This article is being re-published, originally published on 13th April 2018.
Being a teenager I have heard computer nerds proudly claiming that how they hacked into their college’s database. How they got access to the data of all their friend’s and their college crushes. I was always amazed and used to ask them for guidance as to how they did it, most of the time they didn’t respond to a teenager like me. I never gave up and continued reading and learning various techniques, programming languages, softwares and tools and here I am writing this blog about how i got access to a college’s database.
The Big Idea
So, how I got the idea in the first place? Most of the college have this policy that in the very beginning of the college they assign students username and password to login to an online portal that has their data, like their name, registration numbers, parent’s name, their phone numbers, social security number (Aadhaar number), etc.
The problem is the username that is assigned to them is their college registration number and the password is their date of birth and most of the time these students don’t change their login credentials at all, once they get them from their college at the time of their registration.
Breaking down the Hack
As bored as I was I thought let’s try a dictionary attack. So for this i had to first check if thecollege website was actually weak enough to allow me to carry out a dictionary attack on it’s login page. So, I opened up my Burp Suite and turned on the intercept. I visited the college’s login page and just to check it out I created random payloads which gave a total of 1,000 permutations with the login credentials at the last of it, so as to check if it runs fine. I started the attack and in a minute voila! Burp Suite highlighted my credentials, as the status displayed 302.
With this I came to know that the dictionary attack was not being blocked by the IDS or IPS of the college (doubt they even have one), I thought let’s make the list of all registration numbers and all the birth dates possible for those registration numbers. So how do you figure that out? Now let’s say your college gives you a registration number, try to break it down.
- 15 is the year they joined college, this can tell us what can be their birth year to an approximate of +1 or -1 year
- 11 is indicator of they might have taken engineering , arts or whatever branch
- 08 is the indicator of which branch they might have taken like, cse or it or swe etc.
- 0123 is their unique identifier number for that branch
So now once I knew how to create the dictionary file, I wrote C++ codes and printed the dictionary files for IT branch. Remember their can be particular things special to your college, like they need to append their college name before your d.o.b. in your password so write the codes accordingly or write a generalised code and paste it in a text editor and use “find and replace” to make changes according to your needs.
So, right now I had my dictionary file ready to go with a total of 600,000 permutations. With the help of my Burp Suite professional it took me 5 hours to get the data of all the college students, their marks and grades of each semester and above all their SSN.
I reported it to the officials straight away. This whole hack was possible due to laziness on both the student’s part and the college. The student’s didn’t change their default passwords, the college didn’t put in a proper firewall which should have blocked me right after 100 or so attempts.
I was very lucky, but I did hack into a college’s database!
If you enjoyed it please do clap & let’s collaborate. Get, Set, Hack!
Telegram : https://t.me/aditya12anand
Twitter : twitter.com/aditya12anand
LinkedIn : linkedin.com/in/aditya12anand/
E-mail : firstname.lastname@example.org
P.S. In my follow-up article I will explain how I hacked into the database via a different website that they had up and running and bypassed the CAPTCHA filter. Releasing it one week from now.