I take a Computer Engineering class in my highschool, and our awesome teacher has given us an awesome networking security project.

The goal is to hack into our classmate's computers and extract a file out of their "My Documents" folder, through a simple small network, using "any means necessary", aka: we have permission to use password hackers, firewall blockers, worms, viruses et era (as long as we dont break the hardware).

I would GREATLY appreciate advice and opinions on the best way to go about this intrusion and extraction, such as method and software recommendations.

bryslayz

p.s.
i am going to install COMODOS firewall on my computer to help evade my classmates, good idea bad idea? (i am also using avast AV, we arent allowed to use AVG)

Welcome to EH-Net. Hopefully coming here at such a young age will lead you down the ethical path in the future. That being said, your teacher has presented what seems like an isolated environment for you guys to have some fun.

A firewall on your system is a great first start. I don't know Comodo well, but there is someting called the Stealth Wizard. There are mixed results reported on their forum. But try to get some stealth, so that the other classmates won't even see you on the network during their scans of the network. Then try Nmap yourself to find your targets and other useful info. I'm not going to tell you how. That is your homework to do.

Next, are these machines configured identically? If so, use that to your advantage. Change your admin password, then use the old admin password on other machines. If your machine is running remote desktop, then so are the others. Deny RDP on your machine and login to theirs.

Without knowing OS version, apps on the machine, etc. I can't give too many specific recommendations. I can guess XP since their is a My Docs folder, but I don't know SP or patch level. Plus, I don't want to do your homework for you.

Try doing a little research on null sessions in Windows XP, fgdump and 0phcrack or Cain.

Kudos to your teacher. I'd like to meet him/her.

Let us know how it goes.

Don

yup, time to send a spoofed email as the teacher asking for their password.

learn nmap it is one of the best scanners out there to start you on your way

you can go simple too

do up a msfpayload executable tell them it is a MANDATORY system update for the lab network.

:-)