DEF CON 30 - Minh Duong - The Big Rick - How I Rickrolled My High School District, Got Away With It
Ғылым және технология
What happens when you have networked projectors, misconfigured devices, and a bored high school student looking for the perfect senior prank? You get a massive rickroll spanning six high schools and over 11,000 students at one of the largest school districts in suburban Chicago.
This talk will go over the coordination required to execute a hack of this scale and the logistics of commanding a botnet of IoT systems. It will also describe the operational security measures taken so that you can evade detection, avoid punishment, and successfully walk at graduation.
Пікірлер: 134
That wasn't script kiddie stuff, it was, at the very least, script teenager stuff
@mattnsac
Жыл бұрын
Just the amount of OSINT they did to find default creds elevates to script big doggo. There are professionals that would miss scouring the user manuals to find default creds.
@konkeydonged
Жыл бұрын
@@mattnsac Shapes finding/using Control1 was very clever/wise; he deserved to see his wish fulfilled for that.
@WackoMcGoose
Жыл бұрын
Agreed, this is solid Red Team portfolio work here. Combined with due dilligence to document the _how_ of the stunt to prevent it happening again, this kid's going places.
@Max-zr7hr
7 ай бұрын
Meow
"It's just script kiddie stuff" "By the way we found a privilege escalation vulnerability with a mitre CVE number" "Also we wrote a 26 page pentest report" Incredible
I love how the audience is like a mass of proud parents cheering on the next generation. This talk is exactly why I fell in love with hacker culture.
@OmnoWombo
Жыл бұрын
best part about it
@Aaron-zu3xn
Жыл бұрын
kid may have uncovered a major scandal any teacher downloading cp can control a student's pc and it can't be traced
As fun as the technical stuff is I feel the real amazing thing is a school showing good pedagogical skills and humor in responding to youthful hijinks that didn't hurt anyone. The technical hack is great (congrats) but the more important message is the appropriate way for educators to respond.
@antonliakhovitch8306
Жыл бұрын
Absolutely. I know my high school would've pursued me to the grave to make sure I didn't get a job or degree.
@WackoMcGoose
Жыл бұрын
@@antonliakhovitch8306 At least they would've let you live to tell the tale, some high schools I've heard of on the news would literally _disappear_ a student (and their family if they wouldn't accept hush money) that tried to pull a stunt like this.
Dude pulled an amazing senior prank that even can help his career. What a legend.
@NithinJune
Жыл бұрын
If he did it like a year earlier he coulda written about it on his college app rip
@JeremyAndersonBoise
8 ай бұрын
You’re hired, Minh
This sure ain't script kiddie stuff. This shows talent and is a harmless but high-quality hack with proper research and documentation, clever (despite some being somewhat simple) security circumventions as well as a great sense of humor. Not all hacks needs to involve brutally intense reverse engineering and/or physical hardware hacks. Well done and great talk!
you can tell he's terrified in the talk. well done, i definitely wouldnt have been able to do a talk like that
@konkeydonged
Жыл бұрын
Most exceptionally intelligent people cannot, especially if they're spending all day every day on computers.
@eeurr1306
Жыл бұрын
@@konkeydonged It took me alot of years to be confident in public speaking
The part that got me was when they used Among Us colors to refer to each other in the meeting. I can only imagine these kids saying white sus while planning these. So good.
As soon as he said lanschool I couldn’t stop laughing. Around 2008 I was learning IT at school. The IT department put lanschool on every pc over Xmas break. I didn’t like being spied on so I tried to remove it from the pc I was using, I found out u can only remove it with the installer. Lucky a little googling later I found a copy on rapidshare. Sadly, without domain admin I couldn’t run the installer. Oh did I mention I was studying IT😂. Yeah we had VMware on all the pcs, so I could just spin up a vm with xp and install it on there as the teacher. A small regedit later and I was no longer locked down to viewing one classroom. 😂 ah fun times.
Ballsy move. I got suspended from high school for demonstrating the lack of a bios password in one of the mac labs and providing instructions on how to add one. Ended up getting kicked out of graphic design, but they let me stay in CCNA for some reason. Good to hear there are at least some sensible IT departments out there.
@jfbeam
Жыл бұрын
While I agree they over reacted, they have a legit gripe... what were you doing to even notice the lack of a BIOS password? Are you going to wander through an apartment complex trying every door, and yelling "you should keep this door locked!" into every one that opens? (don't try it. that's "criminal mischief")
@th0m
Жыл бұрын
@@jfbeam oh wow I left some serious details out of that comment.. Basically I finished all my assignments for the graphic design class I was in, and noticed the computers had a tony hawk game installed but our user accounts did not have the permissions to open it. So I added a *local* admin user to the computer by using singleusermode and ran the game. At the time, all it took to add an admin user was to remove an empty text file indicating first time setup had been finished. Mentioned the vulnerability to an upperclassmen friend in my ccna course who did some work for the school on the side and passed the details on how to implement the password through him. When going to implement the password I guess things got out of his hands and the administration came down on me for gaining admin access to the school's network (which I did not have nor did I intend to pursue). There was no policy strictly against local admin permissions nor any others that really applied. It just took so long to fill the prereqs to get into that class that by the time I was admitted, I had already taught myself the adobe suite - and flew through the assignments. So I tried to use the resources given to me rather than sit idly at a desk for another few months. Not by any means saying what I did was right. Just pretty annoying that in the end they stuck me with something way worse than I actually did, and that I could never get clarification on my single day suspension - my assigned day ended up being a snow day, and I had no idea what to do nor could anyone advise me on what to do about that lol
@NithinJune
Жыл бұрын
I wonder why they let you stay in CCNA 🙄🙄
@clarkkent1473
Жыл бұрын
oof
@xXBeefyDjXx
Жыл бұрын
Agreed, I almost got kicked out of school for demonstrating that not only did the "lanschool" type software not work properly enabling easy bypasses, but USB Boot and no BIOS passwords meant super easy bypasses and more shockingly, a lot of the networked storage and other services had default or NO passwords enabled and some had sensitive data on it! The IT Director blacklisted me from their related training certification classes and even their internships when I did graduate, they told me to sling one when I applied there for a job years later, so clearly remembered me and didn't want me anywhere near them or the networks they were employed to keep secure.
I hear a bunch of grown ups hearing a hackers wet dream and giggling kicking their feet
Watching the news and social media, it's very easy to be really worried about the way the world is going. but, every so often you see a yongling like this guy and you are reminded that every subsequent generation is learning from those before it. I think the zoomers are gonna do alright.
glad to see young blood with ethics in the field
Props to Def Con for making these videos possible
The real crime wasn't hacking, but continual and repeated use of comic sans
Lmao @ " Good Morning Big Rick Engineers" 😂 🤣
My man really using Comic Sans
In the 90's we did a similar thing using a remote host program called Master and Minion. The whole school district was networked together, so we could print stuff on other schools printers, like NSFW ascii art. One kid got caught because he was bragging to some other students about printing stuff at a rival school and he got suspended.
That was great! 🤣🤣 Much better than many security professionals and much better opsec than many APTs! Well done!
I do remember seeing many videos about this online! Big laugh, great talk! And yes, it is very important to have a curious-friendly IT room for Kids to immerse in it.
the longer I listen to this, the more I am amazed at the incompetence of this IT dept. wow... just freaking wow... Such bad security... Please tell me you expalined to them how you did all this for them to patch and they can secure their stuff. They are wide open to any kind of attach and a full ransomware lockdown to the down the entire district...
@intrudah
Жыл бұрын
I've found it's less incompetence most of the time and more unwillingness. Often times people in the IT crowd overestimate their abilities because most people have no clue how computers work. And if they're already good enough, why get better?
I'd been saving this for a rainy day. Immediately cheered me up. The kids are alright.
Such a cool kid! Way more ethical than I was too!
@Matt-hc1fi
Жыл бұрын
Same here. Not many have these experiences, I had a worse experience but graduated.
Rolling meadow. A place with a name like that was asking to get Rick Rolled.
18:30 "well throughout and through" makes my head hurt.
@ActionScripter
6 ай бұрын
It seems their security practices are similar to their proofreading practices.
This kid has a future in IT security!
My high school had PowerPoint presentations running all day on the classroom TVs, which were run from a computer in the library's back room. I found a way to privilege escalate an account and access where those files were stored on a network drive, and made some... creative but harmless edits. Guess they didn't think it was as funny. Instead of a DEFCON talk I got suspended for a couple weeks and banned from touching any district computers.
from there we see a lot of techniques used in the presentation where the neglect of security by some schools is very large, almost all of them leave the password as default.
This guy is an instant legend
best defcon video, pure skill, wholesome content, i love this.
This was a red team engagement
Nicely done! And the best part is they didn't get all mad about it and really listened.
Better than D211's "prank" which was an email with goatsee sent to everyone lol
Holy crap, you exploited some serious security concerns here! Your district really needs to lock down their ports/firewalls/network/access/etc... basicly wide open. How are they not under a ransomware attack right now?!?!? holy crap this is insane. And the Lanschool keystroke logging all students/teachers, that is a massive privacy issue!!!! I work for a fortune 500 financial firm and own the entire PAM service stack and securing of all privilege accounts/systems. We ONLY keylog when a user is going through an encrypted session with a prodction server using a privilaged account. And there are notices telling the user this that while in the PAM session, they are fully being recorded and keystroke logged. just to do this on all students, just because? That is wrong...
@Axodus
Жыл бұрын
Yeah, what if they log into personal accounts such as E-mail and Google?? That's an easy jump-off point to obtaining access to every account that person has for most people, complete lack of security with no care to the ramifications.
@hazyproduct1692
Жыл бұрын
programs like lanschool are very popular in schools. especially GoGuardian. You think they care about privacy? I've seen teachers remotely controlling computers that are in use and laughing about it.
This is beyond awesome! I’m more than impressed that you even did a full report! Congrats, nice Rick roll😉
that was awesome . nice work and awesome talk .
I remember watching those videos of the hack. Good talk on the subject, well done
Love it, this was really entertaining, great job!
Haha, I heard about this from someone who works for the manufacturer of EPIC. WHY MAKE THE PASSWORD PASSWORD!?
This was probably one of the best talks ever.
I do not often give a thumb to a video, but this fine member of the community deserves more than one 👍from each of us. Well done.
Yes. This sparks joy.
I once got a stern talking to by my computer teacher for after several rounds of him disabling my ability to use the browser to listen to music with increasing difficulty and me figuring out how to re-enable it. To his credit, once he knew why I was doing it, he whitelisted Pandora for me. I hated the screen freeze "feature" though. Ours was a program called SynchronEyes.
This made me tear up a little.
Im so jealous of this upcoming generation who get to have programming or comp sci classes...
If you build a flat network your going to have a bad time mkaaay
Their password is "password" how creative 😂😂🤣🤣
This is such a good talk.
DEF CON: The Next Generation
What a great talk!
So good. I have faith in the future.
Great talk.
8:19 Genetec Security Center 14:28 in my district it is a bit easier to do this if you are at the school itself. We have been slowly transitioning from Rauland Telecenter ICS systems to U systems. Now, idk where they put the servers for the TCUs, but i do know what the host name of the main IIS server that controls them is. Now here is the fun part. They evidently decided to put a trunk between the CUCM and the TCU. Now when they did that, they didnt include any class of service distinctions. So that means any classroom phone can dial the rauland paging code, and then the CUCM contacts the TCU, and then you are paging live. And then, you could transfer, conference, park, or just put the call on hold, and the CUCM would put the hold music on the connection. That also means that you can transfer the call away, and from there the possibilities are endless.
@intrudah
Жыл бұрын
Now imagine (and definitely just imagine!) putting everyone on hold to Eduard Khil and calmly announcing to them that they've moved back one place in line every minute. уσυ αяє иσ. 5 ιи ℓιиє. α яєρяєѕєитαтινє ωιℓℓ ѕρєαк тσ уσυ ѕнσятℓу,
Something we have all wanted to do! Legendary kid
Oh LANschool... we had fun times abusing that back in the day... sounds like it hasn't evolved much 😂
Fantastic!
i remember reading about this after it went down! there was a similar hack that happened at my university where someone took control of all projectors on the school's intranet and made them play some video. the kid that did it eventually came forward to claim credit, was expelled, and then google hired him. not sure what happened to him after that lol.
You can't hack into technology that your school is too broke to have 🤣🤣
Absolute legend
Nice one!
What a boy. Love this.
wow, the district security dept is horrible... allowing the install of the chrome RDP to begin with!?!? wow...
What a legend
Right on!
Gosh dang fantastic
The white hats we needed!
What a legend👍
Just started and 30 sec; I'm to tech wizard by any measure, but that QR code must go to the Rick Astley song. Not going to check!
@error.418
Жыл бұрын
you can read a QR code without running it. it's not a rick roll, it's a link to a video showing the prank and teachers/students reacting to it.
@konkeydonged
Жыл бұрын
@@error.418 I want to believe you. However, what you said is potentially a clever way of social engineering me to scan the QR code (assuring me it's safe and getting me to believe that you're teaching/helping me...only to try and get me rick-rolled. ;)) I'm not at all tech savvy but my trust level is nil. I refuse to take any chance in being rick-rolled here.
@error.418
Жыл бұрын
@@konkeydonged you need a QR code scanner that you know doesn't just automatically visit a thing. test it on known safe stuff. then read this QR code and you'll see the KZread short URL come up. You can then Google the ID in the URL which will give you search results showing that what it leads to without visiting it. You can do all this yourself with zero trust.
@konkeydonged
Жыл бұрын
@@error.418 "You can do all this yourself with zero trust" In theory one could...but I can't. XD Respect if you aren't trolling, but this *is* a comment section about DefCon and rick-rolling...
I remember hacking my highschool. Good times good times. This looks so much funner. We still had 10 base t when i was that afe
HELLL YEAH DUDE
This is SO RAD!
he didnt condone rickrolling BUT he didnt say anything about ringing the dinkster
What a mad lad
That was a amazing prank
Art... get it
Legend
Oh this kid! Neat!
Is wholesome hacking a thing? Because this is it. 😉
Good cowd! :)
Lol grand theft auto... I already know how to do this
As a AV guy who works on Epic, Front Row, and Voica I approve. Our schools at least know better than to use the fucking pws from the manual lol. Some of that probably was on Audio Enhancements though as they tend to be hands on when setting up their Epic Systems. Now they know better.
The phrase "Security holes" is woefully insufficient for the IT systems at that District - more like a Grand Canyon sized chasm! Hopefully the administration server (timetables, assessments, staff and student contact details etc) had at least a modicum of security and regular backups to external media, otherwise someone with malicious intent could have wreaked havoc; and the District have now improved the security of *EVERYTHING* connecting to their network...
14:00 this is hilarious 😂😂😂😂😂😂
👏👏👏👍
yeah XD. Awesome
SHOOOOT!!!
❤
Bruuuuh, i was about to do that
haha great!
If thats script kiddie stuff why do I have a job :D
I would’ve done this by now if our school actually had a proper network, right now I can only hack into the TVs one at a time with permission.
D214 ❤
13:55 OMFG
Yeah I hacked the school security cameras at my school and wrote up documentation for how to fix everything just for fun. I didn't even screw around with anything. Turns out some moron other student saw what I was doing and stole *my* access, before screwing up all the cameras, setting all of their hostnames to slurs, and leaving all of their connections and logs out in the open. When I saw these log files, I just downloaded them and, a week later, when IT finally noticed and they called me in, I handed them over to the administration on a flash drive. They threatened me with expulsion and criminal charges, so I just gave them all of my documentation, log files, etc on that drive. I can't believe they actually trusted that I put the files all on there. I should've given them my BadUSB and taken everything hahaha
*rockrolls the comments*
That's fucking ghost host
Lol smb
incel
i stopped giving them hints, tips and tricks, and have just begun scanning networks as soon as i access them. every time i give them a hint on how to secure something i found, i would just receive back a "thanks, we will look into this as soon as possible" and nothing would happen. i even exploited some stuff once to get them to see that it was an issue, and still no response, other than locking the user i was logged in as out of the network(had been sick for a month straight, so i doubted he would come back anyway, and he used a macbook, so not a real nerd anyway) now i just passively gather what i can, see what i can do with it, and just have fun from time to time, slowly turning more and more grey hat since nothing is done with the info they are given. i even had access to a payment system at one time, and changed all prices in the machines to around 5 cents instead of the couple dollars each item cost, and made all known barcodes read as 2 cents(since some items had a barcode, and there was a list of barcodes for food) and even then, they did not lock the entryway(despite being told EXACTLY what i did to gain access) or even punish anyone.. an it guy was around talking about the importance of security, but i almost slept through it since they obviously don't care about it, but do care about pretending to care. Wish i could have done something like this though.. would have been great fun.
What an absolute champ