When I was at college back in the 80's we had access as students to the college's VAX 11/750 (an 8750 Systime clone) to work on our coding projects. The student terminals were on one half of a large divided room, the other half being used by the college IT folks. Often, if there wasn't a spare terminal on the IT admin half of the room, one or two of the IT folks would use two of the nearest terminals just over the divider.
One day, bored out of my mind waiting for my COBOL project to compile, I wondered if I could capture the sys admin's username and password. I wrote a script using the CLI to perfectly simulate the login prompt complete with beeps, messages and all. All it did was clear the screen, sit there waiting for user to enter their username and password, when they did the script would mail me said username and password, display a username/password error then logout to the real login process.
After trying the script out on a couple of unsuspecting classmates and having a bit of anonymous tomfoolery I decided it was time to try this out for real with the sysadmins. I logged into both terminals the IT folks normally used and left the script running. A few hours later I returned and to my surprise and mild anxiety I found out that I'd captured the SYSTEM login password :o. For about a month or so I'd full control of that machine, and would re-run the script occasionally whenever the SYSTEM password changed. I told no-one and on my last day at college logged in and deleted the script, just in case (this was around the time the law in the UK was getting a bit heavy with regards to unauthorised computer access).
Combined with access to the huge set of manuals for that machine I spent a heap of time exploring and learning about VMS and no-one had a clue.
This was how I gained full sysadmin access to our college's VAX 11/780 mini computer in late 1986. This machine ran pretty much everything from accounting to exam marking. There were three terminals that the admins would logon to pretty much regularly on the "student" side of the computer room. I knocked up a script to run on these three terminals that looked exactly like the standard login and mailed me the credentials entered before displaying the standard "incorrect username/password" (and then silently logoff). The risk for me, had the IT team been a bit more up on their game, was spotting my account being logged into these three terminals for long periods of time with me no-where to be seen :)
I kept silent about this until years afterwards for fear of being chucked out of college, which to be honest would've been a good thing seeing as the course was a waste of time.
At college, we had AIX Unix terminals that ran in character mode. I wrote a program to simulate the login screen. It would record your user/password to a file and then throw an 'Invalid Login' error and then actually logoff and give you the real login screen. So no one suspected anything.
After I was done with a terminal, I'd run this program and leave (knowing full well, that someone could Ctrl-C to terminate the program and get access to my account though no one ever did)
I got more than a few passwords with this. But didn't actually do anything with them. I felt bad and deleted the program and passwords after some time.
Since I was at college in the second half of the 90s, we still had unix text consoles for reading emails so my favourite prank was to tell others in my dorm that I had worked out how to remotely log in from the dorm (we had to use a computer room back in them days!) and with my 10 line Turbo Pascal program created a fake login screen like looked identical to the normal one. After capturing a password, I would explain to each person that maybe it wasn't quite working so "sorry", so they were none the wiser that they had given me their passwords.
I didn't do anything with the passwords, it was just interesting how easy it was to get away with.
The standard ploy for a room full of terminals was to write a program that presented fake login and password prompts, collected the data, then printed whatever the standard "wrong password" message was, then exit.
Someone was discovered to be collecting passwords that way on our universities VT terminals (I'm old enough that at Uni plain text terminals were still a thing, though they were generally used just as terminals for email & such when the lab rooms full of PCs were fully occupied) by leaving what looked like a login prompt on-screen. Someone with much tech knowledge immediately saw it wasn't quite right (that is how the issue was found) but these were terminals used by the general populace not just us CompSci students so the vast majority of the users were not at all technical (what we might assume almost everyone knows these days was still new fangled magic to the average student back then, for many arriving at Uni was their first encounter with having an email account for instance).
To my knowledge they never worked out who did it, or how long it had been going on for other than “may have been months”, because the fake login app would exit and logout after sending off the captured credential, and next time it was run it was done from one of the captured accounts, so only the very first capture would have been done by the culprit's own account (even that maybe not if they'd guessed or stolen a password by other means first). Captured credentials were sent to a popular high volume usenet newsgroup so they couldn't track who was reading the result that way. Also, no evidence of the attacker actually using the compromised credentials for anything else, so it was possibly someone “playing” to see what they could do rather than a more malicious intent.
It became standard practise (“enforced” by notices in large all caps text) to reset terminals before logging in to be more sure that was a real login prompt.
Speaking of interaction with the admin. Back in the days when I was in school, the computer lab ran a Honeywell mainframe with terminals. I wrote a program emulating the logon screen to intercept the username and password of the unsuspecting students logging on and to email them to me. I was going to post the list of all the usernames and passwords at the end of the semester on the wall. I dubbed it the Fishing project with my friends (yes, that's before all the phishing activities went rampant).
I collected dozens of usernames and passwords before the professor of my CS class stopped me one day after class and said, you better stop whatever you're doing. Apparently the system saved the typing of all sessions and the admin actually went through all of them.
The next semester all the terminals had a physical switch installed that had to be pressed to reset the terminal before logon. That killed any running program. I was glad to play a small part in improving the security of my school lab.
That brings back memories, I did exactly the same too. The logins were shared with the Windows machines so after nabbing the password of our maths teacher, a few friends and I went through his account vandalising his PowerPoint slides to add subtle nonsense. Poor guy didn't know what on earth was going on during his lectures. Also found out the 'debug' login for the switches and used it to rather destructively mess with the network, much to the chagrin of the sysadmins. Good times!
Mine were in the early 2000s. Back then, the computers at the lab at my uni were not very powerful, so people would do work at a Linux console, saving themselves the hassle of running a bulky X session.
Some time around 2001 I read the console_ioctl(4) manpage and found it replete with prank possibilities. I wrote little programs that would flip the console font so that all the characters were upside down; or swap capital letters with small letters, again by way of manipulating the font; or flash patterns on the keyboard LEDs; or fade to black and back by manipulating the palette.
I then added a server component so that I could leave it running at an innocuously-looking terminal, wait for a victim, fire up these effects remotely from another box in the same room, and watch what happens. Fortunately, I soon discovered that the coding part was more fun than the watching-people-slip part, so I gave up on the latter.
Another prank I used to do was simulate a successful root login on these terminals by just typing in what would be printed, including the motd, at the getty login prompt, simulating newlines with tabs/spaces (and never ever pressing RET), ending in `[root@mailhost root]# `. Then, again, step back and watch what happens. Some people would curiously type in `whoami` and be puzzled why they got a password prompt; some would step back in terror without touching anything, switch terminals and email the sysadmin.
At school we had a network of Acorn Archimedes machines. We all had space on the file server, which the grumpy admin would search through regularly. There was an autorun feature in RiscOS which allowed a hidden script to execute on opening a folder, eg my network folder. It just so happened that passwords were stored unhashed, so I had everyones passwords appear in my folder one day. I must have been 12 or 13, as my family relocated when I was 13.
At the new school they had the same machines, so I put my knowledge of the platform to good use. I wrote an app which played a sound sample of a loud obnoxious burp at random intervals during class.
At college they had a Novell network. The login was a simple text prompt, which I discovered called in to a novell DLL. I wrote my own substitute login command which also saved the password to local disk somewhere, and replaced the default version on a few machines.
In both cases my reaction was the same on discovering my password hacks had actually worked. I crapped my pants and covered my tracks!
By the time I had started uni, I had largely grown out of that stuff. But something triggered a latent interest I had neglected for too long... the campus accommodation was based in tower blocks, with an entry intercom system. I noticed 4 very quiet dtmf tones whenever buzzing my friends apartment. I can't remember how I did it, but I found a way to get a dial tone and to my delight, 9 for an outside line worked fine using the type of handheld dtmf dialer banks used to give out.
Long time ago I wrote a small program that would mimic the entry point of a DEC terminal server, slow baud rates screen refresh and all, and with the permission of the computer lab manager I installed it in a few PCs, next to the original dec VT terminals that were actually connected to the server.
It didn't save any passwords or such, just display some random funny non-sense message to the user after s/he inserted login and password and then loop back again to the login prompt with a failed error message.
Even with this obvious message that would warn an alert user for the suspicious terminal, we (my friends and the lab manager) got a few laughs when people coming to the lab and finding all the VT terminals taken would use the PCs to login and tried several (many!) times until giving up, at which point we would tell them the truth. Mind you, these were people comfortable with VT terminals and unix cli and somewhat computer savvy!
My first year of computer science, I was bored in the labs one day working on a basic Pascal programming assignment. Back then, our university had a VAX mainframe system that everyone worked on (staff and students alike).
I logged off my account, and then just for the fun of it, decided to log back in using my course unit (INF180) as the username and password.
Lo and behold, It let me in. As the course administrator. I could see student records and past assignment gradings for everyone else on my course.
Looking at the folders, it seemed that future assignments etc. were also stored within that account. I didn't go any further. I simply logged out and stayed quiet (and uneasy) about the whole thing. I was too scared to report it in case I was thrown off the course for 'hacking' the system.
A few years later (after I had well completed my studies), I was helping a friend in the same labs with an assignment. I wondered if they still had the same flaw, so I found a spare workstation and tried the same trick, but it wouldn't let me in. Glad they fixed that loophole.
I once wrote a memory resident keylogger back in high-school to catch the lonely sysadmin's network login. Not that I knew what to do with the login, I just wanted to prove to myself that I could.
I got plenty of logins, but not the one I wanted. Until a friend looked over the sysadmin's shoulder. I lost interest right there, but my friend went on to wreck the entire network by mistake and barely escaped paying for the whole mess.
Have to give some credit to the sysadmin for the catch. To figure out who was messing with his stuff, he put a program that emitted a high frequency tone through the PC-speaker in his login script and sat down next door to wait for my friend to take the bait.
Did the same thing in high school hijacking the remote management software to log into machines and mess with people.
The password was stored in plaintext in the config file on every machine. They kept changing it but couldn't figure out how we'd instantly find the new one.
Shared computer labs were dead easy to scrape account info from. Since the terminals were text, it was easy to code up a password scraper. You write a program that faked the login and password prompts, record the data, say "password incorrect", then exit, at which point the real login daemon would take over. Cliff Stoll's "The Cuckoo's Egg" describes this pretty well.
Then I had to learn how to write memory resident keyloggers, and even that didn't help us catch the sysop password.
What did eventually help us cause a lot of trouble by mistakenly tearing down the entire school's Novell network and forcing them to rebuild from backups, was sneaking up behind the sysop while he was logging in and looking over his shoulder. I would have preferred one of the other solutions.
In return, the sysop used a similar technique to catch the guilty ones, by putting a PC speaker buzzer in his own login script and patiently waiting next door until we logged in to see the result.
Our high school network ran on Novell NetWare, but I wasn't anywhere near smart enough to crack anything so I just wrote a little program in QBASIC that looked like the NetWare login prompt which rejected all login attempts but dumped what was entered into a text file, and left it running on one of the PCs in the computer room. It wasn't even a compiled program, it was just running inside QBASIC's IDE.
Yet it was running for three days before the admin got around to checking the machine, and all he did was try to log in, failed, and rebooted the machine — bringing it back to the real NetWare login screen. I got his password and pretty much everybody else's too, and to this day, more than 20 years later, I still use bits of his admin password from time to time when I'm creating temporary accounts.
I graduated high school in '92 and since my systems at home were better than what we had in our labs, I gravitated toward exploring the local University networks. You could dial in to a terminal and then connect to any of the local machines. Most were VAX/VMS or Ultrix systems. The VMS systems all had open GUEST accounts that were limited, but allowed you access to BITNET. I managed to chat with Taran King, who was co-editor of Phrack at the time, a few times over the BITNET chat protocol which was great fun.
However, my actually hacking life started on the Ultrix systems. I don't remember how I first had access since I don't think it allowed Guest logins, but I discovered a great hack: all of /dev/tty* was word-readable until someone fully logged in to a particular port at which point it was only readable by the user logged into that port. so every few hours, I'd just "cat /dev/tty* >> passwords.txt" and harvest logins for everyone who logged in during that time. I had some fun with one of the admins for awhile having unknowingly logged into his account. We chatted a bit and he was a good sport about it, but the hole was patched a few weeks after. I never knew if it was already a known issue or if I was actually the only one who found it.
A friend wardialed a system that appeared to be a Dept of Transportation front-end to the brand-new digital readerboards along the Interstate. Let's assume we never actually changed any text, but I cracked the password, TRAFFIC, on the 3rd or 4th attempt. Good one, guys!
Exploring random address on TELENET dialups was a blast as well. Most were very secure since they'd been well-picked, but every so often you'd find some interesting terminal and start poking around figuring out what it responded to and how to navigate deeper.
Don't get me started on the first 2600 meetings in Seattle. Some very prominent people in the tech/hacking space now were pretty sketchy back then.
I did the same thing, only my program pretended to be a DOS-based Novell Netware login screen.
It was just a simple QBASIC program (that's all that was available on the Computer Room machines) running under my own login, which would write usernames and passwords to a text file in my user directory. I figured that I'd harvest a few passwords until someone got frustrated enough to call for the IT admin, at which point he would try to log in and reboot the PC when it failed, apparently "fixing" the problem and erasing any evidence of my dastardly crime.
I was right, and for a few glorious days I got away with it... until one particular arsehole picked on my best friend during recess, and I used his stolen credentials to log into his account and trash his files.
Long story short, I ended up getting expelled, which by a curious confluence of events put me on an unorthodox path that completely changed my life. Funny how things turn out.
I was in a sys admin class with a friend of mine and we both had access to the same machine to work on our assignments. I aliased each and every common command to `sl -f` on my friend's user as a prank (he never actually logged in as it turns out). However, my instructor, while projecting his screen to 150+ students (and recording) picked our box and my friend's user to use as an example. My instructor was flabbergasted for a few minutes and the class got a kick out of flying trains. :D
When I was at college back in the 80's we had access as students to the college's VAX 11/750 (an 8750 Systime clone) to work on our coding projects. The student terminals were on one half of a large divided room, the other half being used by the college IT folks. Often, if there wasn't a spare terminal on the IT admin half of the room, one or two of the IT folks would use two of the nearest terminals just over the divider.
One day, bored out of my mind waiting for my COBOL project to compile, I wondered if I could capture the sys admin's username and password. I wrote a script using the CLI to perfectly simulate the login prompt complete with beeps, messages and all. All it did was clear the screen, sit there waiting for user to enter their username and password, when they did the script would mail me said username and password, display a username/password error then logout to the real login process.
After trying the script out on a couple of unsuspecting classmates and having a bit of anonymous tomfoolery I decided it was time to try this out for real with the sysadmins. I logged into both terminals the IT folks normally used and left the script running. A few hours later I returned and to my surprise and mild anxiety I found out that I'd captured the SYSTEM login password :o. For about a month or so I'd full control of that machine, and would re-run the script occasionally whenever the SYSTEM password changed. I told no-one and on my last day at college logged in and deleted the script, just in case (this was around the time the law in the UK was getting a bit heavy with regards to unauthorised computer access).
Combined with access to the huge set of manuals for that machine I spent a heap of time exploring and learning about VMS and no-one had a clue.
reply