Did the same thing in high school hijacking the remote management software to log into machines and mess with people.
The password was stored in plaintext in the config file on every machine. They kept changing it but couldn't figure out how we'd instantly find the new one.
I must have gone to a great high school. I actually hacked our systems a few times.
We used a piece of software to lock down the PCs, IIRC, called Fool Proof. I'm not sure if it was supposed to be ironic, because it didn't take long to figure out that it kept the clear text admin password in swap. The machines didn't have BIOS passwords, so it was pretty easy to boot into a hex editor and dig it out.
When my teacher found out I did this, he praised my ingenuity and even got me involved in vetting alternative options, despite the fact that I had been handing the password around to friends like candy.
When I was 11 or 12 we had a bunch of old Windows (2000?) boxes with a shared network folder — all the students' files were in the same folder. I had just learned about basic batch file "programming" so I made one called Change Your Grades Click Here!!.bat which asked for your username and password (we had individual accounts on the Mac computers) and saved them to a hidden text file in the same folder. Most people didn't fall for it, but I got one girl's login that actually worked, which scared the shit out of me, and I deleted the program. (I really wanted to tell her that "emma" is not a good password, but I thought it wouldn't turn out well for me.)
A few years later, I cracked the admin password (with a Ophcrack live USB) for a silly reason: they had the machines mostly locked down, and I wanted to change the desktop background hahah. I remember being quite disappointed in the sysadmins that the admin password for all the machines in school was a common dictionary word, cracked in 30 seconds.
Oh, once I met a guy who identified as a "hacker" (in the sense of breaking into systems illegally) and he told me (then a young teen) to "have my fun" before I turned 18 and then to stop, which in retrospect was very good advice.
That brings back memories, I did exactly the same too. The logins were shared with the Windows machines so after nabbing the password of our maths teacher, a few friends and I went through his account vandalising his PowerPoint slides to add subtle nonsense. Poor guy didn't know what on earth was going on during his lectures. Also found out the 'debug' login for the switches and used it to rather destructively mess with the network, much to the chagrin of the sysadmins. Good times!
In high school, we had laptops provided by the school and imaged by the IT department, who had logged into them. All we had to do was use a tool to recover the Windows password (yeah I know, skiddie, etc.) and we could login as IT admins on any computer on the domain.
Was pretty innocent about the whole thing, changed a few backgrounds remotely, and sent messages and shutdown people's computers in class remotely. Unfortunately I changed a default Windows background image, which meant it showed up something unsavoury for everyone who logged in, and got caught, copped detention and a many, many page letter about how I shouldn't do it.
that's how I got in trouble for hacking in high school; used our pascal IDE (in DOS) to make a perfect replica of our fancy ASCII login. It would capture your username and password, and then spit you back out to the real prompt. I only got caught because I kept all my stolen logins in my home dir, in passwords.txt.
I talked the teacher into canceling all of my detentions in return for showing him how to secure his bootdisks. Man, kids today would just get expelled or go to jail. I'm glad I grew up when I did.
In high school, I wrote a program that drew a realistic picture of our login screen, with two real inputs for username and password. No matter what you typed in those boxes, my program would save it to a text file in my home directory, and then log me out, which would instantly display the real login prompt.
I didn't have any real reason to steal everyone's credentials including the teacher's, but it was fun. And I would have gotten away with it, if I wasn't storing the output in a file called stolen_passwords.txt!
I got busted, and the teacher said I could either take 23 saturday detentions, or help him fix the login screen so that my attack wouldn't work anymore. I made an honest effort at the latter, and he let me off.
School Passwords: I was 14 I think, coded up a basic popup box in VB saying 'Please verify your username and password', the input was sent to a txt file and there was a nice little Netscape Navigator icon to make it seem legit lol. I had the .exe running on startup on maybe 2-3 computers. Over 1 week I had hundreds of passwords including the network administrator pass. :D
I think I did you one better. At my high school, the student computers in our dorms (yes, a weird high school) were on the same network as the computer lab computers. To log onto a computer lab computer, you put in your username, password, and the domain name (STUDENT). We set up a computer in our room named STUDNET and changed a few login boxes in the computer lab to log into STUDNET instead of STUDENT. Several hours later, we had several accounts. Oh Windows 98, how I love thee...
The printers were also on this network. They were all HP printers, they all had the control port open (9001?), and they all had the a DNS name in the form of "...-printer.imsa.edu". A brute-force search of our IP space gave us the IP address of all the printers, and a quick shell-script later, the printers' ready message became "OUT OF WATER" instead of "READY". Every printer on the entire campus, all at once.
Oh, the chaos this caused. Upon walking into the main building, several teachers immediately just had to show me this weird message on the printer. "The one in my office is like this, and so is the one in the computer lab. It's so crazy!" I especially loved watching several PhDs in the math department calling HP to ask where to put the water in. People were talking about this for months, and I don't think anyone ever figured out that it was me.
So yeah. Changing the ready message on HP printers is my favorite hack, and it still probably works.
I remember cracking the password from a Windows system in high school. There was a centralized login mechanism using Novell but everything was cached locally. So you could boot a Linux CD and copy the password file to a memory stick, and crack at home. I think I used lophtcrack? The head admin account for the entire school district (basically root) had the password “north”. It took like a fraction of a second to crack. It was so simple that for weeks I didn’t even believe it to be true, and didn’t realize the name of the account was an admin.
I was expelled a few months later for all the fun I had after discovering this. Good times.
My entire school district was in the same domain/workgroup and so I remember sending a net send to literally every computer on the network, 4 high schools (mine had a population of 4K students), 3 middle schools and a dozen elementary schools. The IT department came running into the computer lab to figure out who had done it. I simply closed the window, switched back to MS Word and played dumb. Good times.
A few months later I got expelled for some Novell netware breakin shenanigans but that whole experience was well worth it. I had been booting into slax and stealing SAM files from shared/library computers and then cracking them at home with lophtcrack to figure out passwords. The top level system admin had a 5 letter dictionary word, “north” as his password. I had keys to the kingdom. I’d shut systems down all the time for fun but never broke a thing. They tried to throw the book at me but fortunately it all fizzled out in the end.
About two years ago, I was in high school and decided to, as a joke, “hack” the computer. By logging in as admn:password. I was incredibly surprised when it actually ended up working as a domain admin account. After checking this, I immediately signed out.
When my CS teacher filed a ticket asking “who has the user account ‘admin’ and why is the password ‘password?’” IT wanted to revoke my network login and probably put me in ISS for a few days. Fortunately, my CS teacher didn’t reveal who I was.
Very glad IT at this person’s school took it in stride, unfortunately this was just the MO of IT in my district.
At school we had a network of Acorn Archimedes machines. We all had space on the file server, which the grumpy admin would search through regularly. There was an autorun feature in RiscOS which allowed a hidden script to execute on opening a folder, eg my network folder. It just so happened that passwords were stored unhashed, so I had everyones passwords appear in my folder one day. I must have been 12 or 13, as my family relocated when I was 13.
At the new school they had the same machines, so I put my knowledge of the platform to good use. I wrote an app which played a sound sample of a loud obnoxious burp at random intervals during class.
At college they had a Novell network. The login was a simple text prompt, which I discovered called in to a novell DLL. I wrote my own substitute login command which also saved the password to local disk somewhere, and replaced the default version on a few machines.
In both cases my reaction was the same on discovering my password hacks had actually worked. I crapped my pants and covered my tracks!
By the time I had started uni, I had largely grown out of that stuff. But something triggered a latent interest I had neglected for too long... the campus accommodation was based in tower blocks, with an entry intercom system. I noticed 4 very quiet dtmf tones whenever buzzing my friends apartment. I can't remember how I did it, but I found a way to get a dial tone and to my delight, 9 for an outside line worked fine using the type of handheld dtmf dialer banks used to give out.
My freshman year of high school we had similar access. Mostly used it for auto-installing Doom on all the library computers at once every time the poor admin went through each computer and manually deleted it.
One friend wrote a fake login program that would immediately quit and run the real login program so we could collect credentials.
Another friend got in real trouble though, supposedly for either trying to or actually changing grades. I knew we could get in trouble. But I also never would have considered doing anything other than pranks.
Of course, even pranks can be dangerous. One of my friends found an open mail server (not that there were any shortage of those at the time) and sent some prank emails that could have gotten him in real trouble.
We had Windows machines in around 94. They booted to some kind of menu where you could do various things I don't recall...and boot Windows. There was a problem with my friends machine one day and I saw the IT admin type a ludicrous single character username and password to get into this boot menu.
So I used it to have a look around and change the startup message to insult a friend. Then I told him how...and he told everybody. Next day all of the machines had obscene messages, and someone was caught doing it, they said my friend told them, and he told them that I told him. Thanks buddy.
I remember being terrified as I told the deputy head how I 'cracked the code', but I think I just got a detention.
I also made a password logger in high school (like presumably a great many bored kids). The network was all DOS machines where you used a command line tool to manually log in to a Novell server. There was no security in that system, so I wrote a simple wrapper that looked like the Novell login tool, saved the passwords and then shelled out to the real thing to provide access.
I didn't use the passwords for anything... But there was a guy in another class whose password was the name of the girl on whom I had a crush too. Illicit knowledge bred jealousy! Neither of us ever got the girl.
Hazy memory but I forged the NetWare login screen to grab admin password then replaced the original login process with one that logged all logins. Was a moron and left a printout somewhere and I was the first suspect. Had a good relationship with the compsci teachers so I somehow ended up getting a shared office and got paid by the school to secure their systems.
Exact same story. I was having way too easy a time in my comp sci class in high school, so I wrote a program that simulated our login screen, saved whatever you typed into the box to a text file in my home dir, gave the "bad username or password" error, and then seamlessly sent you to the real login screen.
After a week, I'd stolen the credentials of everyone in my class and the class after mine. And then, I did... nothing with it, because I was already able to finish the homework in class and had a high grade.
The teacher busted me because I had a file in my home dir called stolen_passwords.txt. But instead of punishing me, he made me help him patch all the security flaws I'd exploited. It inspired my decision to go to college for comp sci. Best high school teacher ever. (a few years later, I had graduated with a comp sci degree. and he was trying to recruit me into selling amway. oh well.)
I discovered that I could use VBA from Word to shell out to cmd bypassing all of the security. This opened a world of possibilities...
This being the era of AOL punters I created a neat VBA utility in a Word doc to that used netsend to spam other computers in the school. Shared the file widely.
Then I used the technique to explore the network... eventually was able to use net use to connect to a remote drive in the school administrator's office where I found a text file of every student birthday, home address, and SSN... which I then could use to sign into anyone's account (password was derivative of name and SSN).
Culminated with pwning a school rival by putting all his files in a password protected zip on the desktop and dropping a batch file in his startup folder that printed a text file with the password to the printer when he logged in.
I had a similar experience but amongst other things I got everyone's passwords and figured out how to bypass / control this weird bookshelf launcher whose name escapes me now. The head computer teacher found out but didn't make a big deal about it. Instead, me and a friend ended up getting hired by the school for our last year and got an office with a coffee machine since we were easier to deal with than the school boards IT.
The password was stored in plaintext in the config file on every machine. They kept changing it but couldn't figure out how we'd instantly find the new one.
reply