University events: How do hackers have to pass the exam?

This article is for entertainment only and prohibits any illegal behavior.

How should students take exams? To solve this problem, many people first want to intrude into the educational administration system and then tamper with their scores. However, I personally despise any behavior that can be exploited to modify data. However, it is not very difficult for you to use system vulnerabilities such as Zhengfang and qingguo.

The best way to pass the exam is to get the exam exams and answers. If you want to get the exam, you have to familiarize yourself with the exam and look for ideas for intercepting the exam. The general university exam process is:

The substitute teachers issue questions and send the questions to the teaching secretary of the school. (The teaching secretary has a full-school exam in his computer or mailbox. This is the so-called question bank) the teaching secretary sends the examination papers to the examination service again. The examination papers are distributed.

In this process, the teaching secretary is the most critical because he has mastered all the papers of the school. Therefore, winning the teaching secretary is the key to your passing the test.

To win the teaching secretary, you need his basic information first. Name, email, employee ID, phone number, office location, frequently used Internet ip address, qq, frequently used password, etc. You don't even need so many email boxes. Because the exam is usually sent by email.

Obtain basic personal information: Intrusion into the faculty and personnel system, which is generally good at intrusion, with a slight approach.

Obtain common ip addresses and office locations: If you send an email to an ip address, you can get it (the img Tag contains a probe image). You can find it at your office location.

Frequently Used password acquisition: There are various systems in the school. It is easy to find a database. It is not difficult to get a password database. It is best to use the library of the billing system. The password quality in this library is better. The passwords of other systems are usually weak passwords, so it is not useful to win.

The above information is not necessary, but can improve the success rate. After obtaining this information, you can create an intrusion plan.

Method 1:Trojan attack-DNS Spoofing and email Trojan. The method for controlling others' computers is too large and will see things that should not be seen and do not advocate intrusion into personal computers.

Method 2:Email account attacks-arp sniffing, cross-site cookie Theft using email addresses, and credential stuffing.

An error occurred while logging on to the teaching secretary's email address using the previous billing, personnel system, and educational administration system passwords. Mailbox cross-site cookie Theft is also fruitless. It is time-consuming and time-consuming to try brute-force cracking.

So I had to use arp sniffing. There are two methods for arp sniffing:

1. Go to the office area of the teaching secretary for sniffing.

2. Perform sniffing in the mailbox server CIDR block.

The former requires you to run back and forth with your notebook. So I directly found a web server in the mailbox server's CIDR Block and got 3389, hung the cain, and sent an email (holiday card or something) to the Teaching Secretary by the way ), then I sent him a qq message reminding him to check his email. The mailbox password will be ready soon. Of course, you don't need to send emails if you don't have to worry about getting the password.

Login Email:

OK, the goal is achieved, and you don't have to worry about the exam any more in the future. The pace of the exam is quite impressive.

Finally, I sent a warm reminder from the hacker's brother: Be sure to be a teenager who does not modify data or spread the exam.