At my school, we quickly discovered that the admin password for all the networked printers was the name of the high school. All these HP laser jets had a function where you could upload custom translations for the status messages on the printer displays. So we downloaded the English string set (XML) and made some changes, “translating” for example, “Printer Ready” to read “Paper Jam”, “Replace Toner” and so on. As well as changing the admin password. The school actually RMA’d them back to HP thinking the paper jams were some sort of actual defect, as opposed to an altered status message, and eventually replaced them all with Brother printers. Oops lol

for several days in a row i’d get to class before the bell. the teacher would hang out in the halls.

i’d hop on his unlocked PC, open command prompt, run shutdown /r /t 600, minimize the prompt, and walk away.

he’d be mid attendance and his computer would reboot on him. a few days in he stepped into the room mid me typing the command. he was madder than i expected, but just “yelled” at me.

When I was in middle school in the mid ‘90s, the school library decided to go digital. They installed a bunch of computers with what they called “a boolean search system”. For the first time, you could search for a book by topic in the library and, after a bit of a wait bc computers were pretty slow back then, you’d get a list of results.

Well, us being kids, on the very first day, somebody decided to search for “book”, which of course matched every single book in the library and therefore created enough system load to lock up those poor mid-‘90s computers to the point that they required a hardware restart. IIRC this system was on some kind of a network too and I believe it would also lock up the network such that the other computers couldn’t use the system either. I didn’t know much about such things at the time.

Anyway, word got around immediately and so every single time a class came to the library, somebody would search “book” on a computer to see what would happen and lock up the whole system for hours. This went on for weeks with the punishment for searching “book” on the “boolean search system” becoming more and more severe, and then I moved to a new state so I unfortunately do not know how this story ended.

My school had a web filter to block YouTube and various other sites that they didn’t want students to go to. On the block page, there was a “report site blocked incorrectly” button, as well as a password override for admins to do a one time bypass.

One of my classmates registered a domain that all it did was log the IP address of whoever visited it. He then attempted to visit the site from class, it was blocked, and he clicked the report button. Later on one of the IT admins reviewed the report to see if the site should be unblocked or not, by visiting the site. My classmate then had the public IP address of the IT admin.

This IT admin must not have been very good, because he had a password unprotected, open, telnet port pointing to his computer. So we were able to telnet into his PC and poke around. He had an Excel file on his desktop with the web filter override passwords for every school in the district. That Excel file was promptly shared to as many people as who asked for it and we thought wouldn’t rat us out.

We gloriously had unrestricted Internet for several months before the teachers caught on. We were told that anyone who used this password would be found out, and that the school was going to have a “volunteer” community service day for 4 hours on Saturday, picking up trash around the school. Anyone who attended would be pardoned for using the password, anyone who didn’t attend and who was found out for using the password would have been “punished” (very ambiguously defined). I did not go to the volunteer day, nor was I punished in any way. I do think that it was just a bluff and they didn’t have good enough logging to tell who actually used the password.

A teaching seminar was held in one of the classrooms that I took a class in. Students came in the next morning to see a username and password on the whiteboard. It didn’t take long for us to test it on school computers.

The account had admin level access and could go into any student’s directory. This led to rampant cheating on homework and labs.

I used it on my physics labs in senior year. I, and a few others, were caught and had to make up a few of the labs in the early morning in order to be able to take our finals. Also had detention for weeks.

A year later, after I had graduated and was in college for CS, I applied for a job at the school as a system administrator. The guidance counselor was in the room when I was talking to the IT admin. When I left, she brought up how I had broken policy and accessed files via that breach. The IT admin found me in the hall and asked me about it. I explained that I had taken my punishment, made up the labs, and didn’t feel that it would affect my work at the school, but would withdraw my application anyway.

Create a folder with intriguing name on desktop, take screenshot, set screenshot as wallpaper, delete folder. (Didn’t everyone?)

Take a screen shot of the desktop. Set that screen shot as the desktop background and delete some of the icons/shortcuts.

ITT: people admitting to violations of 18 USC 1030, which is a terrible law that is way too vague.

Gained access to the school’s domain admin account and fucked with th teachers remotely via Tor.

Wanted to access the teachers calendar because he was a fucking Nazi and stumbled upon VPN credentials to a government-run education network and could’ve leaked hundreds of thousands of pupil’s personal data and school grades but decided against it and shared with admins how I got in and told them how to fix it. Never got into his calendar though. 😶