This time i write NOT about review about game or something else.
Well before you reading this please read note below.
THIS POST ONLY FOR EDUCATION PURPOSE ONLY
I DON'T TAKE ANY RESPONSIBILITY FOR ANY DAMAGE CAUSED BY THIS TUTORIAL OR MY READER
Alright its began when first time i heard my school is gonna make a computer based exam, so yeah i try to take this opportunity to test my skill in hacking and computer.
First Week ( 3 - 8 October )
i got exam on the last weeks (Saturday around 3-4 PM)
before i go exam, i do some research first. i heard the system uses WLAN which means its advantage for me to hack. i check the amount of AP is 10 (1-9 + 1 Backup). i realize they use a different Routers (mostly are TP-Link), at the first time i see they enable WPS, so whats wrong if i try to use Dumpper . it was fail, so i got no choice to use the laptop inside and see the password. Plan b, i use flashdisk to do it, autorun, and execute my script. and the worst of this plan, i have to launch it from explorer, of course it would take time to do it while people say you always being monitored, and the command console of course would appear on the screen and it may cause being spotted. but i also heard they didn't monitor everyone 100%. so i abort plan B and go for plan C, use Network and sharing center (check it here how to do it). Plan C work perfect without being caught.
Second Exam ( 11 October )
1 day before it,(at 10 October) its announced they change the schedule, i got Tuesday which it was mean tomorrow, i didn't prepare anything yet, and i got the schedule paper which on Saturday (15 October) is my next exam so i skip this day and keep doing small recon.
Third Exam ( 15 October )
At the first time i open the server i'm quite surprised they didn't update the XAMPP.
Its XAMPP 1.7.2 which it was the first time i use XAMPP and its more than 5 years, the exact is 10 August 2009. this is the really advantages i got to hack them, The version each service is Apache (2.2.12), MySQL (5.1.37), PHP (5.3.0), phpMyAdmin (3.2.0.1). i do some research to find the most weak point, and i got XAMPP 1.7.3 Exploit tutorial (read it here), i save the page for the next attack. Monday.
Fourth Exam. Finale ( 17 October )
I got the first session, this one really advantage again. at the first attempt i use virtual box it was fail, the backdoor didn't work correctly, so i guess it was about the adapter problem. so i use my phone and make it bootable by write my kali iso into my SD card. and fire it up !, at the first attempt, they didn't boot the server yet, so i have to wait. And then i start to exploit, it was working. session 1 opened and i don't know what happened the session closed by itself. after i checked out the server have a trouble which had a couple timeout and down couple times.
Well before you reading this please read note below.
THIS POST ONLY FOR EDUCATION PURPOSE ONLY
I DON'T TAKE ANY RESPONSIBILITY FOR ANY DAMAGE CAUSED BY THIS TUTORIAL OR MY READER
Alright its began when first time i heard my school is gonna make a computer based exam, so yeah i try to take this opportunity to test my skill in hacking and computer.
First Week ( 3 - 8 October )
i got exam on the last weeks (Saturday around 3-4 PM)
before i go exam, i do some research first. i heard the system uses WLAN which means its advantage for me to hack. i check the amount of AP is 10 (1-9 + 1 Backup). i realize they use a different Routers (mostly are TP-Link), at the first time i see they enable WPS, so whats wrong if i try to use Dumpper . it was fail, so i got no choice to use the laptop inside and see the password. Plan b, i use flashdisk to do it, autorun, and execute my script. and the worst of this plan, i have to launch it from explorer, of course it would take time to do it while people say you always being monitored, and the command console of course would appear on the screen and it may cause being spotted. but i also heard they didn't monitor everyone 100%. so i abort plan B and go for plan C, use Network and sharing center (check it here how to do it). Plan C work perfect without being caught.
Second Exam ( 11 October )
1 day before it,(at 10 October) its announced they change the schedule, i got Tuesday which it was mean tomorrow, i didn't prepare anything yet, and i got the schedule paper which on Saturday (15 October) is my next exam so i skip this day and keep doing small recon.
Third Exam ( 15 October )
At the first time i open the server i'm quite surprised they didn't update the XAMPP.
Fourth Exam. Finale ( 17 October )
I got the first session, this one really advantage again. at the first attempt i use virtual box it was fail, the backdoor didn't work correctly, so i guess it was about the adapter problem. so i use my phone and make it bootable by write my kali iso into my SD card. and fire it up !, at the first attempt, they didn't boot the server yet, so i have to wait. And then i start to exploit, it was working. session 1 opened and i don't know what happened the session closed by itself. after i checked out the server have a trouble which had a couple timeout and down couple times.
and then, i have to exam japan and science demn. i thought there are no problem inside, my thought wrong. several computer had a trouble which cannot connect to server. this happened to me too, i solve it by disconnect and reconnecting the WiFi. then i try for again to exploit, and yeah its worked after i spammed the exploit (around 20 times), and session keep open and closed couple times. this time its worked, it doesn't closed anymore, at this point i was really confuse what should i do. Maybe i could edit the Index.php and connect it to my BeeF ? its possible, or even delete whole data ? i was decided to open another backdoor (make new backdoor with SET and then execute it) it was failed. so i'm decided to leave it.
Conclusion
the hacking done today, i stole nothing. i use it just to test my knowledge and my skills. no changes made. for proof, i leave some footsteps in XAMPP folder there a useless backdoor i've made with SET (payload.exe), and PHP backdoor (its on WebDAV folder). and i don't want any reward i just testing my skill, and if they gave me of course i accept it HUEHUEHUE