[HN Gopher] Show HN: This website moves your mouse cursor ___________________________________________________________________ Show HN: This website moves your mouse cursor Author : baobabKoodaa Score : 139 points Date : 2021-04-01 12:56 UTC (1 days ago) (HTM) web link (www.attejuvonen.fi) (TXT) w3m dump (www.attejuvonen.fi) | superprofesh wrote: | The display:none rick roll was a nice touch. | skulk wrote: | looked at your source code, I think | `window.requestAnimationFrame`[1] may fit your use case better | than `setTimeout`. | | [1]: https://developer.mozilla.org/en- | US/docs/Web/API/window/requ... | movedx wrote: | The "How this works" button links to | https://www.youtube.com/watch?v=dQw4w9WgXcQ for thus of us unable | to click said button or they're too paranoid to :P | tyingq wrote: | Not mouse warping, but I find this demo much scarier: | https://alteredqualia.com/xg/examples/gaze_dolores.html | mseepgood wrote: | It's basically just Xeyes. | kjjjjjjjjjjjjjj wrote: | saw a scary face in the background and nope nope nope nope | mittermayr wrote: | especially when you go all four corners and then dramatically | put the cursor right in the middle. goosebumps. | devit wrote: | Of course it doesn't. It merely shows an image that resembles a | mouse cursor. | butz wrote: | This demo has a similar vibe: | https://codepen.io/bnhovde/full/OJLYGKx | [deleted] | m_a_g wrote: | Damn, I just got Rickrolled in the most unexpected way. | jugg1es wrote: | youtube should make an exception for this video so that it | doesn't show ads when you visit from an external referral. Ads | really ruin a good rickroll. | Ombudsman wrote: | Yup, bravo, they got me too. I'm so angry. | | e: The JavaScript can be found on the <head> section of the | page btw | jl6 wrote: | Oh man I was hoping this was an auto-mouse-jiggler, which might | actually be useful. | john-doe wrote: | What about moving the website instead: http://bewe.me/ | broberts01 wrote: | This is fantastic. | superasn wrote: | You may also enjoy this whole subreddit dedicated to such | shenanigans: | | https://www.reddit.com/r/badUIbattles/top/?t=all | TimTheTinker wrote: | whoah, that's cool... and he built another demo here that's | pretty amazing: http://schemasofuncertainty.com/ | zaczekadam wrote: | I love the how it works section. Very clever! | brundolf wrote: | It's a fun trick, but to reassure anyone who's panicking right | now, it's not actually moving your cursor | | It's hiding your cursor while it's over the site, rendering an | <img> of a mouse cursor at its location, and then moving that | around a) when you move your real cursor, and b) with random | perturbations | | Note to the author: the illusion would be even better if you used | the user-agent to render a system-accurate mouse cursor ;) (on | macOS the real cursor is black and the fake one is white) | minikites wrote: | I used Mac OS for decades before switching, but I changed my | Windows cursor to black because I'm used to it and I genuinely | think it makes more sense with most backgrounds being light | colors. | noobermin wrote: | I mean it was obvious by looking at the inspector if you have | firefox. It's funny, I was able to "click" the how does it work | button even though it makes it look like you can't mouseover | it. | | Also, kind of obvious given I use a gtk+3 dark theme and the | mouse they use is white. | brundolf wrote: | Not everyone here is a web dev who's familiar with the | inspector :) | | With the genuine browser security concerns that do exist out | there (and the often-exaggerated narrative around the degree | of the problem), it's worth being explicit that this is not | actually a real one | throwaway_porn wrote: | But you should still panic a little bit because this technique | can be used for https://en.wikipedia.org/wiki/Clickjacking | brundolf wrote: | The most it could do is fool you into thinking your cursor is | somewhere else _within the same web page_ , which the | malicious dev in this case would already have total control | over. If they wanted to fool you into clicking something, | they'd have an easier time just mis-labeling the button | vladvasiliu wrote: | > Note to the author: the illusion would be even better if you | used the user-agent to render a system-accurate mouse cursor ;) | (on macOS the real cursor is black and the fake one is white) | | I've already seen sites that change the cursor's appearance, so | I wasn't particularly "shocked" by that (I'm on a Mac). | | However, what should improve the illusion would be to not move | the cursor outside of the view area. | tyingq wrote: | Pointer lock does that, though I'm not sure what all browsers | support it. Chrome/Desktop does: | | https://mdn.github.io/dom-examples/pointer-lock/ | | It's a bit odd to me that it doesn't ask for any kind of | permission on Chrome, just that a user click initiates it. It | does briefly pop a hint that "<esc>" will release the mouse. | baobabKoodaa wrote: | Thanks for the feedback! The behavior around the edges should | be improved now. | baobabKoodaa wrote: | > Note to the author: the illusion would be even better if you | used the user-agent to render a system-accurate mouse cursor ;) | (on macOS the real cursor is black and the fake one is white) | | You're right, it would make the illusion better. I developed | this on Ubuntu where the default cursor is black, and I did | consider doing this. Eventually decided to just use the default | white cursor from Windows because it has better contrast on the | dark color scheme. I guess I could set up 3 different color | schemes for 3 different cursors for Mac, Linux, Windows, but it | may be a bit too much work. I think most people who notice the | cursor is different will just think "oh, this website uses a | custom cursor", they won't necessarily realize that it's just | an image. | Waterluvian wrote: | I'm on 18.04 and my cursor is white (and much smaller than | the one on the site). I never realised Ubuntu had a black | cursor option. | | I think you could make these changes, but I think that's if | you want to have fun doing it. The diminishing returns are | tiny and the gag lands well. | brundolf wrote: | You're probably on a different desktop environment (Gnome, | KDE, etc) | modeless wrote: | Even better would be to use the fullscreen api and mouse | capture api to trap the mouse for real. Then you could render | fake browser UI and do whatever you want when people try to | click on it. If you really wanted to mess with people. | baobabKoodaa wrote: | If you use the fullscreen api or the pointer lock api, | Chrome will render a popup that says "press ESC to..." | Without that it would be sick! | modeless wrote: | Yeah but I bet at least half of people wouldn't notice, | especially if you put something interesting on the other | side of the screen for a second. Or you could render a | bunch of overlapping fake warnings all over the screen, | making it difficult to find the real one. Or you could | put an exit fullscreen button and pretend to exit | fullscreen when clicked, but you're actually still in | fullscreen. Etc. I should probably stop giving the | malware guys ideas... | LinuxBender wrote: | Does not work if I enable javascript, but probably because I have | 3rd party scripts blocked in uBlock. no- | scripting: * true * * 3p-frame block * * 3p-script | block | baobabKoodaa wrote: | Hmmh, that's weird. The only 3rd party script on that page is | Plausible Analytics, and blocking that doesn't affect the | functionality on the page. It is loading one (first party) JS | file, maybe your uBlock configuration is somehow blocking that? | I'm also using uBlock with the default configuration, and it | works on the 2 machines that I tested with. | LinuxBender wrote: | Could be. I will have to try turning things off one at a time | and re-test. | | [edit] revised the rules above, the no-scripting: * true was | blocking it. Disabling uBlock for the domain allowed it to | work. | NikxDa wrote: | If you open the developer tools, there is a link to a video in | the DOM tree that explains how it works. | hammeiam wrote: | I found that one as well, I appreciate them hiding it for only | the curious to find :) | vladvasiliu wrote: | Is it me, or is this just some animation trick? | | I've tried on Safari 14.0.3 / Mac OS 11.2.3 and while the cursor | does _appear_ to move, its actual position, as determined by what | happens when I actually move it, doesn 't seem to change. | | For example, if I manually move the cursor almost to the top of | the page, but not quite, it will move around. Sometimes it | disappears "under" the fixed part of the browser. But if I | attempt to move it manually, the cursor "teleports" to where I | initially left it. | baobabKoodaa wrote: | > Sometimes it disappears "under" the fixed part of the | browser. | | Thanks for reporting this. The behavior around the edges should | be improved now. | y7 wrote: | This demo is also really cool: http://javier.xyz/control-user- | cursor/ | | Via: https://news.ycombinator.com/item?id=14124285 (2017) | amelius wrote: | Websites could use this trick (hide the cursor and show a fake | one) to make visitors click ads instead of the links they want to | click. | dang wrote: | https://www.attejuvonen.fi/website-moves-your-cursor/ is related | (via https://news.ycombinator.com/item?id=26661784) | AngelOfDeath wrote: | I cant click the "How this works" button | cmg wrote: | Found a fun Firefox issue where after putting FF in the | background I tried to command-click that button to trigger it. | My mouse cursor disappeared across the entire OS even though | Firefox wasn't the active application! Had to bring Firefox | back to the front to see my cursor again. | baobabKoodaa wrote: | ;) | mrcschwering wrote: | I clicked it^^ | dash2 wrote: | If you look at the source you'll find a link to a youtube video | that tells you all you need to know. Don't give up :-) | FeepingCreature wrote: | Yeah, you can click it, but only if you already figured out how | it works - move the fake mouse cursor to the point where it is | almost over the button, blindly move it down a bit and click. | Groxx wrote: | "how this works" -> can't click it. | | oh that's a marvelous bit of trolling | mittermayr wrote: | Something exactly like this almost got me kicked out of school, | first year. | | I had just picked up Delphi and being the nerd I was, I wanted to | make use of it anywhere I could. At the time, the Windows API was | essentially completely open to mess with, and I had discovered a | bunch of weird things, like the fact that setting (!) the mouse | cursor position was even possible, and I knew the CD ROM drive | could be opened with code as well. | | I packed those things into a quick Delphi program, removed its | main window (so like a daemon essentially) and then deployed it | on our school computers (everything was open, I just put it into | the Startup folder if I remember correctly). | | Well, I had the daemon deployed on most computers eventually and | it had a timer that looked up a file on the shared network drive, | and depending on what was in that file, it would do something, or | stay quiet in the background. | | Since our IT classes were mostly just "doing stuff in Microsoft | Word" (good old times), I couldn't hold off for too long and just | added the magical "shakymouse" to the text file, a minute or two | later, you would see everyone's mouse cursor start to wobble. It | became next to impossible to hit a button or anything really, and | I just had the time of my life as the teacher scrambled around to | figure out what in the hell was going on. | | I then changed the text file to "cd" and everyone's CD drive | opened (one after the other as they all slowly picked up the | command). It was SO AMAZING (just the choreography of it all), I | literally almost shit my pants out of excitement. | | Problem was, there was only one person in the entire school they | felt was capable of such nonsense, so they had me at the | principal's office an hour later. They made a big show out of it, | and told me to go home as they'll come up with a punishment and | they'll also need to talk to my parents. | | I thought I was in massive trouble, didn't sleep at all that | night. Next morning, I'm back at school, principal wants to see | me, tells me I am free from having to attend the IT classes, as I | clearly don't need them, and this reduces the chance of me | getting bored. So it worked out quite nicely after all. Lesson | learned... CRIME PAYS!!! | lhenk wrote: | When I was 12, I found out about `shutdown /i`, which opens up | a GUI where you can enter target IP addresses. Obviously I had | to try it out in class. Each computer room in school had its | own IP range, so it was easy to target all PCs in the current | room. At the end of the class, I shut down all PCs - it worked! | | I told a friend how I did it - of course he had to tell the | others in class.. so the war began and everybody shut down | their neighbors PCs! | | We then invented "defense scripts" in batch, which basically | ran `shutdown /a` in an infinite loop to cancel any shutdown | requests. | | In the end, the administrator disabled the shutdown command - | the official reason was potential harm we could do concerning | A-levels. | | Good times. | haddr wrote: | did something similar, with delphi, using winapi but also used | opportunity to learn network sockets so the daemon was | controlled using telnet. and instead of deploying it to the lab | I was just showing it to those who were interested, so didn't | run into problems with teachers :) | | Ps. cd opening was there too :) | mittermayr wrote: | CD opening was the gateway drug to everything else. | Everyone's mentioning that in the threads here. HA! Love it. | vbezhenar wrote: | I remember story about using program to open CD which | pushed reset button of another computer. It was used as a | watchdog to reboot it. | DougN7 wrote: | You lucky young folk! In MY day the Apple IIe didn't have CD, | mouse or network! Pranks were pretty limited... | jimnotgym wrote: | We had Windows machines in around 94. They booted to some kind | of menu where you could do various things I don't recall...and | boot Windows. There was a problem with my friends machine one | day and I saw the IT admin type a ludicrous single character | username and password to get into this boot menu. | | So I used it to have a look around and change the startup | message to insult a friend. Then I told him how...and he told | everybody. Next day all of the machines had obscene messages, | and someone was caught doing it, they said my friend told them, | and he told them that I told him. Thanks buddy. | | I remember being terrified as I told the deputy head how I | 'cracked the code', but I think I just got a detention. | soylentgraham wrote: | Similar thing for me in college, when it came to punishment | they asked, "what sort of reprimand do you think you would | get in the work place?" And i replied with "sent home with | pay?". They weren't impressed. | Causality1 wrote: | I received a similar summons to the principal's office for | using the "netmsg" DOS command to send a single character, the | letter q. I had intended to only message my friend in the same | room but it went to every computer in the school. | klyrs wrote: | Hah, I had a similar experience. Got kicked out of one class, | changed to a keyboarding class because I could already type | fast. Easy A, right? Well, the computers didn't work very well | and I'd fix them, and leave a signature where I'd been. Teach | was a little flabbergasted when I'd be sitting at a "broken" | computer but no matter. | | Don't tell, but I knew how to pop into windows and play games, | and the machines were networked so I had everybody's classwork | sitting right there. They can't catch you cheating when the | assignment is to copy the same damned text. Teach lost me on | day 1 when I did 65wpm on the 5wpm test, all like "no, you | can't skip ahead, you've demonstrated can type at 5wpm, now you | need to take the 10wpm test" | | But then they taught us how to use macros in a word processor. | I don't know how or why, but the computers had a shared | namespace for these macros. We were only supposed to use them, | but I figured out how to make and edit them. Told a friend | about it. The friend promptly changed the macro the class was | meant to use. With recursion. And that was Trouble. Who gets | the blame? Kid with their name on all the autoexec.bat files, | that's who. | | Shortly after I got back from suspension, I talked to the IT | guy, and became his unofficial TA, and fixed computers during | that class period. | umvi wrote: | Reminds me of the time I naively did "net send *" to send | messages to a coworker such as "What's up dog?" at a US Air | Force base hospital (I was summer hire working in the | warehouse). My coworker got a kick out of it, but apparently | every computer in the entire hospital was on the same domain | and two frantic IT NCOs came bursting into the warehouse trying | to figure out who was sending the messages. Apparently the | group commander's computer was getting them too... | jhamilton wrote: | This sounds super similar to a prank I pulled in high school. | | At school, it was sort of a cat-and-mouse game between the | students and the sysadmin. Kids would find new ways of evading | the school blocks (different proxies, someone getting a bypass | login, etc so they could access myspace) that the admin would | then catch a couple weeks later and close. A lot of these | proxies were distributed on the fileserver that was shared | between students. | | One day, I wrote a small piece of software in my programming | class (in VB6!!) that would wait a random length of time, and | then open and close the CD tray. I wrote a short batch script | that would copy that file to startup and then open the current | popular proxy software. I then changed the icon on that script | and placed it where people expected to find the proxy software, | giving them reason to run my script. | | Students then unknowingly disseminated my software all over the | school, and the next day (after PCs were rebooted overnight) | the software would take effect and randomly open/close the CD | trays of computers all over the school. | | They ended up tracing it back to me (windows user | permissions/ownership, probably) and I was promptly banned from | computers at school through the end of the year and for most of | the next. | surfsvammel wrote: | We had a battle with the sysadmins, we trying to do pranks | and the sysadmins trying to find us. This was around 1996 or | so (I remember this because Quake had just come out). Anyway. | I remember us communicating with the sysadmins by writing | small messages in files we where not supposed to be able to | access. | mittermayr wrote: | VB6 was the worst and best kind of software. You were NEVER | (even as a professional) sure if it ran on the other/target | machine, so you just hoped for the best. | | Also, I quite like the cat-and-mouse analogy you mention, | because I feel it was (mostly) a harmless way to hone skills, | to level up knowledge essentially, with a (at the time) | reasonable amount of risk involved, which kept it exciting | enough to learn more. It would be cool to see schools have a | bug-bounty type of environment here or there, just for those | few kids who actually want to spend their time on getting | better at networking. | jhamilton wrote: | Luckily the school was rather new so all of the PCs across | the entire school were identical, whether they were for a | teacher's use, the programming class, or the graphic design | and yearbook clubs so I was luckily able to avoid any of | those shortcomings. | | Cant say my school had anything of the sort (they'd prefer | to punish and force you back in line with other students) | and while I like the idea, I know that in HS it'd feel too | akin to snitching on my classmates to participate in that. | o-__-o wrote: | > Problem was, there was only one person in the entire school | they felt was capable of such nonsense | | I found myself sitting in the vice principals office, as a kid, | all alone with his password under his keyboard. I thought long | and hard about going to the local library, dialing up to the | school network (modem days) and changing a bunch of grades of | students to improve my GPA. That reason you called out is the | only reason I did not. All eyes would be on me. | | So I resorted to just mild pranks | | - took a virus from my library and submitted it with homework | | - found someone trying to install sub seven on my girlfriends | computer. I reverse subseven'd him and socially engineered him | to give me his address. Used mapquest and showed up at his | house | | - made a fake virus that pretended to run format c: on my moms | computer. My mom had the principals office call me out of class | in 6th grade. I remember laughing my ass off that I got called | out of class for that prank | | - in college I wrote a program that would split up audio files | into variable lengths up to 1 second and send them to a list of | servers (sun ultra 60s) then run auplay to play the audio of | the files out of the speaker. The controller would keep track | of which system had which part and would plAy the audio in | sequence across the various systems. The sun servers were lab | computers with users on the console. Imagine their surprise | when Mega TeamFortress sounds start playing in surround sound | out of all of the systems around them. | | - scotch tape over the very end of Ethernet cables on desktops | (fun!) | | - vb or c# program that "jiggles" the mouse pointer. I made a | coworker throw out three mice because of it | | - redirecting a coworkers network drop to a spare Linux | computer in my office running tc introducing random latency | | - control-alt-down on windows computers | | - random times in cronjobs that runs shutdown or randomly kill | shell process on unix boxes/accounts that were left unlocked | | There's probably more, but whew I haven't pulled a prank in | over a decade! | mittermayr wrote: | My two favorites on that list clearly are: scotch tape on | ethernet cables (what a horrible, horrible ...yet so | fantastically effective idea), and cronjob shutdowns (why did | I never think of that). | imwillofficial wrote: | This story made my day | dragontamer wrote: | Floppy drive bootloader. | | If you left the floppy disk in, I took over the boot-process | and displayed "Uploading Virus" in a loop. Which of course, | didn't do anything. | | A few weeks later, all the floppy-drives were removed from the | library's computers, lol | evanreichard wrote: | This is hilarious. I have another somewhat related story. | | Back in 7th grade I stumbled upon the "net send" command. So, | bored in the back of class one day, I sent a few messages and | saw them pop up simultaneously on all the computers. I thought | it was pretty funny. I didn't sent anything vulgar. Just | something like, "yo", and "it's Evan" (yes, I put my name). | | Well, turns out I sent those messages to every computer in the | district. Three elementary schools, one middle school, one high | school, and the administration building. | | Maybe 10m later someone from the IT team came and asked who had | computer #XX. Obviously was me. Principal claimed I hacked into | all the computers and said he'd call me back in for an | appropriate punishment. | | Nothing ever amounted to it. Never got called back in so I had | no repercussions. | kbelder wrote: | Back when I managed a call center, we were just integrating | some new messaging software. This was very old-school, IBM | 3270 dumb terminals hooked up to the mainframe. | | One of the team leads was trying to figure it out, and sent a | message to her group saying, 'if you can read this, please | raise your hand.' | | Of course, she got it wrong, and sent the message out to the | whole corporation. No safeguards against that, at the time. | | Nothing bad happened, other than severe embarrassment. But I | still smile at the thought of the marketing department | setting in their offices, hands raised, wondering if it was | safe to lower them yet... | slaughtr wrote: | Dang I got suspended for 2 weeks and wasn't allowed to touch | a computer for the remainder of the year when I did this. | | And I had even managed to figure out how to target it at | specific logged-in users! | mittermayr wrote: | Hah :) That moment of ... did I just do something | extraordinary cool... or did I just mess up big time? Or... | wait a minute... I JUST DID BOTH! | xaduha wrote: | Basically same thing happened to me, except it was my teacher | and some angry IT guy that gave me a ribbing, principal | called him. | | > "it's Evan" (yes, I put my name) | | I just sent 'test' and I think it shows IP or computer name, | but it didn't really matter, I had to confess when they asked | the class who did it. | | 'net' has so much stuff crammed into it though, it's | unbelievable. Feels like a skeleton key that just barely | follows rules. | staticfloat wrote: | Hah! I did the exact same thing when I discovered the "net | send" command. Only me and my friend were playing around so | we sent eachother messages like "I know where you live"..... | the school tech was cool with me so I didn't get punished, | but quite a few admins were freaked out by these strange | messages appearing on their computers. | CodesInChaos wrote: | On Windows 95/98 there was an API call that hid your process | from the taskmanager (intended for services, IIRC). Used that | trick on my "fun" Delphi programs. | entropie wrote: | I got only suspended for two weeks because I pressed E in the | grub menu and booted linux with a root shell. I told my teacher | that their installations are basicially not secured at all and | he didnt understand anything what I tried to explain and send | me to the school manager which accused me of hacking the school | network. | Aeolun wrote: | I cannot imagine this taking place in this day and age. The | principal would have you marched out of the school escorted by | police and charged you with a federal crime or something. | wdfx wrote: | This sounds very familiar. In my final year at school I was | given privileges to 'monitor' the school's computer lab over | lunchtimes. What that amounted to was really just reminding the | other students to save and leave before the afternoon lessons | started. | | I thought better and that I could automate this task by writing | a small background task in VB (4 or 6, I can't remember which | year/version) which would listen for commands on UDP. | | One such command would initiate an immediate shutdown. Without | prompting the user to save open documents. | | Only once I issued that command to the entire lab. | | I didn't take long for everyone to find out who did it since my | own machine was still logged in and working. | | The next day I removed the process from the machines lest I get | myself in any real trouble. | mittermayr wrote: | Automating things was quite a thrilling thing to do at the | time (before one was paid to do so). And UDP in VB, holy | moly, some seriously advanced stuff (at the time). | [deleted] | tshaddox wrote: | That's a good story. In middle school I got similarly called to | the principal's office and threatened, but literally all I did | was send messages (and nothing particularly menacing or | inappropriate) to other computers using the Novell client | software that was installed on every PC at school. You had a | lot more fun! | mittermayr wrote: | Whatever happened to Novell? It was everywhere at the time, | and then never seen again. | westmeal wrote: | It was extremely popular but I think people started to | realize how useless it was after Windows Server 2012. | donjoe wrote: | Haha, this sounds almost exactly like my Delphi story - just I | didn't target the mouse. | | Instead, I did target each keyboard's keys which - when being | pressed - would play a sound using internal speakers. Deployed | it on all devices in the room and once class started, we had a | lovely concert going on. | | Got kicked out of the room immediately. | | Ah, and netsend was fun also :D | brundolf wrote: | Wow. One time in highschool I ran Rainmeter (a harmless HUD | program: https://www.rainmeter.net/) from my flash drive on a | school computer to show a friend. The next day I got called up | to IT because they apparently had software listening for any | foreign executables (but not actually blocking them?), and | policy was to suspend me from school computers for two weeks. I | was taking a CS course at the time, so for two weeks I just had | to sit there in class doing nothing. | | When the IT guy talked to me, he even said he'd seen Rainmeter | in a magazine and tried it out at home and thought it was | pretty cool. But the admins had watched Hackers too many times, | it seems, and thought it appropriate to treat me like a | delinquent :P | | Edit: Looks like Rainmeter is still alive and kicking! Maybe | I'll give it a revisit | mittermayr wrote: | Oh yeah, the school admins were always (probably all around | the world) a special bunch of people. From complete | bureaucratic permission junkies, to those who opened the | doors for curious students to hack around, experiment and in | general just talk shop with a grown-up (of sorts). At the | time, I felt it was so hard to find people to learn from, | everyone was just playing games or hating computers. So those | people could (sometimes) be a beacon of light in a not-so- | nerdy world. | | In another school (where IT was much more advanced, likely a | lot like you've encountered), I put a file called | DukeNukem.exe on the school-wide network share, and it didn't | take long for people to discover it. It just showed an error, | game needs some extra permission, and asked you to enter the | password to try again. Well, people did that of course and | the game didn't work. But another file on the network drive | collected EVERYONE's password, one after the other, it took a | few weeks until they caught me. They were able to use some | Novell admin ninja something something to figure out who | placed the file there and again, I was kicked out of IT | classes, no other harm. | don-code wrote: | This was close to the way my high school chose to deal with | process gaps. Luckily, the two IT guys were more than happy | to help me out - I could get off scot-free if I just showed | them how I'd done it. | | They blocked executables on floppies, but if you copied | something to a floppy as a .txt file to My Documents and | renamed it, it was runnable. | | They then blocked executables in My Documents, but if you put | in a batch file, that'd still run. | | They then blocked batch files, but if you created a shortcut | to "cmd.exe" and ran that off a floppy, you got a shell | prompt, from which you could run whatever you want. | | They then blocked executing "cmd.exe", but the initial | response didn't also include "command.com"... | | _Unfortunately_, at that time, I'd already discussed the | "cmd.exe" loophole with them, and the "command.com" loophole | was basically the same thing that I'd already been told not | to do... so I got detention for this one, and promptly | stopped. | Aeolun wrote: | That's a bit dissapointing. If you want someone to bring | you vulnerabilities you have to allow them to experiment. | hypermachine wrote: | Setting the cursor position is still available in the Windows | API, it is the basis of how most RPA tools work. | mittermayr wrote: | Oh that's interesting to hear! I assumed that most things | have probably been shielded off behind UAC and similar things | (like the Mac keeps asking to allow certain apps to even read | the screen or access the Desktop now). | don-code wrote: | The network space on my university campus was flat and | unfirewalled - one big /16 on which every device had more or | less unfettered access to every other device. | | Sometime in my senior year, I read that there was a PJL command | that could set the ready message on networked HP printers. | | Naturally, I wrote a script that walked the entire /16 and | would attempt to set the ready text to "Low Toner". My | girlfriend convinced me not to run it, so I changed it to "Low | Mayonnaise" and ran that instead. | | For the next few weeks, seeing "Low Mayonnaise" on printers was | a pretty common sight. It disappeared on its own as printers | were reset, or error conditions triggered, but it did feel | pretty satisfying. | Sidetalker wrote: | My high school claim to fame was a VB.NET application I wrote | during class that would connect directly to my server to | download flash games since online flash games were constant cat | and mouse. I had hotkeys so you could hide the whole thing from | screen and taskbar on a whim. My flash repository was still | getting hits for years after I graduated, though that tapered | off a little while ago. | NicoJuicy wrote: | - pushed in my USB drive with autorun to copy files ( it was | related to a dare) | | - someone was a bully. He talked about nfs 2. Sub7 him and | deleted his saved games of it( a website catched his IP in | logs, also msn could see the ip connected during a file | transfer at the time - unrelated). I laughed silently, when he | complained at school. | | - distributed the twilight and crazy bytes CD/dvds at school. | They compression was amazing! ( I know it deleted assets too) | | My desktop contained 3 cd writers to burn things. Later on 3 | dvd-writers. | | - Didn't fiddle with hardware too much. But i remember doing | modem bonding for double speed. I quickly stopped because my | parents found out ( 2 phone lines occupied) and because of the | high price... 5,6 kb. * 2 felt insane. It was a normal model | though and seems a bit weird, telling it. Did anyone do this | too? ( Don't remember it very well) | | - chat logs of msn were amazingly simple and nice at the time! | Xml with dtd. I still use it for a lot of things for templating | client data and even generating html from it. Most useful thing | from then, that i still use. ___________________________________________________________________ (page generated 2021-04-02 23:00 UTC)