Skip to main content

Aldrin Jenson

How we hacked an entire computer lab✨

Linux is cool.

Computer Networks is cool.

Rick roll is cool.

Our lab teacher - Titty sir, is definitely cool.

So, hacking all the computers over there, should be cool too.?🙂

Introduction

Short write up of how I wrote a script to play rick roll in all computers in our lab. 🙂

In hindsight, should have added the --fullscreen flag to the browser as well!

  1. find your ip address using
ip a | grep 192.
ip grep image

If the computer is connected to two or more networks(ethernet and wifi for example) the above would result in more than one entries. Note that the address ending with 255 is for broadcast and hence should not be used.

  1. Get the list of all devices connected to your network using the nmap tool
sudo nmap -sn 192.168.143.0-255
sudo nmap -sn 192.168.143.0-255 > ips.txt # to store output to a file
  1. Install sshpass on your host machine
sudo apt install sshpass
  1. (i) Create simple bash script to ssh into one file and remotely execute a command
Remote exec sample script

Simple script to remotely execute a command in a single client machine in network using sshpass.

  1. (ii) Create script to loop through the script and remotely execute a command.
sample script for looping over ips and executing a bash command

Simple script to loop over a set of ips and execute a bash command.

Afterthoughts

There you go. This script should let you run a command remotely in all the devices in your network.

I used this only once for playing rickRoll in all the computers in our lab just as a proof of concept.

Now, even though we demoed using a rick roll, just know that if one could do this much, really dangerous stuff can be done once access to these many computers are granted. Stuff can range from crypto-mining to running keyloggers for accessing passwords of students.

This worked perfectly in our case because the passwords of all the computers were same. In little more stricter scenarios, the passwords being same are rare and hence you’d need to create separate files to map the ips to passwords before looping through.

Finally, we were able to pull this off only because the staff in CS Lab were kind and understanding of the student’s curiosity and interest to explore stuff.✨

I suppose I should mention that this is a powerful method and you should use it only with care respecting privacy of others in the network.🙂

26-07-2022
/posts/hacking-cs-lab/ Aldrin Jenson