zlacker

[return to "IoT hacking and rickrolling my high school district"]
1. bfirsh+zg[view] [source] 2021-10-12 21:10:41
>>revico+(OP)
Reminds of me my school leaving prank. I rewrote the whole internet on my school's computers. Google's logo became "Leavers '08", Facebook became "Hatebook" and was red, YouTube only played videos of cats, amongst other things.

These were the days when nothing had SSL, so you could just intercept and rewrite traffic!

My only requirement was: do no actual damage

It was implemented as a Debian live CD that you could drop into any school computer. It would boot up, then Ettercap would MITM the whole network by spoofing the router. It routed all HTTP traffic via Squid and a custom ICAP server that did the actual rewriting. If you removed the live CDs, the network just went back to normal within a couple of minutes.

Routing the whole school's network through one old Pentium machine wouldn't work though, so I figured out a way of doing distributed load balancing: it would do the ARP spoofing slowly and randomly. So, as you added more machines, it would just magically balance between them.

It worked great for about an hour then whole network mysteriously stopped working for the rest of the day. I left all the live CDs in the computers as a calling card.

Sorry, school network admins.

◧◩
2. pfraze+jE[view] [source] 2021-10-12 23:57:34
>>bfirsh+zg
Used to be that Windows allowed programs to hook into each others’ event busses. (It might still, I’m not sure.) This might be why a few of my Highschool’s computers would interpret every 5th right click in minesweeper as a left click
◧◩◪
3. Strato+HH[view] [source] 2021-10-13 00:29:55
>>pfraze+jE
Yup, you can still do that. AutoHotkey is a wonderful tool for this. You can intercept input events globally, and transform them or send completely different events to the target app.

For example, I use AutoHotkey to implement my JKLmouse program, which turns certain keyboard events into mouse movement for precise control. It's similar to the MouseKeys that comes with Windows, but made for laptop keyboards without numeric keypads.

And yes, you could definitely do that Minesweeper hack in AutoHotkey! :-)

https://www.autohotkey.com/

◧◩◪◨
4. Quessk+lI[view] [source] 2021-10-13 00:35:54
>>Strato+HH
Would you mind sharing that script? I have been looking for something simmiliar, but didn't find anything that worked well and did not have the time yet to give it a try myself. I would really appreciate it.
◧◩◪◨⬒
5. Strato+eJ[view] [source] 2021-10-13 00:43:56
>>Quessk+lI
Sure. I didn't want to engage in self-promotion, but since you asked, here's the website and source code. There is an installer, but it's kind of old. I suggest installing AutoHotkey itself, then download the JKLmouse.ahk and JKLmouse.ico files from GitHub, and put a shortcut to the .ahk in your Startup folder.

https://www.jklmouse.com/

https://github.com/geary/jklmouse/tree/master/AutoHotkey/Sou...

One thing to note is that I wrote this to use on my ThinkPads, which have physical mouse buttons. On a laptop where the touchpad itself is the mouse button, it may be difficult to avoid nudging the mouse position when you click.

I've been thinking about adding support for using other keys as "mouse buttons", but haven't done anything about it yet.

◧◩◪◨⬒⬓
6. trashc+oa1[view] [source] 2021-10-13 05:39:09
>>Strato+eJ
This is really cool. It's like the Mouse feature if QMK but works with any keyboard!
[go to top]