Hacking School or Library & Public Computers to SURF to ANY Website

Wow this was old school.

Update May 2012-

I would have a bootable USB stick and run a pocket LINUX version today. Or if USB Boot is disabled in the BIOS then the Phone tether method also works with USB or wirelessly. Then you have no filters, blocks or issues. You can install anything and run it to access the network.

Now that everyone has phones with internet service is no big deal to get to your mail and webpage anymore.
It is cheaper to use WiFi calling or surfing than 3G or 4G services, so look for open or public WiFi and use your phone connected and preferenced to WiFi at home, work or mall etc.

Stuck at school? Setup your phone to VNC or RDC "remote" into your computer at home. Then just control from anywhere.

Grounded, cut off....awwww. Even game consoles can run LINUX. If you have anything with a CPU someone has unlocked it.

Description:

At school, in a library or mall and have access to a PC but cannot "surf" to any thing but their one site or a "filtered" subset of the internet?

Is Youtube blocked?

Is iTunes, Bittorrents or other sites blocked?

Can you not download or installed software?

Ok...we'll try to help you dorks out.

ERCK

Remove these ads by Signing Up

Step 1: Overview

Many types of 'blocks' are placed on schools and publics computers...however they have limited funds and can also be open to social engineering....

They have to block ALL exploits and all access to command line, process startup/control and downloads...plus keyboards, admin roles, powerusers or even USB ports and BIOS firmware!

if ANY of these are exploitable then we have means to attempt to access any system's internet access....or a cooler idea is to enable a PC's "ICS" Internet Connection Sharing, or peer-to-peer wireless 802.3 even Bluetooth and use your Bluetooth or WiFi phone, pda or itouch to then surf 'unobstructed' ! hehe

I'll provide follow-up steps for EACH below as time permits.

1) Simple browser filter or cheap software like netnanny etc.

We exploit this with a proxy or web redirector and kill -f process name or id

2) Advanced Network filter and site blocking

Many proxy or redirector will bypass these as well, where they do not we also use advanced proxy services like the Vidalia bundle , TOR, Prioxy & Vidalia

3) Keyboard disabled or missing

OH soooooo easy, Microsoft allows for "disabled" users with an on-screen keyboard! duh

4) Kiosk Mode IE

OMG even easier! ALT+f4 logs off IE and then start whatever you want as above or see below....

5) Starting and stopping processes, killing or modifying msconfig etc

helpful for custom downloads or setup of exploits above

6) Basket / Corner cases

tough nut? Post your isseus

You need to research the environment, use human engineering develop specific exploits and then go get 'em...

erckgillis (author) says: May 12, 2011. 6:19 AM

Hummm, think you know eh? Not so much young Jedi...hehehe

You only see what is front of you! Not the possibilities! Open your mind. Feel the power of the farce!

Ok enough Yoda channeling. Guys you must adapt, improvise and overcome. So you have a Mac or PC or proxies, firewalls and DMZ etc. Please ever heard of hacking?

Two ways -

1. Social engineering. My fave, get a keylogger (usb or software) install it then break or lock your machine. Admin comes to fix, captures ID and password. And then do as you wish.

2. Reboot any Mac (They have Intel chips... you can even dual boot Windows!) or PC to a Linux build from your USB. Try the new Unbuntu it has all the drivers,USB loader and all!

Then add your new OS any proxy, IP redirect or use Admin to open ports or proxy. Heck run your own proxy on a VM and give the address to anyone to bypass defaults, plug a portable hotspot or thethered 4G phone into network and access from anywhere to allow unlimited Net access over wifi or LAN via your new VM proxy on Linux!

Go padwan and explore...

Master ERCK

erckgillis (author) says: May 16, 2011. 9:28 AM

Ok, I recently re-read all these comments. The data is "mostly" ;) still true. What ever the reasons here in the US unlike the Chinese and Egyptians trying to block the Internet at home, work or school is not going to work for long.

The Internet is FULL of easy to follow well documented process and programs to find anything. Now most of us have 4G phones with tethering so you can use any computer to make or access your own network, Wi-Fi or high speed wireless.

It is a waste of money to filter, block and try to process ALL the network traffic sent thru even a medium sized school or businesses Internet traffic. They do this to protect themselves not to prevent you from access.

As always use this as a learning experience and be kind...

ERCK

M Lee says: Jan 30, 2013. 6:59 PM

I used to use a PHPproxy I was working on a similar project I'm a PHP developer.

Anyway proxies are alright but not very consistent plus they would usually get blocked by pro-active eventually.

Iuse highspeedVPN I'm usually on the move for work and I find that it works perfectly when I'm abroad. Check it out http://www.highspeedvpn.com/

Ravix84 says: Nov 4, 2012. 9:28 PM

***Only tested for Apple products. Does not seem to work for everything else***
My school gives away macs to students in year 9+ and specialist programs. We use the same internet as the rest of the school. My friend and I discovered this while playing around with proxies. Just go to your wifi settings/ network preferences. For mac, click on WiFi, advanced, then proxies.Then, for HTTP and HTTPS set the server to 10.1.81.11 and the port to 8080. For iOS software, go to WiFi, then click the blue/white arrow next to the connection name. Scroll down (I think) till you see proxies. Tap on manual. Put the same server name and port in.
I don't know if the server and port will be the same for every school, but for your sake I hope so. If anyone can get this working for anything that's not apple, please tell me so I can get it working on my phone.
P.S. It removes school blockades, but not government blocks, which means no Newgrounds.

greensharpiegirl says: Jun 5, 2009. 8:01 AM

wtf. everything is blocked no matter what i try, i can't even use the command prompt. what do i do?

octavian234 says: Jul 17, 2009. 11:42 PM

On notepad(You can acess notepad right?) type in command then save it as a Whatever_you_want.bat

ReCreate says: Jun 7, 2009. 11:25 AM

Go home, Download Linux, I reccomend Slax, Burn it to a CD, Take it to wherever it is and boot the computer with the CD in the drive

hotchick888 says: Dec 11, 2009. 9:49 AM

Yeah okay but how do i unblock the filter completey? i don't just want to unblock one site i wanna remove the whole thing.

erckgillis (author) says: Dec 28, 2009. 9:55 AM

You cannot...it is blocked at the proxy or via a dedicated SPAM/Keyword filter appliance.

Use the Linux or a VM for a browser and a public redirector for bypassing blocked keyword content...

Roby718 says: Dec 14, 2010. 9:27 PM

what if blocking is implemented post client?

OCPik4chu says: Oct 16, 2012. 2:45 PM

How do you know? Easiest way to stop client side blocking is find and disable whatever is doing it. But given there are hundreds of ways of doing both, will need to know more to actually help, lol

skindowg says: May 6, 2011. 5:30 AM

how do u get past schoolblocks on the net when all of the proxy sites ar eblocked? ive tried everything i have windows 7 so i cant do anything when it has a block

OCPik4chu says: Oct 16, 2012. 2:38 PM

Setup a proxy at your house, connect through that.

jinkz4ie says: May 14, 2012. 3:35 PM

is there ways too get on facebook and check your mail even though the school as it block

erckgillis (author) says: May 15, 2012. 7:01 AM

yes.

What did you try? You typed it in, it didn't work and so you gave up?

Can you install and download software on the machine? If so you can do anything. If you lack Windows Admin or OS X root then you must use url redirectors or proxy servers.

The eaiest these days is a cell phone in teather mode. You can teather your 4G wireless to the PC via USB, Bluetooth or WiFi. Just setup phone teathering or download a App for your Mobile OS and then connect via USB or WiFi. Surf away.

If these are blocked then read steps above and find the opening. What CAN you do on that machine. I had a library PC that had no keyboard, browser was locked in Kiosk mode. No problem... there is a onscreen keyboard, I just killed the process and started IE.

darthbindy says: Feb 6, 2012. 8:03 PM

just to let you know, dork means wale-penis!

the hellphantom says: Oct 1, 2011. 3:56 PM

i know a better one but its to complicated for you guys

erckgillis (author) says: Oct 7, 2011. 2:55 PM

Oh, goods caus' we'vs uh don't need none dat complicated stuff 'round 'bots har!

jedi_knight says: May 10, 2011. 9:54 PM

HAHAHAHA! these are all great ideas for normal schools until you come across my school... Lets just say i Mac computers are the most unfriendly devices to circumvent school security! These things are so locked down i cant even access basic things like the contact book and garbage band. Then once you get to the Internet on these computers you realize that all web traffic is being directed through a HTTP web server that is designed to scan through all incoming web traffic for suspicious content....

jbravo4 says: Sep 13, 2011. 3:21 PM

Check to see if port 22(SSH) is blocked then use your home sys as a proxy.

fdelgado1 says: May 20, 2008. 9:49 AM

This is a little complex for me can you message me a way that is a little easier there blocking everything with lightspeed filtering.

erckgillis (author) says: May 20, 2008. 3:38 PM

yeah sure ... On the way noob!

ddodd says: Jun 10, 2009. 9:04 PM

an easier way to get the i.p adress is to open notepad and type @echo off go down a line, and type "ping www.whatever is the webpage.com then! go down a line and type pause!! then save as whatever.bat!! when you open the batch file it should give you the I.P address, it will look like this \/ @echo off ping www.youtube.com pause there you go!

Ccraig7860 says: Mar 15, 2010. 12:43 PM

What if the computer is a Mac Osx 9?????

Roby718 says: Dec 14, 2010. 9:35 PM

make a pl file containing this:

ping *DOMAIN*

GameNox says: May 27, 2011. 11:58 PM

But what if it blocks batch?

jj3502 says: Jun 23, 2009. 6:44 PM

my school blocks ip's

Tv1996 says: Jul 10, 2009. 11:41 AM

Go to Run then type in cmd. type in: net user /add 9000 password log off sign in under 9000 and for the password put password change the domain to this computer log in and enjoy

jj3502 says: Jul 12, 2009. 11:40 PM

the school blocks run and cmd :(

toogers says: Oct 23, 2009. 5:22 PM

at home, burn a cd with a .bat file on it (doesn't matter what it does- it could be blank even.) then, go to school, put cd in computer, and click on the .bat file you made at home. it should open the command prompt, to launch the script you made. then, put in one of the above .bat scripts on this list, and waalaa.

garychencool says: Jul 11, 2009. 1:25 PM

What is you cannot access cmd.exe???

Roby718 says: Dec 14, 2010. 9:25 PM

CMD.exe is simply a link to command.com (Pro Tip: .COM(MAND) files are the same as EXE files and originate from pre-internet DOS days) blocking command.com is dangerous (assumingly) and therefore admins don't block it, thinking "thos darn kids" are too modern to know about command.com anyways.

GameNox says: May 27, 2011. 11:49 PM

What about baracuda?

sushiman says: Jan 19, 2011. 8:35 AM

Thank you sooooooooo much I love going on newgrounds at school!!!

erckgillis (author) says: Feb 7, 2008. 6:08 PM

Want a EASY HACK!... Use your cell phone with a cellular data cable then use it's CDMA, EDGE or GSM network for the PC at work or school. Else you can get a dedicated cellular data card via USB and plug into any PC and access you cell network... Browse away... E

ubr.bzkr says: Oct 20, 2008. 10:16 AM

wow thats a good idea I never thought of that before. in scouts I have an advisor that could help me with that, cause he uses one to do his job which is managing data bases for medical supplies and prescription transactions.

IPWN4JC says: Jan 4, 2011. 7:23 AM

your lucky to have friends in high places.

Ibanezfoo says: Feb 7, 2008. 2:33 PM

Well, good luck with your burger flipping jobs with no internet access when your HR department calls you in for violating company policy, or your school kicks you out for violating school policy. You kids should also realize, it doesn't matter what proxies or little tricks you use, the firewalls usually log all origination and destination traffic... so while you think you are slick using a proxy, the firewall still shows your local address connecting to the proxy (violation) and usually there are some pop ups or something that you didn't count on logged as well (violation). The filters we use appear to be easy to defeat.... until we print up a log and staple it to their pink slip and give it to them before security escorts them out of the building. The look on their faces is priceless. You all should really have a good look at your school / jobs internet policy. Some things will even land you in civil court or even jail.

Roby718 says: Dec 14, 2010. 9:45 PM

not if you obfuscate request and proxify them, hey wont even bother tracing it.

NozeDive says: Aug 13, 2008. 1:05 PM

I spent my entire high school career browsing the forbidden websites at school. Now I am the assistant director of security for a medium sized building complex that houses offices and businesses, ranging in size from a one man sized operation to a multi-billion dollar international energy generating/transmitting corporation. So yeah, it doesn't mean you won't get a real job. And it doesn't mean you can't make it into college, or that you won't learn anything while in high school, as the previous poster insinuated. (I scored in the top three percentile in the county on my ACT, and am a student at Kent State University) I agree that it is riskier doing this at your place of work, which is why I don't. And while I attend college classes, I don't have to worry about this because Kent State does not block websites. Downloading an MP3 or reading about paintballing or video games while in class isn't a guarantee that you'll end up at "burger flipping jobs". If you "kids" get good at this kind of thing (complex problem solving) then you'll probably end up with a very lucrative career. I think this Ibanezfoo is just bitter that he couldn't figure out a way to get around security without getting caught, or is too old to have any idea what it's like to be a high school student with access to only a heavily censored internet. (I'm not going to explain what's that's like. If you're too old to understand, you're too old to understand. Maybe ask the Chinese) »Tøny P.S. Just remember that "tricking" a computer system isn't always enough. Use social engineering whenever possible. Good luck "kids".