Network Security tools script

Chkrootkit:
chkrootkit is a tool to locally check for signs of a rootkit. It contains a chkrootkit: shell script that checks system binaries for rootkit modification.

Installation:
Open up the terminal and type the following command to install chkrootkit:

$ sudo apt-get install chkrootkit

Using chkrootkit:
Open up the terminal and type the command: $ sudo chkrootkit
This will perform all tests

Other Configurations:
If you want an automatic daily run of chkrootkit:
Open /etc/chkrootkit.conf and Replace RUN_DAILY="false" by RUN_DAILY="true"

If you also want a daily mailed report :
Open /etc/cron.daily/chkrootkit and replace '$CHKROOTKIT $RUN_DAILY_OPTS' by

'$CHKROOTKIT $RUN_DAILY_OPTS | mail -s '"\"Daily chkrootkit run from $HOSTNAME \"$YOUR_EMAIL_ADDRESS"'

Rkhunter:
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, sniffers, and malware. The application consists of the main shell script, a few text-based databases, and optional Perl scripts. It can recognise and run external applications like 'skdet' and 'unhide'. It should run on almost every Unix clone.

Installation:
Open up the terminal and type the following command to install Rkhunter:

$ sudo apt-get install Rkhunter

Using Rkhunter:
Open up the terminal and type the command: $ sudo rkhunter --check
This will perform all tests

By default, the log file '/var/log/rkhunter.log' will be created. It will contain the results of the checks made by Rkhunter

The following command option causes rkhunter to check and download the later version of any of its text data files: $ sudo rkhunter --update

 

 

others :

 

1. DenyHosts

What is DenyHosts?

DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks). If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system?

Features

- Parses /var/log/secure to find all login attempts and filters failed and successful attempts. - Synchronization mode (new in 2.0) allows DenyHosts daemons the ability to share data via a centralized server to proactively thwart attacks.
- Can be run from the command line, cron or as a daemon (new in 0.9)
- Records all failed login attempts for the user and offending host
- For each host that exceeds a threshold count, records the evil host
- Keeps track of each non-existent user (eg. sdadasd) when a login attempt failed.
- Keeps track of each existing user (eg. root) when a login attempt failed.
- Keeps track of each offending host (with 0.8+ these hosts can be purged if the associated entry in /etc/hosts.deny is expired)
- Keeps track of suspicious logins (that is, logins that were successful for a host that had many login failures)
- Keeps track of the file offset, so that you can reparse the same file (/var/log/secure) continuously (until it is rotated).
- When the log file is rotated, the script will detect it and parse from the beginning.
- Appends /etc/hosts.deny and adds the newly banned hosts
- Optionally sends an email of newly banned hosts and suspicious logins.
- Keeps a history of all user, host, user/host combo and suspicious logins encountered which includes the data and number of corresponding failed login attempts.
- Maintains failed valid and invalid user login attempts in separate files, such that it is easy to see which valid user is under attack (which would give you the opportunity to remove the account, change the password or change it's default shell to something like /sbin/nologin
- Upon each run, the script will load the previously saved data and re-use it to append new failures.
- Resolves IP addresses to hostnames, if available (new in v0.6.0).
- /etc/hosts.deny entries can be expired (purge) at a user specified time (new in 0.8)

These are some of the people and sites that have blogged about DenyHosts:

• Tool of the Month
• Preventing SSH Dictionary Attacks With DenyHosts
• Securing SSH with DenyHosts
• Slashdot
• The Life Of Ken
• The Mad Philosopher
• Jay R. Wren
• NewsForge
• Nix Bits
• Ho John Lee 

 

2. Fail2ban

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).  

3. Ubuntu security tools

The Ubuntu repositories contain several useful tools for maintaining a secure network and network administration. This page attempts to list the most popular and useful of these utilities, a brief description of them, and how to install them.

• Wireshark (Previously called Ethereal) - a popular network traffic analyzing tool, that can capture both off the wire and from existing capture files. It features a helpful GUI to ease analysis. Note: The Universe package adds a menu entry that expects the user to have a root account. To use ethereal in Ubuntu, use gksudo in a terminal. You should only run it using sudo if need to capture packets live; root privileges are not required to read saved capture files. For Ubuntu 6.06 and earlier install the ethereal and ethereal-common packages from the Universe Repository.
  • For Ubuntu 6.10 onwards install install the wireshark and wireshark-common packages from the Universe Repository.
• ''Nessus'' - a powerful remote network security auditor, with a nice GUI. Nessus supports plugins and offers a usually current attack database. It also features useful scripting abilities, allowing you to automate many tasks. Nessus is no longer open source, but is available free for personal use.
• ''OpenVAS'' (The Open Vulnerability Assessment System) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 20,000 in total (as of January 2011). All OpenVAS products are Free Software. Most components are licensed under the GNU General Public License (GNU GPL). (forum thread on how to install and use.)
• Nmap - the standard network mapper. Has a thousand and one uses. To install Nmap install the nmap package.
• Etherape - an etherman clone. It displays network activity with an intuitive UI. Install the etherape package from the Universe Repository.
• Kismet - a wireless sniffing tool. Includes support for GPS map scanning with in use of the gpsdrive package. Install the kismet package from the Universe Repository.
• Chkrootkit - chkrootkit can be used to help determine if a machine has been compromised. While not what you should use for the 'final word' on if you have been compromised, it runs a lot of useful checks and can direct suspicions towards finding a solution. To install chkrootkit install the chkrootkit package.
• Rkhunter (Ubuntu 6.06 and above only) - another rootkit detection software. Install the rkhunter package from the Universe Repository.
• tiger - Tiger is a package consisting of Bourne Shell scripts, C code and data files which is used for checking for security problems on a UNIX system. It scans system configuration files, file systems, and user configuration files for possible security problems and reports them. Install tiger chkrootkit john.
• GnuPG - also known as GPG, is an open source PGP replacement implementing the OpenPGP standard. Lacks support for IDEA, but is incredibly useful. Included by default. GnuPG will allow you to encrypt emails, digitally sign, and integrates well into the Evolution mail client as well as Thunderbird.
• Seahorse - a light-weight Gnome frontend for GPG, makes managing keys much easier. Install the seahorse package from the Universe Repository.
• Nemesis - a command-line based packet injection utility. Requires a bit of reading the documentation to get full use from. To install nemesis install the nemesis package from the Universe Repository.
• Tcpdump - while its name suggests that it works for only TCP, tcpdump also supports UDP, BGP, NFS, and a lot of other packet types. It is a powerful network utility that should be in every admins toolbox, allowing you to pull in everything off the wire. In combination with ethereal it doesn't miss much. To install tcpdump install the tcpdump package.
• OpenSSH - OpenSSH almost singlehandedly stopped admins from using telnet, an insecure protocol. The OpenSSH client is installed by default. Generally you want to use SSH instead of telnet or rsh. In some situations, such as large number of clients, you might want to pursue other options, such as telnet with ssl. To install the ssh server install the openssh-server package.
• denyhosts (Ubuntu 6.10 and above only) - scans your SSH logs to find brute-force attacks, and then blocks the IPs they came from. To install denyhosts install the denyhosts package.

ssh compromised

Chkrootkit:
chkrootkit is a tool to locally check for signs of a rootkit. It contains a chkrootkit: shell script that checks system binaries for rootkit modification.

Installation:
Open up the terminal and type the following command to install chkrootkit:

$ sudo apt-get install chkrootkit

Using chkrootkit:
Open up the terminal and type the command: $ sudo chkrootkit
This will perform all tests

Other Configurations:
If you want an automatic daily run of chkrootkit:
Open /etc/chkrootkit.conf and Replace RUN_DAILY="false" by RUN_DAILY="true"

If you also want a daily mailed report :
Open /etc/cron.daily/chkrootkit and replace '$CHKROOTKIT $RUN_DAILY_OPTS' by

'$CHKROOTKIT $RUN_DAILY_OPTS | mail -s '"\"Daily chkrootkit run from $HOSTNAME \"$YOUR_EMAIL_ADDRESS"'

Rkhunter:
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, sniffers, and malware. The application consists of the main shell script, a few text-based databases, and optional Perl scripts. It can recognise and run external applications like 'skdet' and 'unhide'. It should run on almost every Unix clone.

Installation:
Open up the terminal and type the following command to install Rkhunter:

$ sudo apt-get install Rkhunter

Using Rkhunter:
Open up the terminal and type the command: $ sudo rkhunter --check
This will perform all tests

By default, the log file '/var/log/rkhunter.log' will be created. It will contain the results of the checks made by Rkhunter

The following command option causes rkhunter to check and download the later version of any of its text data files: $ sudo rkhunter --update

ssh compromised

1. stop ssh service

sudo /etc/init.d/ssh stop

2. stop ssh service

# sudo /etc/init.d/ssh start

3. Do not start at boot time :

chkconfig sshd off



1. Check auth log :
 /var/log/auth.log
/var/log/auth.log.0


2. Do a portscan with nmap

3. security tools utils :

- logcheck, portsentry, and tripwire



"it's very common for random dictionary SSH attempts, so i wouldn't be too worried by that. you may want to change the port for random obfuscation, but you'll still see random attempts from time to time, it's life having a machine on the internet." - Owen

"Will happen all the time with ssh enabled. Move it to a high port." - Bill K


if there was an attack, the best advice is to reinstall it from scratch ( make sure you plugin any holes on the new install ). It is very easy to not notice a backdoor or a stealth process, you are better off reinstalling.
"* ... prevent this from happening in the future?"

• security updates
• tight firewall
• strong passwords
• turn off uneccessary services

Suggestion :

There is some poor advice on this thread, such as:

• using a non-standard port for ssh (wrong!)
• using some third party security tool (adding an unnecessary dependency/complexity)
• configuring your firewall to block or whitelisting (maintenance head-ache)

Simply tweak your /etc/ssh/sshd_config instead to improve security:

• PermitRootLogin no
• Configure AllowUsers for only the users on the system who have ssh accounts
• Consider using only physical keys with 'PasswordAuthentication no'

If you are box has been infiltrated. Rebuild the box.
 

 

-----------------------------------------------------------------------------------------------------------------

 See:

• http://serverfault.com/questions/6159/aftermath-of-hack
• http://serverfault.com/questions/6190/reinstall-after-a-root-compromise

How can I prevent this from happening in the future?

See:

• http://serverfault.com/questions/4188/preventing-brute-force-attacks-against-ssh
• http://serverfault.com/questions/17870/hundreds-of-failed-ssh-logins
• http://serverfault.com/questions/55679/ubuntu-server-ssh
• http://serverfault.com/questions/11659/what-steps-do-you-take-to-secure-a-debian-server

-----------------------------------------------------------------------------------------------------------------

You can watch the box to see what's going in and out and look for anything suspicious. See this post: http://stackoverflow.com/questions/124745/sniffing-network-traffic-for-signs-of-virusesspyware

-----------------------------------------------------------------------------------------------------------------

Psad coupled with Shorewall is a good way to compliment your iptables rules.
I also use Fail2ban to track my ssh logins
 

 

-----------------------------------------------------------------------------------------------------------------

http://www.ossec.net/
taken from the website :
"OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response."

• log analysis It can check logs file on your servers and alerts you via rules (there are a lot pre-defined and you can add your own)
• file integrity tripwire/aide like functionnality so you will see if any file has been modified on your server
• policy monitoring : check some "Best practices" security rules
• rootkit detection : rkhunter, chkrootkit like functionnality
• real-time alerting and active response : You can configure ossec to react automatically to alerts (i don't use this but you can use it to block ssh access to hosts making too many failed connections attempts)

Really good product and it is very active
To harden your box you can also use lynis or bastille

• http://www.rootkit.nl/projects/lynis.html
• http://bastille-linux.sourceforge.net/

-----------------------------------------------------------------------------------------------------------------

take a look at tools like logcheck, portsentry, and tripwire. it's very common for random dictionary SSH attempts, so i wouldn't be too worried by that. you may want to change the port for random obfuscation, but you'll still see random attempts from time to time, it's life having a machine on the internet.
-----------------------------------------------------------------------------------------------------------------

Prevention :




- Use  iptables

$ iptables        -A INPUT      -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
$ iptables        -A INPUT      -p tcp --dport 22 -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT
$ iptables        -A INPUT      -p tcp --dport 22 -j DROP

Use DenyHosts to monitor my logs for suspicious SSH traffic, it can configured to automatically firewall off hosts at a certain point.

others :

 

1. DenyHosts

What is DenyHosts?

DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks). If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system?

Features

- Parses /var/log/secure to find all login attempts and filters failed and successful attempts. - Synchronization mode (new in 2.0) allows DenyHosts daemons the ability to share data via a centralized server to proactively thwart attacks.
- Can be run from the command line, cron or as a daemon (new in 0.9)
- Records all failed login attempts for the user and offending host
- For each host that exceeds a threshold count, records the evil host
- Keeps track of each non-existent user (eg. sdadasd) when a login attempt failed.
- Keeps track of each existing user (eg. root) when a login attempt failed.
- Keeps track of each offending host (with 0.8+ these hosts can be purged if the associated entry in /etc/hosts.deny is expired)
- Keeps track of suspicious logins (that is, logins that were successful for a host that had many login failures)
- Keeps track of the file offset, so that you can reparse the same file (/var/log/secure) continuously (until it is rotated).
- When the log file is rotated, the script will detect it and parse from the beginning.
- Appends /etc/hosts.deny and adds the newly banned hosts
- Optionally sends an email of newly banned hosts and suspicious logins.
- Keeps a history of all user, host, user/host combo and suspicious logins encountered which includes the data and number of corresponding failed login attempts.
- Maintains failed valid and invalid user login attempts in separate files, such that it is easy to see which valid user is under attack (which would give you the opportunity to remove the account, change the password or change it's default shell to something like /sbin/nologin
- Upon each run, the script will load the previously saved data and re-use it to append new failures.
- Resolves IP addresses to hostnames, if available (new in v0.6.0).
- /etc/hosts.deny entries can be expired (purge) at a user specified time (new in 0.8)

These are some of the people and sites that have blogged about DenyHosts:

• Tool of the Month
• Preventing SSH Dictionary Attacks With DenyHosts
• Securing SSH with DenyHosts
• Slashdot
• The Life Of Ken
• The Mad Philosopher
• Jay R. Wren
• NewsForge
• Nix Bits
• Ho John Lee 

 

2. Fail2ban

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).  

3. Ubuntu security tools

The Ubuntu repositories contain several useful tools for maintaining a secure network and network administration. This page attempts to list the most popular and useful of these utilities, a brief description of them, and how to install them.

• Wireshark (Previously called Ethereal) - a popular network traffic analyzing tool, that can capture both off the wire and from existing capture files. It features a helpful GUI to ease analysis. Note: The Universe package adds a menu entry that expects the user to have a root account. To use ethereal in Ubuntu, use gksudo in a terminal. You should only run it using sudo if need to capture packets live; root privileges are not required to read saved capture files. For Ubuntu 6.06 and earlier install the ethereal and ethereal-common packages from the Universe Repository.
  • For Ubuntu 6.10 onwards install install the wireshark and wireshark-common packages from the Universe Repository.
• ''Nessus'' - a powerful remote network security auditor, with a nice GUI. Nessus supports plugins and offers a usually current attack database. It also features useful scripting abilities, allowing you to automate many tasks. Nessus is no longer open source, but is available free for personal use.
• ''OpenVAS'' (The Open Vulnerability Assessment System) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 20,000 in total (as of January 2011). All OpenVAS products are Free Software. Most components are licensed under the GNU General Public License (GNU GPL). (forum thread on how to install and use.)
• Nmap - the standard network mapper. Has a thousand and one uses. To install Nmap install the nmap package.
• Etherape - an etherman clone. It displays network activity with an intuitive UI. Install the etherape package from the Universe Repository.
• Kismet - a wireless sniffing tool. Includes support for GPS map scanning with in use of the gpsdrive package. Install the kismet package from the Universe Repository.
• Chkrootkit - chkrootkit can be used to help determine if a machine has been compromised. While not what you should use for the 'final word' on if you have been compromised, it runs a lot of useful checks and can direct suspicions towards finding a solution. To install chkrootkit install the chkrootkit package.
• Rkhunter (Ubuntu 6.06 and above only) - another rootkit detection software. Install the rkhunter package from the Universe Repository.
• tiger - Tiger is a package consisting of Bourne Shell scripts, C code and data files which is used for checking for security problems on a UNIX system. It scans system configuration files, file systems, and user configuration files for possible security problems and reports them. Install tiger chkrootkit john.
• GnuPG - also known as GPG, is an open source PGP replacement implementing the OpenPGP standard. Lacks support for IDEA, but is incredibly useful. Included by default. GnuPG will allow you to encrypt emails, digitally sign, and integrates well into the Evolution mail client as well as Thunderbird.
• Seahorse - a light-weight Gnome frontend for GPG, makes managing keys much easier. Install the seahorse package from the Universe Repository.
• Nemesis - a command-line based packet injection utility. Requires a bit of reading the documentation to get full use from. To install nemesis install the nemesis package from the Universe Repository.
• Tcpdump - while its name suggests that it works for only TCP, tcpdump also supports UDP, BGP, NFS, and a lot of other packet types. It is a powerful network utility that should be in every admins toolbox, allowing you to pull in everything off the wire. In combination with ethereal it doesn't miss much. To install tcpdump install the tcpdump package.
• OpenSSH - OpenSSH almost singlehandedly stopped admins from using telnet, an insecure protocol. The OpenSSH client is installed by default. Generally you want to use SSH instead of telnet or rsh. In some situations, such as large number of clients, you might want to pursue other options, such as telnet with ssl. To install the ssh server install the openssh-server package.
• denyhosts (Ubuntu 6.10 and above only) - scans your SSH logs to find brute-force attacks, and then blocks the IPs they came from. To install denyhosts install the denyhosts package.

IPCop :: block facebook hhpd - altenative

from http://gateway.hacker.my/2011/02/blocking-https-facebook-using-ipcop/

As we know, Squid’s transparent proxy cannot filter https traffic, but we can block it using iptables. Here are some tricks how to block https traffic from Facebook using IPcop version 1.9.x.

The easiest way to block Facebook’s https traffic is by blocking its IP range. You don’t have to find the specific IP for Facebook to block it. As we know, Facebook has a lot of public IP addresses.

– SNIP

1. From the IPcop gui-menu, go to Firewall –> Addresses

2. Put Name, Address format (make sure you choose IP here), Address and Netmask.

3. Here is the tricky part. For the Address and Netmask, put these IP addresses.
 
69.63.176.0/255.255.240.0
66.220.144.0/255.255.240.0
204.15.20.0/255.255.240.0

4. From the whois information, you can see at least this range belongs to Facebook.com
 
bsd@genetics:~$ whois 204.15.20.0
#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 204.15.20.0"
#
# Use "?" to get help.
#
 
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=204.15.20.0?showDetails=true&showARIN=false
#
 
NetRange:       204.15.20.0 - 204.15.23.255
CIDR:           204.15.20.0/22
OriginAS:       AS32934
NetName:        TFBNET1
NetHandle:      NET-204-15-20-0-1
Parent:         NET-204-0-0-0-0
NetType:        Direct Assignment
NameServer:     NS5.FACEBOOK.COM
NameServer:     NS4.FACEBOOK.COM
NameServer:     NS3.FACEBOOK.COM
Comment:        Contact abuse@facebook.com with issues.
RegDate:        2005-08-08
Updated:        2010-07-08
Ref:            http://whois.arin.net/rest/net/NET-204-15-20-0-1
 
OrgName:        Facebook, Inc.
OrgId:          THEFA-3
Address:        1601 S. California Ave
City:           Palo Alto
StateProv:      CA
PostalCode:     94304
Country:        US
RegDate:        2004-08-11
Updated:        2010-04-09
Ref:            http://whois.arin.net/rest/org/THEFA-3
 
OrgTechHandle: OPERA82-ARIN
OrgTechName:   Operations
OrgTechPhone:  +1-650-543-4800
OrgTechEmail:  domain@facebook.com
OrgTechRef:    http://whois.arin.net/rest/poc/OPERA82-ARIN
 
RTechHandle: OPERA82-ARIN
RTechName:   Operations
RTechPhone:  +1-650-543-4800
RTechEmail:  domain@facebook.com
RTechRef:    http://whois.arin.net/rest/poc/OPERA82-ARIN
 
RAbuseHandle: OPERA82-ARIN
RAbuseName:   Operations
RAbusePhone:  +1-650-543-4800
RAbuseEmail:  domain@facebook.com
RAbuseRef:    http://whois.arin.net/rest/poc/OPERA82-ARIN
 
RNOCHandle: OPERA82-ARIN
RNOCName:   Operations
RNOCPhone:  +1-650-543-4800
RNOCEmail:  domain@facebook.com
RNOCRef:    http://whois.arin.net/rest/poc/OPERA82-ARIN
 
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
 
bsd@genetics:~$

5. Then proceed to Firewall –> Address Groups, create new Address Group Name (e.g Facebook), then select Custom Addresses inside that group.

6. Next, proceed to Firewall Rules –> Outgoing Traffic, then configure your firewall as below :
 
Default networks = Green Networks
Destination --> Address Groups -->Facebook
Tick Use Service --> Default Services --> https (443)
Additional --> Tick Rule enabled, Rule Action -->Drop, Remark -->Facebook https blocked
Click Save

7. Make sure these rules stay above any other rules.

8.  After this, point your browser at https://www.facebook.com. If you have understood and done things right, you should be unable to open https Facebook and get a timeout message.

proxy

Proxy :

Why do you Want to Hack School Computers ?

Before going to the actual matter related to the school computers first come to the point that why do you want to hack your school computers.I don’t know why? but I am giving you the common idea i.e what are the common goals that is directly or indirectly associated with the hacking of school compuetrs(I am trying to focus on some simple reasons you may have some special reasons).

Hence in general hacking school computer means

1. To gain administrative power to do some special task(That is not permitted to general user).

2. Students want to use social networking sites like MySpace,Facebook,Orkut..etc, whose access is blocked by default in most school computers.

3. They like to play online games, it may also comes against the school policy.

4. They may like to see pornographic videos or websites,and of course accessing these sites are banned by default.

5. Students also enjoy tempering with grades but administrative power as well as little research is required depending on the security policy of school.

6. In some schools accessing internet is totally banned for student account(Very bad!…unacceptable).

7. It may be obvious some times for us because we are humans and by nature we like to violate the rules.


Now it is little bit clear that why we want to hack our schools computers.Okay lets proceed to the next step –
1. Accessing blocked sites :

This is really very simple.What you have to do is just to use proxy servers.Using proxy server your computer will be connected to the proxy servers but you will be able to accessed blocked sites via proxy server , an intermediate server-computer that will do your work.Here is the list of some websites that will work as a proxy server for you.
Some websites that I had tested on my system and working fine :Just go the website and enter the website address in the url field.

http://www.gumm.org/

http://www.facebookproxy.net/

http://clickfacebook.com/

http://www.theproxyhub.com/

http://www.orkutproxy.info/

http://www.proxyfoxy.com/

Alternative Method : Get the IP address of the website i.e is blocked.Now try to connect using different form of IP address by typing in to your browser’s address bar.Type http and https interchangeably, sometimes it works.You can use the calculator(Click view scientific) to convert the number fr0m decimal to binary or decimal to hexadecimal.
e.g : http://ww.xxx.yy.zz  or https://ww.xxx.yy.zz

http://binary_equivalent

https://binary_equivalent

http://hexadecimal_equivalent

https://hexadecimal_equivalent

http://octal_equivalent

https://octal_equivalent

http://dword_value

This method will work if your school computers use DNS(Domain Name System) based protection.So if you can  edit the dns mapping files that stores on the system(may be in each computer or centrally managed by the administrator) and used by  browsers to look up the domain-IP table;then also you would be able to use blocked websites.
2. Hacking administrator account :

There are many methods to gain administrative power or to access or temper with all the important files on the system.To do this one of the simple method is to use a live cd or pendrive(It is simple.because what you have to do is to download the ISO file and burn it on a CD or you can make your pendrive bootable by following some simple steps) having any linux distribution installed(such as Ubuntu or linux Mint).

Switch on the computer and insert the live bootable cd into the tray.Now booting will be start fr0m live cd instead of hard drive(By default,in special cases press F2 or F10 or F8 to change the booting options so that computer will boot fr0m live cd or pendrive).Since the linux is able to mount all the major file systems format like NTFS,FAT16 or FAT32.Booting andloading will complete within two to five minutes.So after loading the linux into the computer’s RAM you will be able to mount and use or temper with the whole hard disc.Now you are done.Do whatever you want and after shutting down remove the cd fr0m the tray and the windows operating system will work as normal.(Assuming that you didn’t temper with the windows system file..Remember this point and be careful).

What will we do if the BIOS password is installed in the system : In general it is not the case but if it occurs then first try some default BIOS password.You can get the list of Default BIOS password on the internet after getting the name and version of the BIOS,that you will see at the time of booting.You can also try to reset the BIOS by opening the CPU case,Find the lithium Ion battery(having round shape like a silver coin).Now remove the battery and again put it in the same place after 60 seconds.
Some common passwords includes :
AMI  cmos  Biostar   BIOS  setup  password
Award  AWARD_SW  lkwpeter  AWARD_PW  AMI!SW1
j322 h6BB CONDO condo admin 589721
award_? 1322222 256256 ?award Compaq  last
AM AMI~ ascend  djonet  autocad  BIOSPASS
AMIPSWD  SZYX  zbaaaca  TzqF  t0ch20x

Alternative Method : In old versions of windows you can also use simple commands to gain administrative power at the login promopt.This can be simply done by editing the system files which stores the login information.Follow these steps :

1. At the time of booting press F8 a boot menu will come on the screen,choose DOS.

2. Now you can change your working directory by using cd command.

C:\ cd windows

3. Next,type the command to rename .pwl extensions which contains the login information.

C:\windows>ren *.pwl *.pqr

4. Now restart the computer in normal way and type anything in the password place(when the login promopt will appear)You hacked! and know enjoy the administrative power.(in this method the windows will take this password as actual).