Skip Navigation
307 comments
  • Discovered that the credentials for the library computers (which were helpfully printed on stickers for the forgetful librarians), were in fact domain admin credentials.

    Gave myself a domain admin account, used that to obtain access to some sensitive teacher-only systems (mostly for the challenge, but also because I wanted to know what was going on my school report ahead of time).

    My domain admin account got nuked, but presumably they didn't know who had created it. Looked up the school's vendor ("Research Machines Ltd.") and found a list of default account credentials. Through trial and error, found another domain admin account. Made a new account (with a backup this time) and used it to install games on my classroom's computers.

    Also changed the permissions on my home directory so that the school's teachers (who were not domain admins) couldn't view my files, because I felt that this was too invasive at the time.

    That last bit got me caught proper, and after a long afternoon in the principal's office I left school systems alone after that for fear of having a black mark on my "permanent record".

  • netsend

    It's a little command line program included with windows that you can set up to send short messages to computers as a popup box. A lot of printers could use this to tell you your print job was successful, and it was used a lot in libraries and such. And also my high school. They had some cursory protections in place, but if you managed to open a command prompt you could send your own message. You just needed the recipients windows username or PC name.. our school used the standard first letter of first name + full last name, even the teachers. So of course, being highschool, this spread like wildfire and there was a whole semester where everyone was abusing it to troll other classmates or interrupt teachers mid lesson. It was also being used as IM/text before any of us even had phones - you could shoot your friend a message to dip out of class or something.

    Everything came to an abrupt halt when a guy was dared to run a batch file that was a single, looped, expletive laden net send to a wildcard recipient. It sent the message on repeat to every computer in every school in the district. Every time you hit ok a new box would pop up with the same message. Supposedly every computer needed a hard restart, including servers. Dude got in trouble, and our printers stopped telling us the print job was successful after that.

    • Had to scroll way to far to find this 😂 teachers got quite upset when we discovered this trick in middle school.

  • My HS put networked computers in every classroom a couple years before I graduated (so '95 or '96). They put predictable passwords on all the teacher accounts, and all teacher accounts had write access to network shares. Those of us who figured that out stashed copies of the Doom WAD file (the one file too big to fit on a single 3.5" floppy) all over the network under different names. So even after they figured out we were in and started forcing teachers to change their password, there were still a dozen or more copies spread over the network.

    Student access was enough to copy the WAD file locally over the 100mbit ethernet if you knew where to look. And we all carried the rest of the game around on floppy. So any time we got access to the computers we were playing doom. We also passed around floppies with different mod files. The chicken launcher was everyone's favorite.

  • My school had a web filter to block YouTube and various other sites that they didn't want students to go to. On the block page, there was a "report site blocked incorrectly" button, as well as a password override for admins to do a one time bypass.

    One of my classmates registered a domain that all it did was log the IP address of whoever visited it. He then attempted to visit the site from class, it was blocked, and he clicked the report button. Later on one of the IT admins reviewed the report to see if the site should be unblocked or not, by visiting the site. My classmate then had the public IP address of the IT admin.

    This IT admin must not have been very good, because he had a password unprotected, open, telnet port pointing to his computer. So we were able to telnet into his PC and poke around. He had an Excel file on his desktop with the web filter override passwords for every school in the district. That Excel file was promptly shared to as many people as who asked for it and we thought wouldn't rat us out.

    We gloriously had unrestricted Internet for several months before the teachers caught on. We were told that anyone who used this password would be found out, and that the school was going to have a "volunteer" community service day for 4 hours on Saturday, picking up trash around the school. Anyone who attended would be pardoned for using the password, anyone who didn't attend and who was found out for using the password would have been "punished" (very ambiguously defined). I did not go to the volunteer day, nor was I punished in any way. I do think that it was just a bluff and they didn't have good enough logging to tell who actually used the password.

  • I believed that I was being unfairly marked with a biased grading.

    I got access to admin privileges, found another students essay from the same class but different timeslot, knowing what grade they got after handing it in early, I changed nothing but the font and name and handed it in to get a full letter grade less than the original student had.

    I couldn't keep myself from complaining about it and was suspended over it, but it was a privilege when I knew I was right.

    Edit: To clarify, it was the same teacher for both class groups.

  • One day, after school, I decided to tinker with the Mac systems at my school, and in that process I learned that Mac has a virtual drive that it uses as a setup medium that it doesn't clear, it just un-mounts, when you finish installing. So I just re-mounted the setup drive on the computer from the command line, restarted, booted in like I was setting up a fresh new computer and gave myself an admin account on one of the computers in our lab. Didn't really do anything nefarious with it, but it was a fun little experiment regardless

  • This was ~15 years ago. We got a laptop with school credentials on it, but couldn't log in to the local admin account, only our own student network accounts so couldn't do anything fun with it. No problem, install Linux on a flash drive, plug that in, run a script to crack the admin account (thanks rainbow tables) and get in. It was not a very strong password. A lot you can do now. Install games, browse the web unfiltered, and so on, but problem is our use of the laptop was limited to the after school activity we were part of (robotic club obviously) so still not really too much fun to be had unless we wanted to get caught pretty quickly. But there was one thing, we could grab the WiFi password. Turns out that it's only hidden on the student accounts, on the admin account you just click on the WiFi network and it just gives it to you. We didn't plan for it but we didn't take advantage of it. We shared that password to a couple friends but in general kept it under wraps, this was before data plans were so wide spread so it was actually useful, and the school itself was a faraday cage for anything but the weakest cell signal. Best part, it worked in other schools too, so I'm pretty sure it got spread pretty far eventually. I graduated before they changed it, no clue what happen after though.

    We also took the balls out of the mice. And put tape on the optical ones.

    • Wow, are you me? I just posted a super similar story, but it was 9 years ago using an iMac.

  • Put a backdoor and keylogger on the network engineer/networking teacher's computer when I was a TA for his class and was able to get full control over the entire district's network from home. I installed GTA2, Diablo 2 and Counter-Strike onto every machine in the system, then would play with my friends (and even a couple teachers) whenever I had the chance.

    The security was non-existent, and after just a month it felt like everyone knew about the games but no body ever found out who put them there. :)

  • Loaded quake on all the computers in a classroom. Which were conveniently arranged to make it impossible for a teacher to see all screens at once. And with no effort we were able to play multi-player matches basically every class. A substitute even joined in one time.

  • Turned the screen upside down with the keyboard shortcut (whatever it is)

    A friend of mine just opened up the Spanish teacher's tower while she was out of the room and stole her RAM. He was in IT and was the student assigned to try and fix it too, which was hilarious.

307 comments