When I was in high school I got to go on a group tour of the local TV station. The TV station would indicate indicate school closures on the air when there was snow.

This kid in our group found a piece of paper during the tour describing the automated phone system IVR for calling in closures. He memorized it and went home and closed school the next day. Unfortunately they caught it at the last minute and he got in mega trouble, but that guy had balls. What a hacker.

This reminds me of a few other school incidents.

One guy changed his grades in the database, got caught.

We took final exams online via our school's self-hosted Blackboard, which was always "overloaded" during exam time. Come to find out one of my friends didn't study and was sending out deauth packets to continually kick everyone off the network. Exams were delayed, not caught.

Somebody remote-desktop'd into the "criminal justice" class and wrote "fuck the police" on the teacher's screen. 馃槀

Follow

I want to hear your school hacking stories.

Web 20 4 5

There was one really obnoxious guy in college that was trash to me and others in high school. He always wore headphones through class, so I would SSH into the Mac at his desk and run "say" to talk to him. He was freaked out that the machine was talking to him and nobody believed him, since he had headphones in.

I also tediously figured out the Mac OS commands to take a selfie of him with the webcam and set it as his desktop background, all over SSH.

@winduptoy Not really a hacking story but I found a way to view the contents of other peoples folders via the file browser within Macromedia Dreamweaver. After browsing around for a while I found a folder on the domain admins PC that contained some scripts and used one of them to turn off the schools network switches. He was not happy but also couldn't find who had accessed the file. There was an assembly where he asked the culprit to come forward and when no one did he just kinda dropped it.

@winduptoy In high school (late 90's) we had a "homework hotline" that students could call and input a 5-digit code for a teacher to hear a recording of that day's assignments (in case you forgot what they were).

Someone in class figured out that recordings were updated by just punching in the 5-digit code in reverse and speaking into the phone.

For the next several weeks kids took turns doing impressions of our teachers and recording dirty messages, until they changed the security mechanism.

@winduptoy (I guess that's more like lightweight phreaking than hacking :) )

@winduptoy changed my grades on the school system. Had a feeling we were using Lynx 480z. Got caught. Got banned from using the computer lab after that.

@winduptoy not hacking, more like a security problem, but a 21yo me felt like a hacker. I noticed that the schools computers had pretty fast speed, but the wifi or the eth connected to our personal computers was slow and couldn't use some services. I copied the mac address from a school pc and instantly the internet speed was awesome, even all the ports and services where unlocked.
That was not everything, something was trying to access my computer through ftp, user root and a password in plain text, i tried it on a school computer and... well, thanks for all that info! xD

@winduptoy when I was 12 I really wanted to hack into my school's wifi.
And one time I noticed that it had enabled WPS, so i just bruteforced the pin using some app.

Then I tried to sell the password to people for like 30 cents or smth.

I also used to use an app "netcut", that cuts internet to a choosen or all connected devices.
So for example when teacher wanted to give me a bad grade, I just cuted his internet connection so he couldn't enter it into the system.

Good times.

@winduptoy oh shit, I forgot that "cut" is irregular.
Ofc the past form is also cut

@winduptoy that's what happens when you write posts right before sleep

@winduptoy give me a few hours, i have a couple of stories to share鈥 haha鈥

@winduptoy This was a fun one: our Mac lab had At Ease which only let you run a hand-picked selection of programs, and for floppy disks you could only open docs (no programs). I found that it checks based on 鈥渃reator code鈥 (which is a 4-letter code for the application鈥檚 鈥渋d鈥 basically). I would change a game (Bolo) to have the SimpleText creator code so it wouldn鈥檛 get blocked from launching. But it wouldn鈥檛 show in At Ease鈥 so I used HyperCard鈥檚 鈥渙pen鈥 HyperTalk function to launch the game! 馃槆

@amatecha hah, nice! The Windows XP laptops in my high school had whitelisted program names, so renaming Halo or GTA: San Andreas to "WINWORD.EXE" was enough to make them work!

@winduptoy I got banned from the school library for browsing the local HDD with file:/// 馃槄 They didn鈥檛 understand I was just using the program鈥檚 official features. Not my fault they for some reason enabled Netscape on computers that didn鈥檛 even have net access! 馃お

@amatecha @winduptoy lmao I got banned from my school's computer networks growing up by using SSH tunnels to home to bypass the stupid firewalls (that blocked absolutely anything and everything).

the IT director moved to expel me from the district completely, IIRC the response from the district was to the effect of "if this kid can get out of your shit over SSH that sounds like a you problem bud"

@winduptoy at the end of the 90s, my friend was faffing around in irc during a programming lab when an fbi.gov account joined the channel to say "be good, we're watching you and we see everything".

whois, nmap, late-90s-anonymous-ftp and he was scrolling through dull-looking file listing.

The following day, he was met at the lab by the program coordinator and an agent or two from each of CSIS, the RCMP, and the FBI, and he had to show how he "hacked a *highly secure* US gov't server".

@winduptoy Some idiots ignored the warning that they should not plug in routers to the dorm network, this caused a DHCP race. I did some ARP trickery to log into each of them (a lot of them had bad default passwords) and posted screenshots. I think they stopped by the end of the week.

@winduptoy I also netdiscover-ed the network and found the newly installed IP camera. I could have uploaded a new firmware or anything, it had no auth. I reported it and they secured it.

@winduptoy

Our sys admin wrote an obnoxious script to show an alert every 30 seconds 鈥測ou have accessed an unauthorized program鈥. You had to restart the computer to make it go away

you would open a forbidden program like Terminal or Disk Util and put the computer in a 鈥渘ag loop鈥 on the unattended pc of your friend

in the mid 00s Mac OS X was updated to include Front Row. This was great news since you could open it via a key combo. So you could reach over and nag-loop with the victim present

@winduptoy in college, someone found the patch bay for the dorm ethernet. the ports were old in the rooms and some failed so rather than some people having internet some not, the school IT unplugged the ethernet for all dorms in the patch bay and made the building 鈥渨ifi only鈥

Upon discovery of the patch bay, my RA bought 30 patch cables for his residents, connected up the ports and some 90% worked. so we were gaming with better ping than the other floors for the rest of the year

@winduptoy

both if these stories I have written are good anecdotes about physical security

if they had secured the IT closet better, they would have enforced the 鈥渨ifi only鈥 policy

and, you have to realize in a public place that any adversary may be able to put your security in a bad state by a stray observation or by a single keystroke (watch over your shoulder at the airport etc)

@winduptoy We had a guy get admin access to the entire school system's network. He never really told us how, just showed him logging on (and I don't think he's the kind of guy to fake something like that).

I bet he changed his grades :P

@winduptoy Low effort, but our high school computer lab ('90-'92) had an ancient (even at that time) printer that would actually beep if you sent ASCII 07 to it. Actually not even a beep, like a weird little horn honk sound? Kind of? You could get long uninterrupted honks by sending it a whole stream of 07s. We once used this power to bewilder a substitute teacher who happened to be standing next to the printer as it began spewing forth volumes of tractor-feed paper while honking.

@winduptoy in high school i used to constantly play minecraft at break times, often i'd join gur lan games with gur people playing next to me and sometimes setup lil battle arenas for other people to join,

they "banned" minecraft by making gur directory gur launcher put files into unaccessible, i read gur launcher error code, looked it up, went home and modified gur launcher to use a folder on my usb drive, it worked and proceeded to hand out copies to everyone i played with :D

also gud thread

@bx hah, yeah we could rename anything to WINWORD.EXE and it would run!

@winduptoy oh my god that's gold, they actually stopped us from running .exe files but .jar files were completely allowed, what's special about WINWORD.exe ???

@bx there was just a basic whitelist of programs that could run, no other heuristics of which programs were allowed. WINWORD.EXE is the name of microsoft word, obviously on the whitelist. I'm sure NOTEPAD.EXE would have worked too.

@winduptoy the media lab computers had a monitoring tool on them that could be disabled with just a 鈥渒illall鈥 in a loop

@winduptoy They used WEP on the wifi network, so I sat outside with my laptop one evening and cracked the key. Used it on my laptop and phone for the year I had left, never got in trouble, but gave the key to a good friend who somehow got busted for using it. 馃槄

Sign in to participate in the conversation
Merveilles

Revel in the marvels of the universe. We are a collective of forward-thinking individuals who strive to better ourselves and our surroundings through constant creation. We express ourselves through music, art, games, and writing. We also put great value in play. A warm welcome to any like-minded people who feel these ideals resonate with them.