IoT hacking and rickrolling my high school district

Working in IT&#x2F;tech for school district is the worst. My experience from many years ago - around 2002, I think:<p>1. First day on the job, email to boss: &quot;Hey, the computer lab at Springfield High has a ton of known security flaws that are begging to be exploited.&quot;<p>2. Reply, 1 week later: &quot;Sorry, we don&#x27;t have any money for that. Just keep everything up-and-running.&quot;<p>3. 3 weeks later the computer lab at Springfield High got &quot;hacked&quot;. All the computers displayed a popup window that said, &quot;Miss Krabappel is a dyke!&quot; (sorry for the offensive language)<p>4. Next day, email from boss: &quot;The computer lab at Springfield High was hacked! Figure out how to fix this and make sure it doesn&#x27;t happen again!&quot;<p>5. A few days later Miss Krabappel filed to sue the school district. The local newspaper picked up the story.<p>6. Email from boss, in full panic mode: &quot;I need you to figure out who hacked the computer lab at Springfield High so we can report him to the police!&quot;<p>7. A week later an independent consulting firm was brought in to help identify the person behind the &quot;hack&quot;. I heard they were paid $50K and found nothing. However, the kid got ratted out when he told all his friends. (It wasn&#x27;t Bart Simpson! ;) )<p>8. Several weeks later: meeting to discuss working with a consulting firm that&#x27;s gonna fix all the security issues because the current staff (me and my team) lacks the skills.<p>9. About 6 months later, I quit.

Reminds of me my school leaving prank. I rewrote the whole internet on my school&#x27;s computers. Google&#x27;s logo became &quot;Leavers &#x27;08&quot;, Facebook became &quot;Hatebook&quot; and was red, YouTube only played videos of cats, amongst other things.<p>These were the days when nothing had SSL, so you could just intercept and rewrite traffic!<p>My only requirement was: <i>do no actual damage</i><p>It was implemented as a Debian live CD that you could drop into any school computer. It would boot up, then Ettercap would MITM the whole network by spoofing the router. It routed all HTTP traffic via Squid and a custom ICAP server that did the actual rewriting. If you removed the live CDs, the network just went back to normal within a couple of minutes.<p>Routing the whole school&#x27;s network through one old Pentium machine wouldn&#x27;t work though, so I figured out a way of doing distributed load balancing: it would do the ARP spoofing slowly and randomly. So, as you added more machines, it would just magically balance between them.<p>It worked great for about an hour then whole network mysteriously stopped working for the rest of the day. I left all the live CDs in the computers as a calling card.<p>Sorry, school network admins.

Three things are remarkable about this, and make it a happy story.<p>First, that the pranksters were so egregiously responsible in the way they went about it. They avoided disrupting any actual educational activities; it was meant to be harmless fun, not vandalism. No harm came to anything here.<p>Second, that they documented their findings to the administration as part of the action, including recommendations for improvements.<p>Third, the administration took this as exactly that: a harmless prank by smart, ethical kids who ALSO did them a favor by pointing out the vulnerabilities. If the admin had a panicked fit about this, they could have made it an ugly situation.<p>My educational experience was populated far more by &quot;freak out and yell&quot; types than this school district, which was a shame.

Preface this by saying this was a smaller school, and the students had limited access to wifi. For example a teacher would create a set of radius credentials that would only be active for 1 hour. Since data was also expensive that was not an easy work around.<p>In my grade 11 electronics class, one project we were assigned was to create a digital clock with notifications for one of the teachers. Me and a friend set up a raspberry pi with magic mirror installed on it, and modified some available plugins at the time to allow a google calendar for test dates embedded on the display. The teacher was quite pleased with this, but we convinced him to hard wire it to the network for &quot;stability&quot;. In the background we had installed a vpn connection to one of my vps that I used to host my website, and created a new set of sudo enabled credentials naming it magic-mirror or something. The teacher then reviewed the project and changed the normal user credentials etc. Then right before it was installed in the ceiling, we attached a wifi adapter to the pi. A week or so later we remoted in through the tunnel and enabled a wireless hotspot from the pi. This provided us with internet while we were close to the classroom for the next year. People also over time learned that you could extend the range by hot spotting additional jumps using laptops.

When I was in High School (early 90&#x27;s) we got a new computer system that nobody was using yet. I discovered there was an email system of some kind and that every student had an email address that we were not told about. I also discovered Tetris installed in a directory on the server. I was able to play Tetris and I could show other students how to access it, but it was inconvenient to get to.<p>Therefore I decided I would email Tetris to every student (I emailed the executable, not a link to Tetris), making it easier for everyone to play also. As soon as I did this the entire system got very slow...apparently the server had no quotas or partitioning and the hundreds of copies of Tetris filled up 100% of the hard drive space. It was a disaster. The computer &quot;specialist&quot; had no idea how to fix the system and she was teaching an adult education class that evening that required the system to work. She was furious and wanted me to get suspended. It didn&#x27;t happen though because I spoke up about the problem right when I knew there was a problem and also some other teachers intervened on my behalf.<p>The woman who was responsible for the computer system back then is now the superintendent of the school system. I wonder if she remembers me.

I feel so dumb when I read kids doing these things. Back in High School all I knew was how I could run arbitrary executable files by renaming them to calc.exe. We also did the classic &quot;take a screenshot of the desktop, set it as the wallpaper, then remove all icons and the start menu&quot; thing.

I went to Buffalo Grove High School in this same district and graduated many years ago. At the time no IPTV systems or EPIC bell systems were in place. However, as soon as I walked in my freshman year I noticed the &#x27;teacher&#x27; WiFi was only using MAC Address Filtering. One minute scan and a spoof later I was poking around to discover a whole lot was visible from this privileged network. “...From the results, we found various devices exposed on the district network. These included printers, IP phones... and even security cameras without any password authentication!” It was even worse back then. It was all exposed on wide open WiFi!<p>My senior prank was going to revolve around the printers. We were shocked to discover every printer not just in BG but across the entire district was accessible with no authentication of any kind. We cooked up ideas and were planning to print either porn or I has cheezburger&#x2F;lolcat memes via telnet (I&#x27;m dating myself.)<p>Ultimately I got into other trouble before we could execute and figured this wasn’t worth not graduating over. I moved on and so happy to see a much better prank on this same network happen so many years later with almost no repercussions. Congratulations and great prank!

I’ve said this a bunch on here so please tell me to stuff it if it’s tiresome, but having been on the far side of a large scale bug bounty i am incredibly impressed with the skills that young folks are developing in infosec. Probably not particularly unique but the industry is still a bit of a combination of tradecraft and academic pursuit and can be confusing for people to find a way in. I think this is why i really appreciate those that just bear down and get after it.

I told my district that I could change my race at-will via a hidden form on the profile page. I changed it to &quot;Purple&quot;. Got a call back from some IT guy telling me I accessed their computer without authorization, and that if it happened again, they&#x27;d press charges. I asked to be put through to the IT administrator, and he laughed and told me don&#x27;t worry about it... Sometimes, they can handle it well. Very glad they did for you as well :)

&gt; I used a loop of the DVD bouncing logo to test stream quality.<p>This is a beautiful touch, if somebody happened across his testing in the middle of the night they wouldn&#x27;t suspect anything was amiss.

Reminds me lightly of when I was in high school, email was fairly new -- especially at a school. My friend at a fancy private school had a Linux machine to access, and she really wanted to know what someone else had said about her. I managed to script kiddy my way in leveraging her existing shell login, got root, and read the email. What I didn&#x27;t realize was that my .history file contained everything I had done. Eventually the sysadmin wrote me an email saying he knew what was going on and wanted to meet up, stating &#x27;he wouldn&#x27;t cuff me&#x27; and that he was &#x27;a chill dude&#x27;. I was obviously scared, deleted everything, and tried to pretend nothing ever had happened.<p>Luckily no one got in trouble (meaning me or my friend). Not so sure this would happen in 2021.

About two years ago, I was in high school and decided to, as a joke, “hack” the computer. By logging in as admn:password. I was incredibly surprised when it actually ended up working as a domain admin account. After checking this, I immediately signed out.<p>When my CS teacher filed a ticket asking “who has the user account ‘admin’ and why is the password ‘password?’” IT wanted to revoke my network login and probably put me in ISS for a few days. Fortunately, my CS teacher didn’t reveal who I was.<p>Very glad IT at this person’s school took it in stride, unfortunately this was just the MO of IT in my district.

Many here, I am sure, got in trouble in high school for exposing security issues in school IT. So I imagine we&#x27;re all very happy to see a sane response from school administration for once!

Serious question. What, if any, instruction do kids these days receive regarding what&#x27;s allowed on computer systems?<p>I remember in high school poking around a network drive until I found an executable with the name &quot;SEND&quot; in the name. I had a sense that it would send some kind of message somewhere, but I honestly didn&#x27;t know where or to how many people. I was quite surprised when all the screens in our computer lab froze and, five seconds later, my message appeared on all of them. (I later learned that my message appeared on every desktop screen in the school!)<p>I&#x27;m not sure exactly how they found me out, but I was called into the IT admin&#x27;s office a couple of days later. She was furious with me. I told her the truth. I didn&#x27;t know what exactly would happen when I ran that command, but she didn&#x27;t buy it. Fortunately, nothing ended up happening after that.<p>I&#x27;ve wondered to this day what exactly they could have done to me if they decided to press whatever legal authority they might have had to its fullest extent. I was never told &quot;don&#x27;t go to Z:\&quot; or &quot;don&#x27;t run any program other than those on this list.&quot; Even after I was found out, I wasn&#x27;t ever explicitly told that my actions constituted unauthorized access.<p>It was a different, perhaps more innocent (or ignorant) time back then. How much have things changed now?

This is excellent; reminds me of (very much smaller and far less cleverly executed) grief that I caused the administration at my HS back in the day[0].<p>There&#x27;s a few comments about the risks along with a little surprise&#x2F;at least applause for the administration choosing not to waste the courts&#x2F;various other parts of the justice system with this prank. I completely agree -- I don&#x27;t know if I&#x27;m <i>terribly</i> surprised they chose that route (whether or not they were truly upset in the first place). I applaud the students for executing this so carefully&#x2F;well and if my kids pulled something like this off with this level of care -- well, they&#x27;d at least be getting a dinner out of their choosing -- probably a trip to a nearby theme park.<p>I suspect the kids involved were also certain that their approach, attention paid to keep from disrupting class and (thankfully thorough) testing that helped avoid a harmless prank turning into expensive litigation&#x2F;really pissed off parents. But I&#x27;ll bet there was a lot of fear around that, anyway! Had something gone awry -- and that&#x27;s always where the risk is -- I&#x27;m guessing the outcome would have been more severe for these kids.<p>They really played the social engineering&#x2F;covering their hind-quarters side of this prank very well. A large amount of effort was put toward making sure class was not interrupted[1], things worked and were tested and they provided detailed information to the administration on how to secure their systems -- that last piece allowing them to say &quot;Without our minimally invasive prank and report you&#x27;d have never known these issues existed. We&#x27;re not that special; a more malicious student could have discovered these flaws, opted for a <i>porn broadcast</i> and made it difficult&#x2F;impossible to find them to punish.&quot; They probably understand their own school&#x27;s administration and took an educated guess as to how they might handle something like that, too. At least for the scope of anything I did, I <i>knew</i> I wouldn&#x27;t hear from the Vice Principal or Principal -- I&#x27;d solved various computer problems for them by then that the worst I&#x27;d get would be &quot;that was cool, but please don&#x27;t do that again.&quot;<p>I didn&#x27;t get in trouble because the pranks worked similarly -- I tested&#x2F;avoided disruption (most of the time), did no permanent damage and anything was resolved by a reboot (DOS and no fixed disk) and our harm was necessarily limited since there are only so many computers you can covertly pop a floppy disk in -- there was no network. The biggest factor, though, was that our programming teacher sometimes got involved, himself. He was the head of the math department, not your traditional &quot;computer geek&quot; and I was doing things that he wasn&#x27;t teaching, so he encouraged it. The guy was amazing (passed away in the mid-00s).<p>So, kids, if you <i>do</i> try this at home, make <i>sure</i> it all works, provably, very <i>very</i> well and don&#x27;t do anything that will give them other reasons to throw the book at you. And if your administration has more than the typical &quot;Zero Tolerance[2]&quot; stance on things, it&#x27;s just a bad idea regardless.<p>I&#x27;m <i>sure</i> there were a few among the ranks that became <i>furious</i> but cooler heads prevailed. The report at the end was a <i>nice</i> touch.<p>[0] Mostly contained in the computer lab, which was non-networked, but when we discovered the three-letter-acronym TSR (DOS&#x27;s Terminate and Stay Ready) and realized it was rare that another student would reboot an already booted machine (it took forever counting to the 512KB or so RAM installed). Incredibly, I graduated in the late 90s -- my Senior year, the lab that taught (Turbo, then Borland) Pascal was 15 years behind what most people had at home... these diskless all-in-one bastards wouldn&#x27;t break.<p>[1] I&#x27;m sure it took the kids a little longer to get to their classes after that all happened -- that&#x27;s a minor, completely expected, situation here and at least a small reward for the efforts involved.<p>[2] The school ten miles north of us was in a rural district and had a parking lot full of trucks with hunting rifles attached sitting in the parking lot every day (well after all of the schools installed additional locks and added security theater to make parents feel better post-Columbine)...that wasn&#x27;t forbidden at least as far back as the early 00s and I wouldn&#x27;t be surprised if a blind eye is mostly turned, today in some parts of that district.

Up until OP starts working out the frustrations of RTSP it was pretty much a yawner &quot;scan for ports, http to them, see if sumthins there and unguarded&quot;. But the perseverance to make a prank work like that with a finicky protocol across a wide variety of different OEM hardware is really exceptional!

Fun story! Such incredible attention to detail and thoughtfulness, all the way up to automatically sending a pen test report to the district&#x27;s technical supervisors, and sharing a presentation <i>after</i> graduation. This kid was one step ahead all along.<p>Great work, Minh.

Neat story, and this is clearly harmless. But isn&#x27;t the most basic, fundamental, number one rule of security&#x2F;pen testing to try to break into a system (no matter how weak) if and only if you&#x27;ve been given clearance beforehand? Why doesn&#x27;t that hold here?

The fact that the administration didn&#x27;t choose to sue them to oblivion is refreshing. I hope we&#x27;ll see a trend in the future of educator being smart enough to admit that they made a mistake and to encourage the students to develop their talent.<p>One can only hope.

The s in IoT stands for security.

Fellow high school students just loved me when, after giving up on ophcrack, I found out that on Windows XP, a limited account could simply escalate privileges by scheduling a command.<p>First installed some open source FPS on all computers. They got found and removed, and we all got moved to guest accounts.<p>I then found something called DreampackPL. Just pop in the CD, boot on it, replace the pinball game with their executable, reboot. And voilà, access to everything. Just remember to put the pinball back afterwards.<p>That’s when the BIOS got password protected.<p>My next step? Opening the machines up to move a jumper. Do everything all over again, but this time on a hidden windows account.<p>The IT admin was a student’s parent. Just spent years making the poor guy run in circles before the school administration finally gave up.

In case anyone else is wondering how the heck the kid got access to the district&#x27;s network, the key sentence is hidden in the middle of the post:<p><i>Since freshman year, I had complete access to the IPTV system. I only messed around with it a few times and had plans for a senior prank, but it moved to the back of my mind and eventually went forgotten.</i><p>Not sure why they don&#x27;t go into more detail about how exactly &quot;complete access&quot; was obtained, since that is obviously the hardest part of hacking any system. Not trying to downplay the achievement here, just think that this would have deserved a bit more detail.

We figured out that our computer class had a few computers infected by the Ambulance virus[0]. So of course we intentionally infected all the computers with it =)<p>On the other hand me and a few of my friends were the only computer literate people in the school and were tasked with removing it in the end.<p>But still, it was fun seeing a whole class of computers have an ambulance run at the bottom of the screen with the poor beeper emulating the siren.<p>[0] <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Ambulance_(computer_virus)" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Ambulance_(computer_virus)</a>

I got in trouble and subsequently suspended from school back in the ‘90s for causing BSOD’s on classmates computers using WinNuke [0]. They classed it as vandalism even though the payload causes no permanent damage (apart from losing unsaved work).<p>I found more severe vulnerabilities including being able to lift home addresses of students by querying an unprotected endpoint. Didn’t get in trouble for this one, and reported it promptly to the IT administrator.<p>[0] <a href="https:&#x2F;&#x2F;en.m.wikipedia.org&#x2F;wiki&#x2F;WinNuke" rel="nofollow">https:&#x2F;&#x2F;en.m.wikipedia.org&#x2F;wiki&#x2F;WinNuke</a>

My first thought when I read the headline was &quot;another kid with a felony following them around for a prank that didn&#x27;t harm anyone&quot;. Nice to see they weren&#x27;t prosecuted.

I&#x27;m impressed with how much foresight this high schooler had in preparing for the prank. My impression is that most high school age kids would out themselves within the first few weeks of planning due to wanting to boast, here they instead took to testing covertly, overnight.

Someone I know did something similar, was arrested in their college dorm, and at the sentencing hearing in federal court was fined and sentenced to 5 years probation, and now has a criminal record.<p>This kid is very very lucky. Obviously they violated the CFAA which carries severe criminal penalties. They engaged in actual hacking without any permission or defined scope. And they exploited the system without any responsible disclosure process.<p>Anyone in the field will tell you that this is an absolute disaster of a post because it sends the signal to other young aspiring cybersecurity professionals that this is OK, and the school will laugh it off, and you&#x27;ll be seen as an adorable Matthew Broderick type Wargames character. I can&#x27;t overemphasize how far this is from the truth in 2021.<p>Absolutely do not access systems you are not allowed to. If you do want to do penetration testing, you need permission from the systems owner and a clearly defined scope. And when you do find issues, you don&#x27;t exploit them, you responsibly disclose them within a clearly defined framework.<p>If you want to end up with a criminal record that will profoundly effect the rest of your life, including your career prospects and ability to travel internationally, then by all means, do what this guy did.<p>I wish it wasn&#x27;t so. It never used to be. But this is how it is now. Overzealous prosecutors have been given a huge amount of power, and all you need is one embarrassed systems administrator, school board or management team to trigger a disastrous outcome in stories like this.

Glad to see a cooperative and supportive academic administration, and I&#x27;m sure the thoroughness and planning that the team demonstrated made it easier on the administration.<p>The sheer amount of testing and verifying no major impact to academic testing took place probably helped, and cleaning up after themselves and documenting their finding and reporting it to IT was a cherry on the top.<p>I like that the administration even requested that the team brief the district IT on the &quot;attack&quot;.

Much less exciting, but when I was in high school I discovered an unsecured messaging service that could be accessed via a Web interface. This included the ability to send messages to any user logged in to any machine. And also the ability to broadcast messages to all machines in the school. I was never bold enough to test this feature but word got around after I showed a few friends and eventually someone decided to broadcast a rather crude message about our principal. One thing this student didn&#x27;t realize is that all messages are logged and the sender was easily found and disciplined.<p>It could have been a lot of fun if schools in the early 2000s were as well-connected as they seem to be now. We were still working with overhead projectors at the time.

Cool, I guess, but &quot;scary&quot; and as always a bit obnoxious to read about for me.<p>Anyway, it was fun to learn about the &quot;obscure ARC architecture&quot; used by the IoT devices in question. Unpacked to &quot;Argonaut RISC Core&quot;, that made me curious enough to look it up since I hadn&#x27;t heard of it. And sure enough, it <i>was</i> related to Argonaut as in &quot;the UK game developers founded by Jez San&quot; [1]. That&#x27;s a really interesting development! :)<p>[1] <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Synopsys#ARC_International" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Synopsys#ARC_International</a>

When I was in school we were trying to improve the IT, but as we &quot;knew too much&quot; and prefered Linux over Netware we weren&#x27;t trusted. Also everything was run by the teachers, we didn&#x27;t help either.<p>Each summer they &quot;improved&quot; security and in less then a week we again had all of the important passwords. Even the one of the top sysadmin - which really was the one he told some students when he was trunk (everyone thought he was joking).<p>We didn&#x27;t prank, but instead installed Duke Nukem on the Netware login drive or enabled internet access when the teachers weren&#x27;t around or didn&#x27;t want to give us access.

I thought I was cool being able to modify the ready message on printers across the school network. This is really impressive.

Do prosecutors need consent from victims to file charges in cases like this?<p>Also if you&#x27;re going to commit a crime and brag about it, don&#x27;t say &quot;hey well they would point the finger at me anyway and I&#x27;m not going to name my partners.&quot; You&#x27;ve just told them there are coconspirators, and you don&#x27;t have a right not to incriminate others.

I live near this kid and I&#x27;d offer them an internship on the spot if they came forward...but I fear they&#x27;d just be bored.

In 2001, in 7th grade at the beginning of my web dev &quot;career&quot;, so to speak, I made a website that looked exactly like our school district&#x27;s &quot;snow day&quot; school closure and delay page -- and I allowed anyone to edit the message. I told a few kids about this -- it was a pinnacle of my PHP prowess back then.<p>Got called into an office -- a gifted program administration, not the regular school office. I think one of the teachers there caught wind of my cool little trick, and asked me to take it down right then and there. I was terrified, as I wasn&#x27;t really someone to get into any sort of trouble. I was able to take it down through their machine&#x27;s windows explorer&#x27;s FTP access.<p>Now I realize that this teacher probably saved me from a lot of trouble. I wish these sort of stories were the norm -- where educators welcome the natural curiosity instead of throwing the law at kids who dare to think outside the box.

Reminds me of when I attended my districts technical career center for 2 years. We had ~3 hours of various IT learning every morning with kids from high schools all over the county before we all went back to our normal schools.<p>We&#x27;d of course run out of stuff to do and start messing around with our newly honed skills. Learning about net send wasn&#x27;t too bad, we just sent dumb messages to each other. But learning vbscript combined with net send... you could DoS the other machines with a for loop.<p>One morning I was playing around with the net send script, but accidentally plugged into the schoolwide LAN instead of our local network... every computer in the building got locked down with some idiotic message my 17 year old brain had come up with. IT took a educated guess and came down to our class and I fessed up, thankfully they let me off with a stern talking to and promises to never do it again.

I was at my own community college 2 years ago, and they had those Smart TVs showing news and weather everywhere, as well as custom images uploaded by the clubs on campus.<p>It was supposed to be that a club could log into them, make, and submit a graphic to display on the TVs, but the school would have to review them before they would be displayed.<p>However, I would later find out, a software update had messed up the roles system and so that club username&#x2F;password which was in a public document actually had the ability to post things immediately on the TVs, without review. I found this out when I made a Math Club poster, hit the button, and it was immediately live without a check.<p>I just reported it and it was fixed the next day. My instructor said that could have been really really bad considering some more unscrupulous college kids who would have (not naming names) probably gotten a kick out of throwing pr0n on them...

This is awesome, and rock thee onwards.<p>I wanted to make sure OP knows that “white hood” can mean something _very_ different, and “white hoodie hacker” might provide that distance.

Free relatively harmless large-scale pen testing! Nice work.

I wonder how they managed to achieve perfect synchronization across the whole district, or even between IPTV players in one school. Sure, maybe that ability is built into the IPTV system, but I wonder how it&#x27;s done. Did the players all sync their clocks from a central server, pre-buffer the stream, then start playing when the local clock hit a certain time?

&gt; <i>With that said, what we did was very illegal, and other administrations may have pressed charges. We are grateful that the D214 administration was so understanding.</i><p>Note well that the victim of a crime does not get any say in whether or not a prosecutor prosecutes a crime. &quot;Pressing charges&quot; is a myth.<p>The prosecutor decides. Period.

&gt; In fact, he thanked us for our findings and wanted us to present a debrief to the tech team!<p>This is the only acceptable response.

I remember being in elementary school and avoiding the net nanny by viewing one of the network drives that students (somehow) had access to but weren&#x27;t told about. Eventually, someone in my class poked around enough to find BESS.exe and deleted it and we had unfiltered internet for a day.

When I was in elementary school in the early 90&#x27;s, I discovered you could use AppleTalk to print to just about any printer in the district.<p>I would print pages and pages of &quot;I AM THE MASS PAPER WASTER!!!&quot; to random printers in other buildings. I&#x27;m genuinely curious if it actually worked.

This article was great.<p>If you want to understand the IoT better, I can recommend this article: <a href="https:&#x2F;&#x2F;girlsplaining.substack.com&#x2F;p&#x2F;internet-of-things-and-smart-cities" rel="nofollow">https:&#x2F;&#x2F;girlsplaining.substack.com&#x2F;p&#x2F;internet-of-things-and-...</a>

I had a teacher say that if I knew the root password to the machine students tested programs they made on that I didn&#x27;t have to take the final.<p>Little did he know the kernel was old and had a privilege escalation vulnerability. I ended up leaving a note about it on the back of my final exam.

my old school used this old as hell system using two solaris servers that we would connect to via thin clients. i got root creds to everything in our school district and on my very last day at that school i decided i&#x27;d do everyone a favour and at least update the system from firefox 3 to firefox 12. well, shortly after installing the package everyones clients stopped responding and that&#x27;s the day i learned about dependencies. everyone kind of knew it had to be me that screwed everything, but nobody said anything and they were grateful to have gotten rid of that horrible old system.<p>Unfortunately they decided to replace it with windows now, but my little brother is doing a great job keeping the people managing that new system on their toes ;)

Hey I know someone who goes to that school, interesting. He was telling me about this incident before

30s crisis hurling at me when a high school senior is way better than me lmao. Amazing read!

when I was in high school, we had been battling on the pdp11 (running rsts), and when they finally upgraded to vax&#x2F;vms they just gave up and gave us a small vax system to ourselves to battle on. it was much less disruptive than the hijinks we had previously been up to.<p>of course, this was in the days when pad-pad was a thing out in the real world, so false logins on vt100&#x2F;vt220 terminals was all too easy to fake.<p>I am still thankful that they decided to set that up (we even had physical machine access) - such a better solution than just letting us go wild on the local network.

Quick! Hire them before they can use their powers for the forces of good.

I once wrote a script that would pluck the entire student’s computer and rat them out hard in case they tried to exploit some vulnerability. Alas, no one got owned, at least not until I graduated.

I just hope the author, at least, applied to MIT. He would fit right in.<p><a href="http:&#x2F;&#x2F;hacks.mit.edu&#x2F;" rel="nofollow">http:&#x2F;&#x2F;hacks.mit.edu&#x2F;</a>.

&#x27;white hood hacker&#x27; ... that has .. klan connotations.

My time in highschool was wasted. Kudos to these amazing kids.

Hopefully everyone here has seen the movie Hackers, where a similar, but slightly more destructive prank involving the school&#x27;s sprinkler system took place.

TIL there is an Elk Grove that is not in California!

Greatest rickroll since S2E10 of Ted Lasso.

I&#x27;m interested to know how was he able to remote access to seemingly any machine in the network, from outside?

I do really wished that my school wasn&#x27;t strict and I&#x27;m allowed to tinker with my ideas in my school.

I am glad everything went in a positive direction and the school didn&#x27;t punish the students.

It&#x27;s not hacking if you have ssh access. I missed the part that explained how they got that.

Hope there was still time to amend the college applications with a link to this post.

Pool on the roof must have a leak.

This is amazing!!

seriously scary stuff, than you for sharing

This is the way.

What a legend.

Ugh. I worked school IT in the past. You&#x27;re not as smart as you think you are. These vulnerabilities are typically known but there&#x27;s not enough time, money, or the devices themselves can&#x27;t really be locked down or hacker proofed anymore than they already.<p>IF you do something like this at least consider that someone else is going to be cleaning your mess up.<p>School kids are the worst users you can ask for. Unlike a normal business where they&#x27;d be punished or removed for something like this the kids will deliberately try to destroy the school network.

So much attention to detail that I can&#x27;t help but think that the kids parents were helping along the way.

These devices were unsecured for a reason: there wasn&#x27;t money to hire competent people who would make all services secure.<p>Finding a vulnerability in the grade tracking system is much different than in IPTV: the first can have real-life implications, the latter only gives the attacker bragging rights. Only students would benefit from hacking IPTV (for funsies), but patching it requires funds nonetheless, and then further effort from staff when the default user&#x2F;pass doesn&#x27;t work. And then we complain about the hidden costs of low-trust societies.<p>If the guy had written to the admins about it, they probably would&#x27;ve replied &quot;yeah we know about it, please don&#x27;t do it&quot;.<p>&quot;But I want to because I can and you&#x27;re too lazy and incompetent to fix it.&quot;<p>&quot;Okay then here&#x27;s 50 bucks, please fix it for us, we don&#x27;t have time for this nonsense.&quot;<p>&quot;F off&quot;, and then proceeds to rick roll because that can get him to HN front page.