posts/2021-10-04-the-big-rick

[utterances-bot]

IoT Hacking and Rickrolling My High School District | WhiteHoodHacker

This is the story of how I pulled off my senior prank: featuring an IPTV system, a paging system, and Rick Astley.

https://whitehoodhacker.net/posts/2021-10-04-the-big-rick

[saucybo]

first

[colincabana]

simply stunning 🥺 (on a real note, i wish i was in school to see this!! 😂 This was so funny to watch when the videos went on the internet!!)

[foxler2010]

cool.

[Sporkpuff]

W

[r3lity]

coolz

[robbie01]

Linux kids can't even awk '$1 == "inet" && $2 != "127.0.0.1" { print $2; }' On a more serious note, as a fellow CO21 graduate who thought hacking the AMS LED sign in the cafeteria was hot stuff, reading this was an extremely humbling experience, and the rickroll aficionado in me shed a tear by the end. You're the GOAT.

[ramen-noodles144]

Hey Minh, this is Raman. I remember you showing me life footage from cameras while we were playing chess in the chemistry room freshman year. You’ve come really far, this was so elaborate and awesome! Can’t wait to see what you will think up of next. Wish you a great time in college!

[STrRedWolf]

Any chance we can see your debrief presentation? Just the slide looks like it would be a fun read. Maybe present at DefCon or C3?

[arjvik]

This is amazing! I'm pleasantly surprised that your district was so nice about not taking disciplinary action... a friend of mine reported a Powerschool vulnerability to my school district and they responded with disciplinary action and police involvement!

[Diacius]

Absolutely amazing!

[Intrexa]

bnVueWE6YnVzaW5lc3M=

top kek

[TheColorman]

amazing

[drewkime]

The actual hack was good enough. But the care you took to do your testing at night, verify schedules to make sure you didn't interrupt anything crucial, distribute the pen-test as the last step ... Really nice attention to detail.

[haze]

epic

[esquitx]

U r my idol. Any tips on how you learned to do all this? #1 on HN btw. Congrats!!

[kickturn]

I remember my cousin telling me this in April, never thought I would see this in HN haha.

[Awesomeguys900]

thats rlly sick oml

[JesseTG]

God Damn, Rickrolling is durable. Just about all of the freshmen were born after people started doing it in 2007, and yet everyone seemed to get it!

[sam1rm]

Awesome!

[sam1rm]

Hacker news discussion here! Currently the top https://news.ycombinator.com/item?id=28844101

[RicoToothless]

what a champion LOL

[LevitatingBusinessMan]

This is some Mr.Robot level hacking. Awesome dude, keep it up.

[maormagori]

This was a great read! Keep up the good work👍

[ajtazer]

I wanna try this too, but i doubt the security team will appreciate it. ( ͡° ͜ʖ ͡°)

[tonydoyle96]

Good work in getting this accomplished and tested prior to the "event" Kudos to the School in working with you and learning fro this, I can see a pentest career in store for you and the team. If you love what you do you'll never have to "work" a day in your life

[Ke1lie]

What a great read! Kuddos to you for not implicating the school.

[Airpote]

Dude please continue hacking the web need people like you to protect us from malicius hacker, white hacker and cryptographe are our shield against the rise of quantum computer that can bruteforce a pass within second.

[kogeki]

Not even joking, I read this in school and decided to try it myself. I was able to scan my entire schools /16 and found IP cameras with no password, printers, ID authentication systems and most importantly: Apple TV devices connected to projectors. I am now extremely tempted to try this.

[WhiteHoodHacker]

Not even joking, I read this in school and decided to try it myself. I was able to scan my entire schools /16 and found IP cameras with no password, printers, ID authentication systems and most importantly: Apple TV devices connected to projectors. I am now extremely tempted to try this.

@Kogeki Please don't try it unless you get permission or fully accept the consequences; my disclaimer is there for a reason.

[kogeki]

Not even joking, I read this in school and decided to try it myself. I was able to scan my entire schools /16 and found IP cameras with no password, printers, ID authentication systems and most importantly: Apple TV devices connected to projectors. I am now extremely tempted to try this.

@Kogeki Please don't try it unless you get permission or fully accept the consequences; my disclaimer is there for a reason.

@WhiteHoodHacker Thanks for the warning. Anyway, this was a really interesting read. Nice job.

[kusuriya]

This is awesome and a very very solid write up. You should submit this to a few security conferences and try to get in at defcon. As a security professional this is a very solid writeup and very good work, probably among the best I've seen in a while and if you're interested in work as a cybersecurity pro you'll go far.

[FxllenCode]

Not even joking, I read this in school and decided to try it myself. I was able to scan my entire schools /16 and found IP cameras with no password, printers, ID authentication systems and most importantly: Apple TV devices connected to projectors. I am now extremely tempted to try this.

That is a yikes! This sort of thing happens all the time at school districts, I suggest reading your district's code of conduct and many (like mine) will punish you even if you make good faith reports. Guess they have to wait for someone to do something much worse...

[kickturn]

Not even joking, I read this in school and decided to try it myself. I was able to scan my entire schools /16 and found IP cameras with no password, printers, ID authentication systems and most importantly: Apple TV devices connected to projectors. I am now extremely tempted to try this.

Well u shouldn't try as you probably already know but I would like to say is to NOT disclose it or at least anonymous somehow. There is countless of stories of people finding vulnerabilities in school and had the "good faith" to report but got almost expelled

[nem64]

The amount of planning that went into this is simply impressive. Hopefully this will be a wake up call to the network engineers to AT LEAST segment the network with VLANs and most importantly isolate traffic on the switch level

[duhhbzz]

Good read. Congrats on the details and steps taken to achieve this. This was cool to read.

[nhitze]

Mad respect, this was amazing. Also very good postmortem, I'd wish our developers write on this level (sry pals, it's true)

Keep it up and if you ever come to munich, let me know, Beer is on me

[thelibrariancat]

This is an excellent prank and an excellent writeup. Congratulations on pulling it off!

[xtuphe]

牛逼哦👍🏽青出于蓝

[kigiri]

Very nice stuff, not only the hack but you are also an entertaining writer and your website is very well made !

I'm glad your school was understanding, I have 2 friend that got expelled from their respective schools for this kind of stuff...

[dingyx99]

This is an excellent writeup, congratulations!

[noother]

Legend.

[ghost]

D214 was always so lenient on messing with tech. When I was there and got caught snooping in the teachers files all they did was put me on a lanschool watch-list. Not saying how I did it as I know the (configuration) vulnerability was still there my senior year and I doubt they fixed it.

[internbob]

不错哦，值得学习

[technicholas]

Exterity should be giving you a scholarship for spending the time with their product and showing vulnerability’s. Your going to go a long ways.

[DaVietnameseBoi]

Kinh! hack cả một quận!

[Dywan77]

Just a genious !

[Dywan77]

never gonna give you up

[Dywan77]

GENIOUS !

[ashbillzw]

Man's a true legend. This be one of the greatest rickroll to ever exist. Btw nice website, looks clean! Will tune in for your future posts🙏

[CalypsoTM]

you are a fucking genious ! big GG