I was a student of 2014 batch in IIIT.
Even I haven't tracked how many hacks I made when I was a student. So, I will start from my First Semester.
1. In my first semester I along with one of my friend cracked 23 Facebook accounts in a span of 2 days. Well, we did not use keyloggers nor did we use the "remember password" technique.
2. I fiddled around with my college ERP and discovered its vulnerability to SQL injection and XSS. Apparently that ERP is used in many universities including one of the top IITs. I used to do SQL injection to get data of students of other colleges. But never used the data.
I reported few bugs to my college, they fixed a few.
3. In my second semester I hacked through my college router and changed its settings to get maximum speed.
4. During that router hack I found many private IPs of my college. One of them was the access to CCTV Camera and there was no password in it. Yes, it was open with the username as admin and a blank password. Well, it was really fun. One day I called up one of my junior and asked him to perform some act. Obviously I was following him on the CCTV. (It is really cool when you can see all the activities going on in your college just by sitting in your hostel room!)
5. I was on a hacking spree then and found vulnerabilities and defaced a few websites!
6. I managed to hack one of the scholarship portals of my state which gives scholarship of INR 10K to eligible BTech students. I had the admin access and I could add/modify/delete any data. With admin control I used to track the status of the application forms of my friends. This was in my 5th semester.
7. I made a script and cracked ERP access of many faculties including that of the library (I actually lost a book but managed to submit it through the ERP ;) ).
8. Due to ERP access I had access to change the marks, attendance, grades and notice board! Well I helped a few friends in their attendance and obviously I enjoyed the treat afterwards :D
9. I hacked through a few faculty firewall authentications and enjoyed the premium internet speed! :D
10. Next, State Education Board for 10th class. I hacked through their server and had access to the exam question papers. But I never used them. I drafted it on my thesis paper.
11. I also hacked the admin access of state's Bus Service website. I reported them immediately, but they were too lazy then. But now when I check it, it's fixed :)
12. Okay, this is quite big. On my crush's birthday I wished her by XSSing on NASA's sub-domain. Yes! It was NASA. ;) This (Page on nasa.gov) was the sub-domain where I wished her in 2012. :D
13. Again in 2012, one of the IITs conducted their techfest. The developer of the website is a facebook friend of mine. After they launched their website with registration and online events I managed to crack the root access. It was a simple SQL injection on the LAMP stack. Later, they came to know about this. As far as I remember, I have cracked 2 more techfest sites in regional technical colleges.
14. When I learnt PHP, I had an idea of making an interactive crush finder/matcher that helps people match with their crush anonymously. If there's a match from both ends then it would reveal the profiles. But I was way too lazy to complete this and after two years I found the same idea on an Indian website Page on wizters.com. Duh! I found vulnerability in their site. But they fixed it quickly after I reported it. I hope Wizters will go a long way :)
15. In my seventh semester one software company with good package came to our college for placement (This was the only company for which I was eligible to appear). I appeared for their exam on their exam portal. Well, I was disqualified in the first round itself. :P But after two days I reported to them that I found vulnerabilities in their exam portal. They appreciated my findings, but they never hired me :'(
No comments:
Post a Comment