Most rewarding hack you've ever done?

[EmilKXZ]

My most rewarding hack was related to a firewall too.

I was on the Cisco academy, and they had everything Cisco... except for the firewall. The teachers were good, but the network administrator of the place always behaved like a jerk. He even claimed he was a hacker. When I plugged my USB stick on one of the computers, it infected my USB and when I reported that, he claimed it was my USB who infected the computer back. Too lame to reckon he infected it before deep freezing it. Plus that software sandboxing is kinda lame (sorry if I offend any of you, not my intention), I own some hardware-based disk-freezing devices I consider better.

Anyways, the firewall. Facebook was blocked and I nmap'd the gateway, found out it was a ZyWall, known by its buggy framework, I added several "%20" (spaces) to the URL, it couldn't process it and bypassed it. The trick I admit, it was lame yeah, but an administrator "of his grade" should have used the budget for better hardware, it wasn't tight anyway. 

EDIT: Ah yes, and the "hacker administrator" claimed to be an OWASP representative. Oh boy.

[FuyuKitsune]

In school we were playing around with all sorts of crap on the network. Everything about the computers and network was garbage. We had the admin pass that worked on the majority of the district-wide network so we'd screwed with people on VNC (which was configured to use the local admin pass, and was on every computer). NetBIOS was sweet because we would use the remote directories to send files. "Hey, I need that function for the code", "Sure, lemme copy that to your desktop". Eventually in my 4th year I found that we edit services remotely so I tried putting together a script to a bitcoin miner and then start it but I never got to finish it.


The other best was a persistent XSS in my friend's site. My script changed the page background to dancing banana. Not very impressive at all but the laughs we got out of it were very rewarding.

[T3rminus]

Fair play @Ragehottie I'm new here as I'm sure you are all aware of so I was unaware of your age.

[Phage]

The other best was a persistent XSS in my friend's site. My script changed the page background to dancing banana. Not very impressive at all but the laughs we got out of it were very rewarding.

Oh i love xss, it's my favorite website hacking method. It's so fun to play around with

Anyways i like the idea of changing the background to dancing banana i must remember that one.

[relax]

I am new to this forum and it has been quite interesting so far
I haven't rly done any big hacks BUT

My first experience with computer security would be when i was borrowing my school administrator one of my ASP books he showed me some of the script for the school website, by accident i saw a peace of paper with the password for the ftp server of the schools website. So i went to the classroom logged in and inserted a comment in the the bottom of the source page, went back to him and asked him to look at the source of the schools website. he laughed and changed the password. about a week later i noticed that he had auto login to the ftp from his ftp software, so when he went to get coffee i decrypted the hash string from his .ini file ofc when he got back i told him he should lock his computer when hes not there someone could easly find [andthepassword]. he just looked at me and shuck his head and changed the password. next time i did the same this time he had changed the password to my name backwards andcked that just made my laugh. think thats my best memory of how it all started.


many years later when i has in upper secondary school or gymnasium as its called in sweden i had a guy who broke in to my computer and added some folders to my desktop named "you" "have" "been" "hacked" "by" "the" "best". have still no idea how he did it because i dident share anything. anyway i started C&A sniffed out his password to 2sites one community and one mail. i changed the password and recovery email of the community added one of my email adreses insted. a hour later i got a begging email from him telling me he was sry for all the trouble he had coused me and begging for the password back to his community

[Dutch]

Hi, also new here..

Most rewarding personally would be hacking my ex-gf's mail account to find out if it was really true that she left the asshole she started dating shortly after me 
Hey, I was just a lill' kid then. She hurt my feelings! 

Most rewarding technically was gaining access to the core switches of a rivaling company as well as gaining access to the backup server of another rivaling company.

Haven't done many big hacks, most of the time people just leave their doors wide open and I happen to knock on the door.
Don't have good strategies to hide myself, using free WiFi at mcdonalds is not the best idea as the place is secured with cameras.

[iTpHo3NiX]

asdf

[lolcodeSUX]

Well it's been an interesting read so far. Here is my story. My room-mate and I got into an 'argument' about the internet we were both paying for. He claims that I take up all the bandwidth by playing games all day(really games take less than 100kb up and down usually; nevertheless it's insignificant) so he gets smart and decides that we should have two separate connections. I don't agree with this, however my room-mate is ignorant and stubborn so I let him have his way w/o too much fuss. This is where the fun begins.

The way our network was set up we had our gateway with two wireless routers(one for him and one for me) with one acting as a bridge. So he straight unplugs the router I was using. I thought fine and proceeded to type into my linux terminal:

while true; do aireplay-ng -0 6 mon0 -a $BSSID; done

and have a nice day..

After the larger part of the day spent trying to fix this issue, my room-mate eventually came to me and apologized and things went back to the way they were. Linux, you my only friend.

I rofled' so damn hard! 

[Pak_Track]

My most promising "hack" was:- ... -> :


Me and my friend Phage found XSS vulnerabilities on every search bar and SQL vunlerabilities on every page of the site belonging to the company my father works for...
and reporting them

[Simba]

That was probably my first, most-memorable but not most-rewarding "evil" thing i done

Long time ago i was thinking: hmm, sessions and files are uploaded to the /tmp ...

That time i had hostingas.in hosting. So i wrote up simple PHP script, like a shell, to scan /tmp and other folders not blocked by open_base_dir ...

I was shocked to see:
All the session files and their contents. That allowed me to session hijack any account for hostingas.in, or other hosted site,  extract passwords / usernames as many programs store it in the $_SESSION array;
Uploaded files (MYSQL database dumps, images, php files, emails and etc... who use /tmp as temporary storage)

I could rewrite session data, delete files, (i wonder how many users got pissed for getting logged out, loosing their files) and other stuff.

When i had my fun i told them to fix it. But guess what, after month a company was bought by another company and here we go again...

You can use this , i believe you can call this exploit, on many lower-middle quality shared hostings.
Moving on, i had scanned almost all system of hostingas.in as their open base dir restriction was not perfect, and using bugs / workarounds i could bypass that. You should check the version of Apache and PHP host is running and search info how to bypass it. Also search info about PERL hacks for /tmp. If you are lucky and you can execute the file - you have all power

[Conch]

Not really rewarding, but the most hilarious 'hack' I ever did was when I used to deal with Remote Admin Tools about 5 years ago and did a lot of skid shit.
I was talking to someone over MSN who was completely computer illiterate and I file transferred the RAT in a zip archive.
The guy was high as fuck and I kept opening his cd/dvd drive and flipping his screen upside down and he was like "WTF, Jason help me, my cd drive keeps opening!"
I was like, "Chill man, you're just tripping, everything will be fine"


Got some good lulz out of it. 

[iTpHo3NiX]

adsf

[flowjob]

I've only done once something,that can be considered as a hack...

In IT we learned HTML and CSS and so we had to make our homepage,wich will be hosted on the school server for a year. I asked the teacher to enable PHP to,so I could make more advanced sites, but I also uploaded a PHP script wich copied the passwd/shadow files into a public_html folder,so I could download them. A few days later I cracked them with john,so right now I have access to all accounts of the school server...
I also have a second script that inform's be about new accounts through checking the /home dir,and downloading the new passwd/shadow and cracking it,so I automatically have the pass to new accounts too...

[ImtheDoctor]

Accessing my high school computer system with the school's vp username and password.  Done with a C-128 in C-64 mode.  This was back in either 88 or 89.  I deliberately got sent to the vp's office because we all knew that school officials kept their usernames and passwords on their computer screens.  I could then edit school schedules and grades and personal files for the vp.

Accessing admin privilege at my college by helping the admin open the computer lab and then using a room mirror to watch him type in his username and password.  Upped the privileges on my school account.  Didn't really do much else with it.  Gave me free printer access though instead of 5 cents per page.

My favorite was explaining to an idiot in my Army unit how to hack into the credit union on post.  I didn't have to report him.  He transferred $10k into his account and withdrew it the next morning.  He was arrested a week later by Army CID because the CU noticed the discrepancy in his account.

[[LuCif3R]]

which i have done is ..
get in to my office job sharing pc's admin account..
more than 300 facebook account which are phished by me 
cracked my college's wifi password to gain full internet access
more than 2000 accounts username and password taken with the help of SQLi