for several days in a row i’d get to class before the bell. the teacher would hang out in the halls.

i’d hop on his unlocked PC, open command prompt, run shutdown /r /t 600, minimize the prompt, and walk away.

he’d be mid attendance and his computer would reboot on him. a few days in he stepped into the room mid me typing the command. he was madder than i expected, but just “yelled” at me.

At my school, we quickly discovered that the admin password for all the networked printers was the name of the high school. All these HP laser jets had a function where you could upload custom translations for the status messages on the printer displays. So we downloaded the English string set (XML) and made some changes, “translating” for example, “Printer Ready” to read “Paper Jam”, “Replace Toner” and so on. As well as changing the admin password. The school actually RMA’d them back to HP thinking the paper jams were some sort of actual defect, as opposed to an altered status message, and eventually replaced them all with Brother printers. Oops lol

When I was in middle school in the mid ‘90s, the school library decided to go digital. They installed a bunch of computers with what they called “a boolean search system”. For the first time, you could search for a book by topic in the library and, after a bit of a wait bc computers were pretty slow back then, you’d get a list of results.

Well, us being kids, on the very first day, somebody decided to search for “book”, which of course matched every single book in the library and therefore created enough system load to lock up those poor mid-‘90s computers to the point that they required a hardware restart. IIRC this system was on some kind of a network too and I believe it would also lock up the network such that the other computers couldn’t use the system either. I didn’t know much about such things at the time.

Anyway, word got around immediately and so every single time a class came to the library, somebody would search “book” on a computer to see what would happen and lock up the whole system for hours. This went on for weeks with the punishment for searching “book” on the “boolean search system” becoming more and more severe, and then I moved to a new state so I unfortunately do not know how this story ended.

Create a folder with intriguing name on desktop, take screenshot, set screenshot as wallpaper, delete folder. (Didn’t everyone?)

In college we had a Linux computer lab just for CS majors. At the time we had an HP printer that allowed for updating the screen text with a network command.

The computers were never really shut down, so you could just lock it when away. I wrote a script that cycled through various messages like “PC Load Letter” and “Skynet activated, stand by for terminator” with a countdown from 10 to “Terminator Deployed”.

It really confused the lab techs that would help people with printer issues.

Take a screen shot of the desktop. Set that screen shot as the desktop background and delete some of the icons/shortcuts.

They had both NetSupport and DeepFreeze installed. At the time, NetSupport config files could be decrypted with a simply python script, and contained the password. Turns out, it was the general admin password.

So I had admin creds, full control of any PC with NetSupport, and the ability to install anything on a computer and have it survive past a reboot.

What did I do with it? Video games, mostly.

I put tor on a flash drive. It bypassed the schools website blocks, so I could go onto any website I wanted. I mainly just went to YouTube to listen to music while I worked. If I really felt like goofing off, I’d go to friv.com and play a bunch of flash games.

Of course a couple friends had me to go to a porn website, but we quickly realized it was awkward and not as fun to be horny when you couldn’t do anything about it.

netsend

It’s a little command line program included with windows that you can set up to send short messages to computers as a popup box. A lot of printers could use this to tell you your print job was successful, and it was used a lot in libraries and such. And also my high school. They had some cursory protections in place, but if you managed to open a command prompt you could send your own message. You just needed the recipients windows username or PC name… our school used the standard first letter of first name + full last name, even the teachers. So of course, being highschool, this spread like wildfire and there was a whole semester where everyone was abusing it to troll other classmates or interrupt teachers mid lesson. It was also being used as IM/text before any of us even had phones - you could shoot your friend a message to dip out of class or something.

Everything came to an abrupt halt when a guy was dared to run a batch file that was a single, looped, expletive laden net send to a wildcard recipient. It sent the message on repeat to every computer in every school in the district. Every time you hit ok a new box would pop up with the same message. Supposedly every computer needed a hard restart, including servers. Dude got in trouble, and our printers stopped telling us the print job was successful after that.

It started innocently enough, some friends writing simple C programs that would output an ever increasing text file containing the letter ‘a’. This rapidly devolved into a competition of who could output the largest files the fastest.

We had progressed to recursively launching spaghetti programs competing with streamlined data-dumpers until we started to hit storage limits on the central server.

10/10 great learning experience.

I found a blue screen of death screensaver online and I installed it on all the school library computers back my my freshman year.

Discovered that the credentials for the library computers (which were helpfully printed on stickers for the forgetful librarians), were in fact domain admin credentials.

Gave myself a domain admin account, used that to obtain access to some sensitive teacher-only systems (mostly for the challenge, but also because I wanted to know what was going on my school report ahead of time).

My domain admin account got nuked, but presumably they didn’t know who had created it. Looked up the school’s vendor (“Research Machines Ltd.”) and found a list of default account credentials. Through trial and error, found another domain admin account. Made a new account (with a backup this time) and used it to install games on my classroom’s computers.

Also changed the permissions on my home directory so that the school’s teachers (who were not domain admins) couldn’t view my files, because I felt that this was too invasive at the time.

That last bit got me caught proper, and after a long afternoon in the principal’s office I left school systems alone after that for fear of having a black mark on my “permanent record”.