Exploit #1 - School Attack

What kind of bloggers would we be if we just talked about everything cool happening in the world, and didn't actually do anything ourselves?  We are a hacking blog, we talk about hacks, see what hacks are out there, and how to defend against them.  As always, you should hack responsibly, working on making the world (or network) a safer place.

So what did I do that merits a blog post?  My friend and I were at school today, messing around.  Our school is pretty special in that it has two networks, a public one, and a private encrypted one.  Of course, the encryptions is only WEP, so my friend hacked it and shared the key with me.  Great, we are in.  So now what do we do?

Cue nmap.  A necessary program which allows us to view other computers on the network.  Because we are on the Secure Network, so are all the other school's computers.  Well, my friend and I found the school's server which was hosting the firewall.  In our attempts to hack it, I showed another friend around.

I explained that the Firewall really isn't that big a deal.  To get around it, you can just "ping" a website to find out its address, and then use the IP address instead of the URL to reach the site.  As an example, I typed in this to my OpenSuse Terminal:
$ping www
Of course, this brought up an unexpected result.  It fetched the IP address of the school's website, which was on the network.  I then used nmap to map its ports:
$ sudo nmap -sS IPADDRESS
And this showed me that our school's web server was running an FTP client with the FTP port open.  Using the terminal, I FTP'ed into it, (I used my own username and password, which worked).
The FTP brought me to my own files and folders.  I wasn't surprised, I had used my own log in credentials.  What did surprise me though, was that I could access some other folders.  I went back to the root directory, and found that there were quite a few folders which I didn't know existed.  I poked around a little bit, and then left.

There was a lot of other things to explore, and we haven't gotten into the Sonic Wall yet, but nmap has proven to be invaluable already.  Now we just need to sniff some passwords.