When I was in middle school in the mid ‘90s, the school library decided to go digital. They installed a bunch of computers with what they called “a boolean search system”. For the first time, you could search for a book by topic in the library and, after a bit of a wait bc computers were pretty slow back then, you’d get a list of results.

Well, us being kids, on the very first day, somebody decided to search for “book”, which of course matched every single book in the library and therefore created enough system load to lock up those poor mid-‘90s computers to the point that they required a hardware restart. IIRC this system was on some kind of a network too and I believe it would also lock up the network such that the other computers couldn’t use the system either. I didn’t know much about such things at the time.

Anyway, word got around immediately and so every single time a class came to the library, somebody would search “book” on a computer to see what would happen and lock up the whole system for hours. This went on for weeks with the punishment for searching “book” on the “boolean search system” becoming more and more severe, and then I moved to a new state so I unfortunately do not know how this story ended.

for several days in a row i’d get to class before the bell. the teacher would hang out in the halls.

i’d hop on his unlocked PC, open command prompt, run shutdown /r /t 600, minimize the prompt, and walk away.

he’d be mid attendance and his computer would reboot on him. a few days in he stepped into the room mid me typing the command. he was madder than i expected, but just “yelled” at me.

At my school, we quickly discovered that the admin password for all the networked printers was the name of the high school. All these HP laser jets had a function where you could upload custom translations for the status messages on the printer displays. So we downloaded the English string set (XML) and made some changes, “translating” for example, “Printer Ready” to read “Paper Jam”, “Replace Toner” and so on. As well as changing the admin password. The school actually RMA’d them back to HP thinking the paper jams were some sort of actual defect, as opposed to an altered status message, and eventually replaced them all with Brother printers. Oops lol

Create a folder with intriguing name on desktop, take screenshot, set screenshot as wallpaper, delete folder. (Didn’t everyone?)

We all had laptops in highschool, and apparently our IT admin couldn’t figure out how to disable the “Upgrade to windows 10 for free!” Popup everyone was getting. Anyone that upgraded to windows 10 got called down to IT had their laptop reimaged. When I heard about it, I figured that they must have been checking OS by our user agent or some other web-based method, as upgrading to windows 10 appeared to kill all of the group policy things. Assuming they had everyone’s mac address recorded, you could correlate laptop to user pretty easily.

From then on, every week I would USB boot a different OS. Linux, Solaris, FreeBSD, Windows 10, Windows XP, etc. I would run each OS for a few days until I got called down to IT, had my laptop inspected, and sent back to class when everything checked out. Drove them nuts, I thought it was funny.

Installed VNC software on the classroom computer. Simply added a random character when teachers tried to login to various websites, or closed the current page when they weren’t looking.

Got caught after a week, for laughing too obviously on the back row.

Nearly got expelled for “hacking”, and all staff was recommended to change their passwords for everything.

Put some VB script (I think) that opened and closed the CD-ROM 50 times inside a startup folder. Did it on all computers. Also put a batch file there that shuts down the computer one second after logging in on all teacher computers.

And last but not least, I created a phishing Facebook page, opened it on some browsers in school, rewrote the URL to a Facebook one (without pressing enter) and left it there, collected some passwords.

Edit: Also installed Ubuntu (dual booted) on the computer I usually used.

Edit2: Disabled the tracking software for a computer I used. Damn, it’s all coming back to me! Good times.

Somebody had put the Halo CE demo in some gym teacher’s shared folder and everybody in the school could access it and play LAN blood gulch

My school had a web filter to block YouTube and various other sites that they didn’t want students to go to. On the block page, there was a “report site blocked incorrectly” button, as well as a password override for admins to do a one time bypass.

One of my classmates registered a domain that all it did was log the IP address of whoever visited it. He then attempted to visit the site from class, it was blocked, and he clicked the report button. Later on one of the IT admins reviewed the report to see if the site should be unblocked or not, by visiting the site. My classmate then had the public IP address of the IT admin.

This IT admin must not have been very good, because he had a password unprotected, open, telnet port pointing to his computer. So we were able to telnet into his PC and poke around. He had an Excel file on his desktop with the web filter override passwords for every school in the district. That Excel file was promptly shared to as many people as who asked for it and we thought wouldn’t rat us out.

We gloriously had unrestricted Internet for several months before the teachers caught on. We were told that anyone who used this password would be found out, and that the school was going to have a “volunteer” community service day for 4 hours on Saturday, picking up trash around the school. Anyone who attended would be pardoned for using the password, anyone who didn’t attend and who was found out for using the password would have been “punished” (very ambiguously defined). I did not go to the volunteer day, nor was I punished in any way. I do think that it was just a bluff and they didn’t have good enough logging to tell who actually used the password.

Our school had a local TV station. They broadcast school board meetings and a slideshow of random updates about the township. I figured out how they controlled the music in the background and changed the music to heavy metal.

I came into class the next day and my TV production teacher told me that the school received multiple calls complaining about the music.

netsend

It’s a little command line program included with windows that you can set up to send short messages to computers as a popup box. A lot of printers could use this to tell you your print job was successful, and it was used a lot in libraries and such. And also my high school. They had some cursory protections in place, but if you managed to open a command prompt you could send your own message. You just needed the recipients windows username or PC name… our school used the standard first letter of first name + full last name, even the teachers. So of course, being highschool, this spread like wildfire and there was a whole semester where everyone was abusing it to troll other classmates or interrupt teachers mid lesson. It was also being used as IM/text before any of us even had phones - you could shoot your friend a message to dip out of class or something.

Everything came to an abrupt halt when a guy was dared to run a batch file that was a single, looped, expletive laden net send to a wildcard recipient. It sent the message on repeat to every computer in every school in the district. Every time you hit ok a new box would pop up with the same message. Supposedly every computer needed a hard restart, including servers. Dude got in trouble, and our printers stopped telling us the print job was successful after that.

Take all the balls out of the mice

I used to fuck around with desktop shortcuts for fun. For example, replacing the internet browser shortcut with a shortcut to a script that starts the browser, but also does other weird stuff, often only after a certain time.

So somebody would “start the browser” and every 30 seconds, the script would open another browser window, or word, or close a browser window, or shut down the computer, etc.

I thought it was just harmless fun that was easy to fix and figure out, but the school IT would look everywhere to fix the strange issues and believed that students had installed a “hacked version” of firefox…

My home room in middle school was one of the few classrooms that had windows pcs. They used deepfreeze to reset them daily, but I found some program that actually disabled it. I think I just installed firefox or chrome and then ran windows updates because they always had the annoying yellow shield system tray icon for windows updates needed.

I replaced one of the DLLs (winmm.dll?) with a DLL of my own. It got loaded before the login dialog and installed a hook that saved your login details to a file. This was Windows for Workgroups so no access controls for files.

That way we managed to get the login info for a teacher that nobody liked, then we filled his home directory with porn. IIRC there was a quota of 5 MB and after that the admins got involved.