Coding Stories: Me vs. the VNC Guy

I went to a Catholic high school. One of the only sisters left that worked at the school ran the computer lab.<p>Passwords were stored in clear text and it was common for students to ask her what their forgotten password was. She would look it up in the system, and tell them.<p>Eventually some of us figured out how to change other users passwords and of course we changed them to all sorts of unseemly phrases that a high school student boy would find amusing.<p>When that student would ask for their password she would simply change it to something pleasant...but amusingly maintain the general structure of the unseemly phrase changing only the bad words. We saw her laugh a few times.

I have a reverse story of this.<p>Bumped into a friend from freshman year in the computer lab one day. I don&#x27;t recall what happened, but he decided that something I had said or done offended his honor (half jokingly) and that he was going to email bomb my account as retribution. He writes a shell script to do this, and proudly shows it to me. I read the code, state, &quot;You don&#x27;t want to do that,&quot; and walk away.<p>He does want to do that. A moment later he notices that his terminal window has started acting oddly. So he decides to log out and log back in (he could have just opened a new window). And it won&#x27;t let him log in.<p>As I open my email client to delete the couple dozen emails his script managed to send, I explain to him that he just fork-bombed himself, and since the ulimit was something tiny (32 processes?) it took me less time to delete the &#x27;mail bomb&#x27; he sent me than it did to explain what he did. And since he closed his only shell, only an admin could now get him out of this.<p>&quot;I told you you didn&#x27;t want to do that.&quot;<p>He did, in fact, have to go to the admin and apologize.<p>A year later, &quot;friend&quot; applies to and is accepted into the NSA. And joke&#x27;s on me, because I have slept a little less soundly every night since knowing the idiot who fork-bombed himself is now involved in national security. God help us all.

I&#x27;ve had a similar experience with spying software in University. The instructor was bragging about the spying tool during a lesson. Driven by disgust of being watched I quickly identified the remote host and port. Hacked together a shell script to flood the host with spoofed connections. While this was going on the command server was projecting it&#x27;s video signal to a large screen at the front of the room. I watched with glee as the active clients preview thumbnails of the spy app slowly filled with fake clients. Very soon the machine locked up and became unresponsive. The instructor became noticably flustered I raised my hand and claimed responsibility. I was excited to explain how I did it and discuss but instructor was not interested at all.

1st year at Uni. Year is 1993. 286 running DOS on top of Novel Netware and booting from network off a 386 behemoth that need it to run 1st.<p>So this guy was the sysadmin, a freshly minted assistant which had the bad habit of copying our sources and see if anything interesting is in it. Therefor I wrote a piece of code called Super.exe with nice graphics and a lot of bling bling that had inside a virus which when run from a normal user (like ours) did nothing but when was run from a Supervisor (Novel&#x27;s name for Administrator) account would create another user called Hypervisor with blank password. I created the .exe, erased the sources and let it sit on my account and went home.<p>Next morning I tried the Hypervisor account and what do you know! I got in. Used for next 3 years to give my normal user more space when I need it and to do creepy stuff to said assistant when he was pissing me off. Poor sod never knew, always suspected bugs and viruses. I told him 5 years after that, when we met by chance at a beer with common friends. His eyes opened wide and exclaimed: &quot;So it was you!!? I never suspected you&quot;. Fun times.

Not entirely on topic, but I do remember going to college which was the first exposure to this large rooms with computers. I had computers at home since the early 80s but by the time I got into college it was win3.11 time, after my MSX-2, Amiga, DOS but even C64, I really really hated Windows for it&#x27;s instability and inefficiency.<p>In college we had 2 (large) rooms with computers; 1 had Windows boxes with win3.11 (for networks) and later win NT and the other had Sun sparcstations. The Windows room was always full and the unix room always empty. So I sat in the Unix room behind these machines that never crashed and had access to not only all the others in the room for doing interesting distributed things, but also to the 2 E450&#x27;s in the basement of the college. While the Windows machines were on another network and were just basically crashing all day long (got a lot better with win NT obviously but still wasn&#x27;t great). I later learned that the school head sys admin seriously hated Windows and loved Unix. So he basically ignored everything happening in the Windows world and just switched off the entire room at night while the Unix machines had uptimes that felt impossible if you compare them.<p>Ofcourse, as the PC won, the room with the Sun machines was replaced with Windows machines; I got 10 SparcStation 5&#x27;s (with the gigantic CRTs), a few SparcStation 1&#x27;s, few UltraSparcs (5+10) and an E450 after they removed all. All are still working without fault to this day. It is depressing how throw-away modern hardware is, but what can you do.

I remember repartitioning the drives on the lab machines, so that when they were reimaged, the content in the new drive E, volume label CD-ROM, remained static. Hid the directory at the root, inserted a high ASCII character so that one couldn&#x27;t browse to the directory without knowing the character, and shared this knowledge with a few individuals.

I got kicked out of my high school programming class for logging into another high school&#x27;s computer network. I didn&#x27;t even break in, I logged into a friend of mines account and downloaded a txt file about a game. The teacher reviewed all the paper (these were print terminals)that got thrown into the trash and decided I was up to no good. (This was in the 80&#x27;s when we really didn&#x27;t have rules about networks) It would be hilarious if isn&#x27;t such a stark example of how a poor teacher can almost fuck your life up.

This is a really fun story, and I love your writing style! Thanks so much for posting this.<p>A lot of my most creative stuff growing up came out of me needing to work around really weird restrictions in middle&#x2F;high school. In a really weird way, I&#x27;m almost grateful for some of the arbitrary rules and setups because they created a similar environment to what people seek out nowadays with platforms like the Pico 8 -- limitations in an unfamiliar environment force you to be creative with the resources you do have.<p><i>Edit: The other articles you reference in this one are also great! <a href="https:&#x2F;&#x2F;martinrue.com&#x2F;give-yourself-more-playtime&#x2F;" rel="nofollow">https:&#x2F;&#x2F;martinrue.com&#x2F;give-yourself-more-playtime&#x2F;</a> makes me really happy.</i>

I remember in my high school every computer was a windows machine that ran Novell Net ware on boot. So some dude brought in a Linux distribution on a diskette and found he could mount anything on the network and do as he pleased.<p>He was honest and had a crowd of people around him including staff as he did it, which was No Fun At All.

When encountering a problem, every now and then a programmer might say: &quot;I know, i&#x27;ll code a C app that uses sockets to solve my problem&quot; Now they have two problems.<p>But this brings up a fun idea for a red team challenge, How well can you disguise what you are doing while being watched by somebody.

I did this in school. Not the exact same way but I was so smugly satisfied with myself. I tortured the IT teacher the last few months. He deserved it, for being stereotypically uninterested in teaching anything beyond the minimum and actively shut off any attempt to learn more about anything.

This was a pretty great story, although I misread the title and expected the admin to turn out to be a founder of the VLC project

When I was a junior in high school and computer lab monitor, I made a suggestion that we install VNC on every computer and it was green lit by the administration. We used an app that could view thumbnails of all screens at the same time. I only enforced the &quot;no porn&quot; rule. Kids could play games, browse the web and I accepted fake hall passes. But if they were watching porn they would be thrown out and banned.

Not my hack but - when I was in college, there were two computer labs: one for CS majors and one for humanities majors who just wanted to type research papers. The CS computers booted to a DOS prompt and you could run anything on them, but the “writing lab” computers were configured to boot straight to wordperfect, and the exit command was password protected. A friend realized that you could hit F12 to get a shell (a DOS prompt), use that to look up the exit password, and exit out of WP on the writing lab computers.

I worked in a large call center and we used VNC to monitor the agents. This worked until one one of them figured out what the VNC tray icon color change meant - which meant they soon all knew what it was.<p>So I had to do the reverse hack of this guy. Easiest way was just to load up the VS resource editor and change the icon so that it always looked like there was no connection.

we had a similar system at high school: VNC on all computers, staff reguarly logging in to check you weren&#x27;t doing anything fun<p>VNC ran as a separate user with its password hash protected by the relevant registry permissions<p>one day we found a machine undergoing an automatic rebuild, found the password hash, and of course VNC only supports upto 8 char passwords<p>apparently it turned out they used the same VNC password for every single machine, including the staff ones

Fun story, thanks for sharing! Is it correct that it was around the year 1997 that you were using your Commodore 64 with a tape deck to get into computers? You mention that the college was using Windows 2000 and VNC setups, and that you were interested in the D language, which would place the start of those college years no sooner than 2001. I also kept using my Commodore 64 up until the late 90s!

In high school I found there was an whitelist of executable names, as long as I named the file firefox.exe it would be allowed to run.<p>For senior prank I created small Autohotkey executables that would swap what some keyboard keys would do (e.g. &#x27;m&#x27; with &#x27;n&#x27;). Then I booted the lab computers with a Linux live CD, and copied the executables into the global start folder (a different executable for each computer). When students came in that day to finish their homework in the morning at the last minute, they were quite annoyed, but some found it funny. One clever student figured out that killing the firefox.exe process fixed it (until the next login).<p>I didn&#x27;t get in any trouble (senior prank was semi-sanctioned), but they did need me to clean it up the next day.

I have a similar story but with a lot less actual hacking. Our school was monitoring lab computers using iTalk (?), which besides remote desktop also allowed things like sending messages and blanking the screen.<p>After my Grand Hacking Crime of teaching all of my friends how to use proxy servers and supplying them with a text file containing several hundred that allowed them to bypass the website filter, I was constantly being watched, which annoyed the hell out of me.<p>So I started digging around when the teacher wasn&#x27;t looking and discovered that, while only the server part of the monitoring system was &quot;installed&quot;, the files for the client part were still included. Without having the admin creds, all I could do is send messages, but that was enough. After testing it on a friend&#x27;s computer as a joke, I sent the master PC a single message containing several hundred lines of Shakespeare&#x27;s plays. The message appeared in an always-on-top msgbox and could only be dismissed by the OK button, which was by my estimate several meters below the bottom edge of the monitor.

I love stories like this. It would be nice to have a site full of them.

My school had something called Securus, which would scan the memory of all the programs, scan for combinations of pixels indicating pornography (on the screen and on your personal media devices) and of course key log everything. Luckily they include Python on some of the computers for a quick task kill.

Could&#x27;ve just unplugged the network cable... though the plan to proxy someone else&#x27;s VNC server was a good one.

A few of my stories, back from the XP&#x2F;2000 days at school:<p>---<p>The internet webpage filter at the school would stop you from playing games (particularly flash games), something as kids we quite enjoyed doing. I noticed that sometimes the real page would flash up and then go to the block page. After a while, I found out it was simply serving a &quot;redirect&quot; if the page contained banned keywords.<p>My 14 year old brain figured that I could make use of iframes so that the top section of 1 pixel height got given all of the &quot;redirects&quot; whilst the bottom half opened up google.com, where we could merrily search for games and proxies. This worked until I got VNC&#x27;d one day, logged off, account banned and the blocking system updated to filter prior to connection.<p>---<p>Still wanting to play games, I went to a friend&#x27;s home (I didn&#x27;t have internet back then), downloaded the entirety of a games website using a crawler and then brought the flash games in on a memory stick. As some of the teaching software also used flash player, this method of playing games was good until the every end.<p>---<p>My friend was watching all of these little tricks and thought they were cool. I wanted to try some things that would require two people to pull off. One lunch time we go to the library (the only machines in the school I can actually use now) and start experimenting with emails. It turns out that we could set custom rules.<p>A few minutes later, he has a rule that emails &quot;Hi&quot; every time I send him an email, and mine in return says &quot;Hey&quot;. We trigger this snowball off... 500 emails... Haha. 5000 emails... Still funny. 50,000 emails - erm. 500,000 emails, the computers are grinding too a halt. Disk space on everybody&#x27;s accounts is evaporating.<p>Email system starts sending out &quot;Unable to send message, not enough space&quot;. Few, we thought. But each one of these messages was a few kilobytes, and each one triggered a new one (as there wasn&#x27;t any space for that either). Suddenly the number of emails starts growing again as each of our accounts gets an automated space message.<p>We undid the rules and held the delete key for 30 minutes, there was still 500k emails when we left for class, but it wasn&#x27;t growing any more. I assume an IT guy saw what we did, because the next time I logged on, the rules were disabled and the emails were gone.<p>---<p>Some of the kids in the school had started to give me a &quot;hacker&quot; status and then one kid started to claim he was much better than me. Challenge accepted. I wrote a simple javascript webpage that would keep opening itself up,m saying something like &quot;you think you&#x27;re a hacker?&quot; in every page. Crashed my machine - perfect I thought.<p>I email him this web page, he opens it, crashes his machine. He thinks this is as brilliant as I did. He emails it to all of his friends. Their machines also crash. They email it to their friends, etc, etc.<p>The next day I get pulled into the deputy-head&#x27;s office, complete with angry IT staff. Apparently all of the kids using computers that day decided that it was a perfect way to get out of working, claiming their work had been lost (Word even back then had recovery options). Two weeks ban from using any computer. I got asked where I got it from - at the time I said &quot;I downloaded it from some website&quot;, but I wish I had told them that I had learned javascript and created it from scratch.<p>---<p>&quot;Trolling&quot; had become a thing, where you would try to cause somebody an inconvenience and leave a troll face there to let them know it was on purpose. Some of our exploits included taping a troll face to the underside of a laser mouse, unplugging mice&#x2F;keyboards and taping troll faces over the USB ports, swapping people&#x27;s mice over so that they controlled each other&#x27;s computers, turning everything upside down in the settings when somebody left their computer unlocked and left the room, holding down sticky keys to crash the computer out whilst making an awful noise, etc. We got quite creative with this.<p>---<p>Printing was done by room, with printers automatically added to your account depending on where you log in. In one of our classes there was an &quot;expensive&quot; glossy colour A3 printer, where the teacher would monitor what it was used for. We figured it did no authentication and that we could copy the printer settings and print remotely. We could also pretend to be another user as it didn&#x27;t connect at all to the user database. In a class with a few friends in, we remotely printed large cartoon pictures. Apparently the teacher was frantically trying to find the person who was printing and they all had a good laugh. They then took that printer off the network.<p>---<p>File explorer back then was patched so that we couldn&#x27;t see network drives and even if we could, we couldn&#x27;t get onto them. A few teachers sharing their screens would leak the fact that they had a private staff share. Child mind: Challenge accepted.<p>After several failed attempts using browsers and explorer, we discovered that Microsoft Office wasn&#x27;t patched. Suddenly we could access other student&#x27;s work spaces and save files in there. We could access staff&#x27;s work spaces and save files in there. We could access IT work spaces and save files in there. We occasionally left a &quot;I&#x27;m watching you&quot; file (created at home so it didn&#x27;t have our user account metadata) in random staff accounts.<p>At this point I think we were on their radar, but they needed proof. One afternoon we access the headmasters work space, who apparently left files on his desktop with his various login details. A bunch of students could now pretend to be the headmaster (we didn&#x27;t as we knew this was suicide). (Turns out later that this headmaster was stealing school funds, so in retrospect I don&#x27;t feel bad.)<p>We then found the &quot;program&quot; drive. It was a literal jack pot. Installation binaries with site-wide licenses. Back then there was no IP checking, one of these licenses was golden. We could install thousands of dollars worth of software at home for free, including Adobe everything, Maya and other 3D packages, office and every other custom piece of software.<p>Stupidly I had shown other people how to do this and they were running through the network like a bull in a China shop, triggering lots of errors, and as it turned out - getting lots of attention. In bursts a network administrator and he shouts my username into the room. This was the &quot;oh shit&quot; moment. I was dragged into the headmasters office whilst my teach protested that I was a good pupil.<p>I sit there whilst being berated, the network admin wants to call the police - whilst he wafts a large document full of screenshots in his hand (50+ pages). (Apparently they kept screenshots for evidence as I caught them off guard and they didn&#x27;t have video capture.) They come to an agreement that I am indefinitely banned from using a school computer with no police involvement, as long as I give them all of my exploits. As a child I don&#x27;t see any way out and agree. They handed me single piece of A4 paper and said &quot;write everything you know on here&quot;. Before I put even a single word to paper, I replied: &quot;Can I have some more paper please?&quot;.

Undertaking nerd-duel with low pay disrespected computer lab janny is shameful. Would not share...