https://github.com/3kh0/state-test
Ways to take state tests unrestricted
https://github.com/3kh0/state-test
bypass methods school state-test
Last synced: 9 months ago
JSON representation
Ways to take state tests unrestricted
- Host: GitHub
- URL: https://github.com/3kh0/state-test
- Owner: 3kh0
- Created: 2023-05-09T13:03:08.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-11-02T13:34:06.000Z (about 2 years ago)
- Last Synced: 2025-04-15T00:14:20.498Z (9 months ago)
- Topics: bypass, methods, school, state-test
- Homepage:
- Size: 36.1 KB
- Stars: 15
- Watchers: 3
- Forks: 3
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# State Testing Unrestricted
**Ways to take state tests unrestricted.**
We are trying to get almost every state, if you have a different state, open a issue with the title of your state and provide AS MUCH DETAIL AS POSSIBLE about how you take your state tests.
- [State Testing Unrestricted](#state-testing-unrestricted)
* [North Carolina](#north-carolina)
+ [The easy method](#the-easy-method)
+ [The hard method](#the-hard-method)
* [Wisconsin](#wisconsin)
+ [Forward Exam](#forward-exam)
+ [STAR test](#star-test)
* [California](#california)
+ [CAASPP](#caaspp)
* [Georgia](#georgia)
+ [Georgia Forward Exam](#georgia-forward-exam)
* [Minnesota](#minnesota)
+ [MCA](#mca)
Table of contents generated with readme-toc
## North Carolina
~~This is the first one bc I live in that state lol~~
The first thing you need to know is the way that the NCTest app was made was really stupid, it pretty much just iframes a existing page that you can search on google
The link there in question is [data.ncsu.edu/nctest/Destination.html](https://data.ncsu.edu/nctest/Destination.html), but if you click on the NCTest login, you would be blocked from logging in with this message.
Thank goodness the devs behind it for some reason added comments to their code, so we can exploit this. This function checks the user agent and deterimes if the test taker is in a "secure" testing environment. This only checks the first 6 characters of the user agent and if it is `NCTest`. Note this is a very simple way of how it works, so here are two ways to bypass and get this running.
```js
//check useragent for our custom chrome app string
function onMessage(e) {
appWindow = e.source;
appOrigin = e.origin;
oldAgent = navigator.userAgent;
//customizing useragent due to sporadic issue of not being overwritten in chrome app
if ( navigator.userAgent.substring(0, 6) !== "NCTest" ) {
Object.defineProperty(navigator, 'userAgent', {
get: function () { return "NCTest/1.0 ChromeApp " + oldAgent; }
});
}
isChromeApp=true;
}
```
*Source: [data.ncsu.edu/nctest/common.js](https://data.ncsu.edu/nctest/common.js) Archived: [pastebin.com/gVAUnkwW](https://pastebin.com/gVAUnkwW)*
### The easy method
This is a much easy way without having to spoof useragents, this also depends if you can install the app on your device, this can work on Windows and Linux, but sometimes it does break, relaunching does seem to fix the issue of getting blocked.
1. Get the [NCTest App](https://chrome.google.com/webstore/detail/nctest/gekbonallhcfalincpgmjcipmjehfhlh/) from the Chrome Web Store
2. This step depends on your OS,
**If you are on a Chromebook**
1. Open the Launcher 
2. Locate the NCTest App and click on it
3. Click the NCTest login (or whatever you need the app for)
4. Profit
**If you are on Linux/Windows**
1. Go to `chrome://apps`
2. Click on the NCTest App
3. Click the NCTest login (or whatever you need the app for)
> **Note**
> If it still shows the block scren, close the app and reopen it.
In this app, you can use keybinds suck as `alt`+`tab` to change windows while taking the test. I did not figure out how to resize the window, it seems it is locked to fill the screen.
### The hard method
This is a little more tricky. It ininvoles getting your current useragent and spoofing it with a extension.
1. Download a extension that can spoof your useragent.
Chrome: [User-Agent Switcher for Chrome](https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg)
Firefox: [User-Agent Switcher and Manager](https://addons.mozilla.org/en-US/firefox/addon/user-agent-string-switcher/)
More ways to change: [How to Change User Agents in Chrome, Edge, Safari & Firefox](https://www.searchenginejournal.com/change-user-agent/368448/)
2. Get your current useragent, you can just use google to look it up
3. Add `"NCTest/1.0 ChromeApp` to the start of it.
So if your useragent is
```
YeetOS/5.0 (X11; AmongOS x86_64; rv:109.0) Gecko/20100101 Firefox/114.0
```
you would change it to
```
NCTest/1.0 ChromeApp YourMom/5.0 (X11; AmongOS x86_64; rv:109.0) Gecko/20100101 Firefox/114.0
```
4. Access the login page for the test at [data.ncsu.edu/nctest/Destination.html](https://data.ncsu.edu/nctest/Destination.html)
Further Reading:
- https://defcon.social/@3kh0/110293819888798643
## Wisconsin
Here is how to bypass the exams for wisconsin.
### Forward Exam
Forward Exams are provided through DRC Insight, which can be accessed [here](https://wbte.drcedirect.com/WI/portals/wi). However, it hides the test sign-in option if the client is not in the designated kiosk. However, this is done on the client-side, and as any developer knows, you should never trust the client side. Looking through the code, the following line immediately jumps out:
```html
```
Right there, see it? `class="hide-link"`. I threw together a little script to remove the class, and it ended up looking like this:
```js
var a = document.getElementsByClassName("hide-link"); for(b in a){if(b<=a.length)
document.getElementsByClassName("hide-link")[b].className=document.getElementsByClassName("hide-link")[b].className.replace("hide-link","")}
```
In bookmarklet form:
```js
javascript:(function()%7Bvar a %3D document.getElementsByClassName("hide-link")%3B for(b in a)%7Bif(b<%3Da.length)%0Adocument.getElementsByClassName("hide-link")%5Bb%5D.className%3Ddocument.getElementsByClassName("hide-link")%5Bb%5D.className.replace("hide-link"%2C"")%7D%7D)()%3B
```
Just run the script and the hidden options will show up. Enjoy!
### STAR test
STAR tests are handled through Renaissance Learning, which doesn't have any browser restrictions. Access it [here](https://global-zone08.renaissance-go.com/studentportal/) and sign in with your normal credentials. If a monitor password is needed to start the test, enter `admin` (very secure, I know).
## California
All state assesments done in Californian public schools are done with California Assessment of Student Performance and Progress (CAASPP) secure test browser. This "secure" browser acts like every other test browser, limiting the use of the system.
### CAASPP
Luckily, you literally don't even need to use the secure browser! The login page is available [here](https://ca.cambiumtds.com/student), and from my understanding, you are able to access everything you normally would on the test browser, without restrictions.
## Georgia
Bypassing in Georgia.
### Georgia Forward Exam
Forward Exams are provided through DRC Insight, which can be accessed [here](https://wbte.drcedirect.com/GA/portals/ga). However, it hides the test sign-in option if the client is not in the designated kiosk. However, this is done on the client-side, and as any developer knows, you should never trust the client side. Looking through the code, the following line immediately jumps out:
```html
```
Right there, see it? `class="hide-link"`. I threw together a little script to remove the class (using jquery), and it ended up looking like this:
```js
Array.from($('.hide-link')).forEach(t => $(t).removeClass('hide-link'));
```
In bookmarklet form:
```js
javascript:(function()%7BArray.from(%24('.hide-link')).forEach(t%20%3D%3E%20%24(t).removeClass('hide-link'))%3B%7D)()%3B
```
Just run the script and the hidden options will show up. Enjoy!
## Minnesota
Just like California, you can easily access everything with no restrictions.
### MCA
There are no checks, unlike most other test programs. You can just go to TestNav [here](https://home.testnav.com/) and then select Minnesota. As far as I know, there are no restrictions when using the website whatsoever.