This is my first post on ethical hacker network and I hope to become an active member of the communtiy, but please don't flame me if my question is "n00bish" I am still in the process of learning offensive security and could really use help here.
Basically I am trying to convince the administrators at my school to switch the wifi security protocol from WEP to WPA, however they are reluctant to do so and claim it does not need to be done. Even after demonstrating how the password can be stolen they seem to think it doesn't matter if some random person hacks into our network. I wan't to prove them wrong.
I noticed when running a basic IP scan that we have networked security camera's...hehehe *evil look* and I was thinking that a good way to give them a lasting impression would to be to demonstrate how a hacker could gain access to the school's security system on acount of a weak password to the Wifi. Here are the details:
I found the config page for the Dibos cameras at the local ip:
Navigating there in a browser gives me something that looks like this (note this is not the page but one I found on someone else's site)http://126.96.36.199/
*It requires IE to view*
I also found that there was a DIBOS-[lotsofnumbersandletters] workgroup on the network but when trying to "explore" that workgroup it asked for a username and password, it did not work.
I have local admin access on *some* machines with the help of ophcrack, but they seem to not be able to find the workgroup and the 10.1.1.22 page is no different from an admin account
Also, our school keeps a "remote access" citrix client running from which I can run remote-desktop and get onto one of the few local machines that have RDP enabled, from there I can see the Dibos workgroup but cannot access it, however I am a weak user on these remote computers and can't even run Cain and Abel or extract the SAM files with pwdump.
Additionally, I suspect that the Network admin account password is the same as that for the Dibos, the issue is that I don't know how to get the Network admin account although like i previously mentioned I have local admin on a few machines.
Also, I have been using an anonymous e-mail address to communicate with the administration and would like to remain unknown for a while longer so that they don't just put all kinds of security on my user account or pay particular attention to me in the future, thus if it is possible to remain invisible that would also be ideal.
Finally, I understand that the information that you post here may be used for less noble purposes and if you would prefer to PM me your advice rather than post it here than please do so.
Thanks and I look forward to being part of The Ethical Hacker Network,