, which I don't regret. But you should take it into account.

Been 6 days now... Still no change ( ≧Д≦)

@karma @TitanLannister @Floydian @inpothet @corscheid @nothappy @ceee @http418 @Pogromist @tacticalKimchi @Condor

@gitlog change is hard, ask obama

@gitlog bitch please, I've notified my ISP about the security issues with storing passwords in plain text over a year ago, and they still didn't change it 🙃

@Floydian yes
@Condor oh lol
@karma lol what?

Better change the password to admin1 as soon as possible

🤦‍♂️🤦‍♂️🤦‍♂️

When i detect that I'm in a restricted network, i panic and establish a vpn to the free world Immediately.

Excellent thread.

ahaha it's a great success. I read about the same story on one of the essay examples at https://writingbros.com/essay-examp... there is a story of a hacker who used the most complex descriptor. And as a result, the password was simply incorrectly banal. Probably the first thing you entered was the administrator's birthday? Probably now the college will take care of its security and hire a cybersecurity service.

nice!!!