conclusion to such a mess?
Awhile back some of you readers might recall that I was in a stint of trouble with my local public highschool. I have not heard from any of the administration in a couple moons, so I’m going to assume that said issue has been adjourned. I was doing some investigation of my own and a still have one question. Who used my network account to access restricted areas? Even after I had received the following testimonial from Devin and a corroborating testimony from another fellow involved (who’s identity will not be revealed) the question still remains. Who used my account before I gave my login credentials out. Hope you enjoy the following narrative from Devin.
Date: Tue, 1 Apr 2008 16:14:05 -0500 From: "Devin Pariseau" <XXXXXXXXXXX@gmail.com> To: "Jason Zerbe" <XXXXX@lizardking.biz> Subject: The story - here it is
Well everything started sophomore year when a lot of us in Intro to C++ were using batch files to restart other peoples computers. Simple, but effective. Then over the course of the next year, we were pushing the limits of the school network to see what we could access and other things. Such as viewing the directories of other students accounts and stuff.
A friend pointed out to me a way to view all computers on the district. And on one of these computers, a server by the name of USA, the dsitrict staff had left some VBScripts on there. Not knowing VBScript, I abandoned tinkering with the network.
I left this area then for quite some time due to my sisters depression, and then her death. Also, I was attending college through PSEO (HIGHLY RECOMMENDED).
Well do to emotional distraught, I had to drop my Political Science class in college. So then I was back in highschool, and would be attending there the rest of the year.
During my time back, I had a free 4th hour second term for some free time. This was the time I started to learn some basic VBScript….
Going back to the scripts on the USA server, I realized that these were the scripts that the admins used to give users permissions upon login. Not knowing how they worked, I decided to push my efforts in a different way.
On our school server, there is the U: drive which all students have a profile own, for their own personal storage. Checking mine, I realized that they did not have a storage limit per user. I then created a VBScript which created 1 MB size txt files in a loop to fill the server. This was just a prank. Well, I managed to fill a 1.5 TB drive within less than a weeks time, if it ran non-stop. I think it was about 200GB for anywhere between 4-6 hours.
I then came back to the other scripts. When ran, they map-drived to different drives on the network. You could see them in the pull down bar of Windows Explorer (go to My Computer, at the top you should see C:\, thats the drop down bar). You did not have access to them however. So looking at the scripts, I saw that only certain groups had access to these drives. I changed it to the student group of my high school, $29Students . I had access to most of the network.
Very shortly after, I was called down to the office. They had found out my antics. I was using someone elses account (NOT Jason’s) in my antics. I had saved his password on my school network account. He spoke it word of mouth one day in the library.
However, I was in deeper shit than I realized. One of the drives I accessed had bank routing numbers and social security numbers on it. When I had accessed it, I did not know. It was only in the principals office, when they told that to me, was I like Oh shit….
So then they asked to have my home PC (wasn’t going to wait for a warrant) and copied my Harddrive. I was fully cooperative. They have not pressed charges for I believe “Accessing a Private network” (state crime).
© 2008 Devin Pariseau - used by Jason Zerbe under written permission - for reprinting or use of content contact Jason Zerbe