← go back

the time i ‘hacked’ a teacher using a school-mandated tab tracker extension

aka: a lesson in sanitizing html

11:43:39 AM <+illogicallity> oh yeah, did i forget to mention that the extension sticks a window to the side of your screen that you cannot close
11:43:48 AM <+misaPuding> what is the window for except annoy
11:44:03 AM <+illogicallity> it's to send messages to your teacher
11:44:07 AM → ChanRec joined (~[email protected])
11:44:07 AM @ChanRec was opped (+o) by @ChanServ
11:44:12 AM <+illogicallity> and also contains extension stats and your ip address
11:44:11 AM <+misaPuding> me if: talking
11:44:22 AM <+BridgerFish> Orb_Fish: is it santitized against XSS?
11:44:47 AM <+illogicallity> NOPE!
11:44:47 AM <+misaPuding> yay
11:44:50 AM <+BridgerFish> Orb_Fish: XD
11:44:58 AM <+misaPuding> heck the it techer for spying :)
11:44:58 AM <+BridgerFish> Orb_Fish: very good
11:45:06 AM <+illogicallity> i got in trouble for abusing that once
11:45:07 AM <+misaPuding> what did you do
11:45:10 AM <+BridgerFish> Orb_Fish: oh
11:45:14 AM <+misaPuding> with the xss
11:45:28 AM <+illogicallity> i sent a minified script that removed all css on the page to the teacher in <script> tags
11:45:34 AM <+illogicallity> it worked and caused him to panic
11:45:34 AM <+misaPuding> lol
11:45:45 AM <+illogicallity> it broke the spyware's control panel
11:45:52 AM <+misaPuding> were there any rules demanding you don´t use xss vulns?
11:46:08 AM <+illogicallity> he reloaded and, since the message persisted, it broke again!
11:46:08 AM <+misaPuding> bro
11:46:14 AM <+BridgerFish> Orb_Fish: XDDDDDDD
11:46:19 AM <+illogicallity> misaPuding: didn't see, didn't care
11:46:17 AM <+misaPuding> that reminds me of tbgchat and pkmnq-
11:46:30 AM ⇐ @ChanRec quit (~[email protected]) Remote host closed the connection
11:46:39 AM <+BridgerFish> Orb_Fish: I honestly want to know how PkmnQ does it
11:46:46 AM <+misaPuding> illogicallity: if you cared, you could succesfully defend against the "trouble"
11:47:17 AM <+illogicallity> someone else discovered that if the teacher's control panel tab is closed, it ends the spy session
11:47:31 AM <+illogicallity> so, combined with the xss bug, 
11:47:27 AM <+BridgerFish> Orb_Fish: and then?
11:47:34 AM <+illogicallity> FUN!
11:47:56 AM <+misaPuding> btw, why were they mad? you did smth literally years away of what you were learning, which therefore meant you learnt it better than you were supposed to :)
11:48:24 AM <+illogicallity> idk
11:48:32 AM <+misaPuding> (answers my question) because it´s skool, the place where logic = magic
11:49:06 AM <+illogicallity> but they lectured me on how hacking destroys lives...i was thinking about ltf3 the whole time and not paying attention
11:49:07 AM → @ChanRec (opped) joined  
11:49:13 AM <+misaPuding> ltf3?
11:49:22 AM <+illogicallity> learn to fly 3
11:49:25 AM <+illogicallity> flash game that i like
11:49:22 AM <+misaPuding> lol
11:49:34 AM <+illogicallity> basically: send penguins to space or die trying
11:49:31 AM <+BridgerFish> Orb_Fish: how DOES hacking on that scale destroy lives?
11:49:44 AM <+illogicallity> i had that question too
11:49:44 AM <+misaPuding> hacking destroys lives... black hat hacking
11:50:00 AM <+illogicallity> all i did was use a basic script to remove all css from the dom, nothing was modified
11:50:01 AM <+misaPuding> because ohmigawd no spying at priv information of students :sad:
11:50:04 AM <+misaPuding> yes
11:50:10 AM <+illogicallity> if he cleared the message backlog, the script would be gone
11:50:14 AM <+BridgerFish> Orb_Fish: ok
11:50:23 AM <+illogicallity> i tried to explain that but nope
11:50:19 AM <+misaPuding> they were mad because techer was hopeless without css
11:50:32 AM <+misaPuding> 💀
11:50:59 AM <+illogicallity> i would've also sent the glitch page script or maybe a redirect to rickroll/chrome crash page
11:50:55 AM <+misaPuding> tldr: skool mad because they have a techer who is worse at what he´s teching than a student
11:51:14 AM <+BridgerFish> Orb_Fish: XDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
11:51:20 AM ⇐ @ChanRec quit (~[email protected]) Remote host closed the connection
11:52:56 AM <+misaPuding> you could literally have a lesson to the whole skool (including the principal) about how it´s important to make sure if you´re using a tool, it´s safe
11:53:03 AM ⇐ @ChanRec quit (~[email protected]) Remote host closed the connection
11:53:32 AM <+illogicallity> i tried to explain that you should make it, or tell the company that makes the software to sanitize those things
11:53:37 AM <+illogicallity> they did not listen
11:53:37 AM <+BridgerFish> Orb_Fish: <script>document.location = "about:inducebrowsercrashforrealz"</script>
11:54:29 AM <+illogicallity> i imagine someone with less decent intentions and a darker hat could've used that bug to steal tab screenshots, names, emails, and ids since all of those are displayed in the control panel
11:54:38 AM <+illogicallity> but at this point, it's their funeral
11:54:34 AM <+BridgerFish> Orb_Fish: .
11:54:44 AM <+BridgerFish> Orb_Fish: what?
11:55:03 AM <+misaPuding> literally even i, a 12yr old boy with skill issue in programming knows YOU GOTTA SANITIZE YOUR DAM HTML
11:55:20 AM <+illogicallity> actually i'm a little bit older than that but ok
Feb 15, 2023, 8:00 PM
5 0 7

Comments