If applicable, have you easily circumvented the measures taken by a sysadmin other than yourself?
Yes.
 57%  [ 16 ]
No, this sysadmin was actually intelligent.
 17%  [ 5 ]
No, but I could have if I wanted to.
 25%  [ 7 ]
Total Votes : 28

I always find it enjoyable when system administrators make it annoyingly easy to circumvent their security measures. Typically, these would include the installation of software and such. Some things I've had left open on this school PC:

  1. I can boot from external media. This was an amazing failure by the system administrators. The tablets contain no optical drive, but two USB ports and an SD card port are available for use, and the boot sequence is set to go directly to hard drive boot. However, one can simply press F9 (the boot selection menu for these), and select a USB drive or the SD card.
  2. I am not an administrator. It's not possible to install software. Well, okay, but many installers of various types can be extracted in some form or another. NSIS can easily be extracted with 7-zip, and I can use a program called Uniextract (Universal Extractor) for MSIs and such as well.
  3. Portable Apps. Everyone can use them, though there may be a few bits of data to remove.

All of this could be prevented to a great extent with two items: a whitelist of programs and locking the boot sequence. I'm not sure of the feasibility of locking the boot, considering it seems that doing so would apply to any booting with the BIOSs I've seen.

It's amazing how stupid these guys who are put in charge of managing these computers can be. Any thoughts? I just finished making a new live USB on a new 16GB USB drive, so I shall reboot... or just shut down, given the time. Razz

I'll likely be joining IRC from a mobile device, though. Rolling Eyes
My school had this. I voted Yes.
https:// was my favorite method of getting past the login screen for the internet system* until the caught me, then I really didn't care enough to find other ways.

*Yeah, we had to login to use the internet. It was just our Student ID and a password we choose. But the fact that the protocol wasn't watching https was great. Checking Facebook without my teachers knowing I was on, was super. I'm the reason that exploit no longer exists at my high school too Razz
https:// still works at my school Smile The best part is, they won't get rid of it because all the teachers use it to get on YouTube (My government teacher would show us SNL Razz). Though, they have done things to try to stop us from doing that. For instance, https://youtube.com doesn't work, but https://www.youtube.com does. Same goes for Google Images, which is blocked if you try to click the button to switch to Images mode, but if you search for something, then click that button, then copy the URL and change it to https://, it works Very Happy

Other than that, they let us run any program we want, so I usually have a flash drive with Portable Apps on it that I bring around to any computer I use Smile Which is both great, and terrible (and understandable). It's awful because that means that people in my computer science class play Halo the whole time, and now we're 1 semester in, and most people don't know VB. But, if my school didn't do that, we couldn't run any of our programs that we wrote in VB (Which might be a good thing.. maybe we could move to another language).
My computer science teacher doesn't let us use USB drives, so I upload portable apps to Dropbox after first changing their extension (because we can't download .exes), and I change it back once it's downloaded. YouTube and Facebook are both unblocked in my school, but the https:// trick doesn't work on other blocked websites. Our school uses DeepFreeze, so even if we installed anything it would get deleted after the next reboot.
I usually (read: always) brung my laptop to school, so on-device lockdowns don't apply. The school also has two networks: FCPS (which is locked down), FCPSmobile (locked down but usually faster), and in half the building you can access one called HerpDerpNet (no joke), and it has no network monitoring or site blocking. So, I'm usually completely unrestricted anyways Smile

Though, if I have to, on FCPS/FCPSmobile, the https:// trick works to access sites like facebook.
Oh man, I could go on about this

1. CMD is blocked, but not command.com

2. I can run any application from my flash drive, so I just have to install from home, or in the case of a portable app, from school

3. I can easily get 100% unlimited internet using TOR

4. I can access the C drive using shortcuts

5. I can easily boot into a linux distro from a flash drive, except on the laptops, the laptops have measures against this I can't seem to fix...
Ha, for my school...
1. https:// works.
2. Any EXE will work. You can install anything.
3. They don't allow you to save downloads, just open them. I just go to the temporary folder and there is my download Very Happy
4. Portable Apps works. My friend has tons of portable apps installed on his account at school. Me, I just bring my flash drive.
5. Booting from other devices works.
6. They blocked all use of Command Prompt (I've tried all the tricks, those don't work either), but Windows PowerShell (which is basically Command Prompt under a different name) works. I was on IRC through telnet at school once :3
7. Chrome portable can get through most of the security.
I can get around the web filters at my school with Firefox portable loaded up with foxy proxy, and PuTTY for an SSH tunnel. All my internet traffic is encrypted, and there's no on-board computer security. I prefer using computers at my school sometimes since the computers in the CAD lab are powerful Wink (Loaded down with 3.2 GHz i5s, 8GB DDR3 ram, and 1.5 GB nVidia 440s. Compared to my home machine, those things are beasts.

I love my school <3
Oh yeah, and I do think that if you log onto the computer while not connected to the internet, and then connect to internet, you get semi-sysadmin powers...
qazz42 wrote:
Oh yeah, and I do think that if you log onto the computer while not connected to the internet, and then connect to internet, you get semi-sysadmin powers...

Wow. That's an awesome glitch!
As for command.com, I don't know of many sysadmins who block it. The issue of not being able to do this typically arises when your system is using a 64-bit OS. command.com is a 16-bit application, and as such, will only run in a 16-bit or 32-bit userspace.

My school uses this one form of web filtering, the name of which I cannot recall, which is server-side. It existed at my previous school, as well. Due to its presence on the server as opposed to the clients, even personal wireless devices on the network would be subjected to filtering. There isn't an easy way to avoid it, as far as I'm aware, but I don't feel a need to circumvent it, as I can do as I please at home.

One other issue with trying to avoid it is the fact that the computers come with DyKnow. It provides the staff with a way of seeing the students' screens, controlling computers, and more. Thankfully, it's a local ad-hoc connection with that. While it would certainly be simple to have another program communicate as DyKnow does and inhibit DyKnow's process, I wouldn't want to be sending a still image while I'm typing or scrolling, as that would most certainly arouse suspicion.

In response to Weregoose: Wow. Was Windows 95 that insecure? I understand that the idea is focusing on the program, but it seems the circumvention methods are due to Windows 95 being easily hackable.
Ah, but with command.com it works because all the student computers use WinXP, the filters they use don't work with Win7 I think...

Also, I think our filters are server side, and only TOR gets around it, sadly.

Hmm, my school has something like DyKnow, something called activision or something. I remember that once my friend Vinny went on a computer that was actually a teacher's computer, and was screwing with everyones' screens XD they hardly use it anyways, so I always get away with playing Doom and stuff....
How difficult is it to use TOR if you don't have administrative privileges, anyway?
It's not like ALL of the teachers use it ALL of the time. By that, I mean they are always looking unless we are having an odd band class and we aren't playing music or school isn't in session, but a club meeting or other such event occurs after school.
Very easy, actually. My school does not block .exe's if they don't install something.

Also, an interesting tip if you happen to not have a flash drive that day to run programs off of. Apparently I cannot move .exe's onto my school user account's folder (which is used to saving things like pictures and stuff) However, I can rename it as a .txt and move it in, so that way next time I am on the computer, I just move the .txt file and rename it back to a .exe, and BAM, no need for flashdrives to store stuff on Very Happy
qazz42 wrote:
Very easy, actually. My school does not block .exe's if they don't install something.

Also, an interesting tip if you happen to not have a flash drive that day to run programs off of. Apparently I cannot move .exe's onto my school user account's folder (which is used to saving things like pictures and stuff) However, I can rename it as a .txt and move it in, so that way next time I am on the computer, I just move the .txt file and rename it back to a .exe, and BAM, no need for flashdrives to store stuff on Very Happy

Wow, nice. Every system is different, and I can easily use EXE files. I was, however, surprised that I cannot open the Command Prompt, but I can use batch files. And no, I can't run cmd.exe from a batch file, but I can use batch files for random other things. For example, I cause Minecraft to think the AppData folder is actually where it is. No need to clean up %APPDATA% here! Smile By the way, that is a great method for using multiple .minecraft directories. Just make a batch file containing:

Code:
set APPDATA=[Path to directory containing the .minecraft folder]
start Minecraft.exe
Ok here it goes. This was last year btw.

1. almost every room had its own wifi network. Every password was ecschools1015. (We have school-wide wifi now and the password is even hidden from the computers that are connected to it)

2. https:// worked (not now)

3. Tried tor once. Don't remember if it worked or not.

4. Can create and install a linux partition on the machine. Boot a USB install and just do it normally. (afaik this still works) I don't know if it is related but the only caveat is USB flash drives wouldn't work in Windows afterwards.

5. Got in trouble for sharing that universal wifi password. (apparently they used that same password for other things too that I didn't know about)

6. That little chinese firewall bypasser that auto configured internet explorer. Bound it to a local tcp port. (a name isn't coming to mind, started with a U I think)

7. Oh and portable apps work just fine. Can even download exes and install them.

All in all last year was a fun year XD. Got 3 days of out of school but just to see them freak about all the stuff that happened was worth it.
ParkerR wrote:
Every password was ecschools1015.

Wow, that... is mindblowingly stupid. We have the network key in our computers but Windows 7 seems to have the ability to block us from "managing" the network, so I couldn't see the key as easily as I'd like. Also: Next time, share the method for displaying the key in plain text, and act as if the discovery of the network key by so many people was an unfortunate result. Evil or Very Mad
technomonkey76 wrote:
ParkerR wrote:
Every password was ecschools1015.

Wow, that... is mindblowingly stupid. We have the network key in our computers but Windows 7 seems to have the ability to block us from "managing" the network, so I couldn't see the key as easily as I'd like. Also: Next time, share the method for displaying the key in plain text, and act as if the discovery of the network key by so many people was an unfortunate result. Evil or Very Mad


WirelessKeyView. It's a nirsoft utility. http://www.nirsoft.net/utils/wireless_key.html

That new network, the password for that doesn't even show up in here.
technomonkey76 wrote:
...our computers but Windows 7 seems...


I hate you. XD All of our computers are running XP. Probably couldn't even run Vista.
Wow Parker... they really suspended you just for sharing a password? Proobably was not worth it, imo >.>
  
Register to Join the Conversation
Have your own thoughts to add to this or any other topic? Want to ask a question, offer a suggestion, share your own programs and projects, upload a file to the file archives, get help with calculator and computer programming, or simply chat with like-minded coders and tech and calculator enthusiasts via the site-wide AJAX SAX widget? Registration for a free Cemetech account only takes a minute.

» Go to Registration page
Page 1 of 3
» All times are UTC - 5 Hours
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

 

Advertisement