This is my first post on ethical hacker network and I hope to become an active member of the communtiy, but please don't flame me if my question is "n00bish" I am still in the process of learning offensive security and could really use help here.

Basically I am trying to convince the administrators at my school to switch the wifi security protocol from WEP to WPA, however they are reluctant to do so and claim it does not need to be done. Even after demonstrating how the password can be stolen they seem to think it doesn't matter if some random person hacks into our network. I wan't to prove them wrong.

I noticed when running a basic IP scan that we have networked security camera's...hehehe *evil look* and I was thinking that a good way to give them a lasting impression would to be to demonstrate how a hacker could gain access to the school's security system on acount of a weak password to the Wifi. Here are the details:

I found the config page for the Dibos cameras at the local ip:
10.1.1.22
Navigating there in a browser gives me something that looks like this (note this is not the page but one I found on someone else's site)
http://209.3.146.51/
*It requires IE to view*

I also found that there was a DIBOS-[lotsofnumbersandletters] workgroup on the network but when trying to "explore" that workgroup it asked for a username and password, it did not work.

I have local admin access on *some* machines with the help of ophcrack, but they seem to not be able to find the workgroup and the 10.1.1.22 page is no different from an admin account

Also, our school keeps a "remote access" citrix client running from which I can run remote-desktop and get onto one of the few local machines that have RDP enabled, from there I can see the Dibos workgroup but cannot access it, however I am a weak user on these remote computers and can't even run Cain and Abel or extract the SAM files with pwdump.

Additionally, I suspect that the Network admin account password is the same as that for the Dibos, the issue is that I don't know how to get the Network admin account although like i previously mentioned I have local admin on a few machines.

Also, I have been using an anonymous e-mail address to communicate with the administration and would like to remain unknown for a while longer so that they don't just put all kinds of security on my user account or pay particular attention to me in the future, thus if it is possible to remain invisible that would also be ideal.

Finally, I understand that the information that you post here may be used for less noble purposes and if you would prefer to PM me your advice rather than post it here than please do so.

Thanks and I look forward to being part of The Ethical Hacker Network,
Javap22

Like Jason already said, this is definitely not the way to go.   You will only get yourself in trouble and your warnings will be ignored by the powers that be.   There are plenty of other ways to make your case.   There have numerous studies done on the insecurity of WEP.  A study done by a reputable security expert should be convincing enough.

If you want to practice ETHICAL hacking, I would recommend that you set up your own lab.

Everyone has given you the same excellent advice therefore I offer you an analogy to think about outside of security...

The door to your home is locked/protected by an ACME lock. Someone sends you an anonymous letter warning you about the lock. You as the owner have your reason for keeping an insecure lock on your door. Unbeknownst to anyone outside of your house, you rigged explosives (honeypot) to be triggered by the first fool who wants to get inside your home. Someone comes in: Game over.

There could be plenty of reasons why they have WEP over WPA running on the network. Perhaps they have legacy machines running that can't run WPA. Perhaps they have a NAC server the moment you get by the wireless router. For whatever reason they're choosing to run WEP, the concern is not yours it is theirs and any activities taken by you - you will learn to regret. No matter how logical or moral you think you are or will be, you are as stated breaking the law.

Ethical Hacker Network consists of professional security professionals and beginners wishing to get into the security field. If you want to learn "ethical" hacking then we would be more than happy to help you and give you directions. This is what Ketchup and Jason were trying to do. Getting yourself in jail while trying to break into your school to prove them wrong is not the wisest thing to do. If you want to hack into your school to demonstrate the lack of security then Jason and Ketchup have given nice suggestions and sil has raised some excellent points to talk to them.

Here at EH.Net you'll be given suggestions that are best for you and keep you out of prion. However, if you don't like someone helping you out then you can always go to the 13 yrs. old h4x0rs

If you keep on this path you won't need ethicalhacker.net or hackforums.bet, you will need legalhelp.net or publicdefender.net breaking into a computer network without permission is a felony in the unitedstates and illegal in nearly all others.