[HN Gopher] Black Hat Exploits of the Stupid-Easy 80s
___________________________________________________________________
Black Hat Exploits of the Stupid-Easy 80s
Author : mad_ned
Score : 144 points
Date : 2021-06-30 12:44 UTC (10 hours ago)
(HTM) web link (madned.substack.com)
(TXT) w3m dump (madned.substack.com)
| pcdoodle wrote:
| AOL
|
| Win32 API and VB6 Subclassing. Open random chatrooms, collect all
| the screen names. Go to school. Computer dials AOL while parents
| at work. Tries Screen Names as password. 3 attempts before AOL
| Hangs up. Redials and tries next set of 3. Come home from school.
| Fresh Screen Names. Free AOL. Terrorize Hanson Chat Room with
| <font size = 9999999999999999> Instant Message. _Everyone has
| left the chat_
| geocrasher wrote:
| Early 90's Southern California. I was about 15 and had been
| teaching myself Borland Turbo C++ at home with the SAMS book. At
| school, there was a room in the Library with about 20 386sx/16's
| that were used to teach kids... Borland TC++. The teacher?
| Another student who was good at programming. I didn't know him,
| but he had a reputation for being egotistical. My friend and I
| just went in there at lunch to play QBasic games, which I'd
| modify a bit for more fun.
|
| One day I decided to mess with the egotistical teen teacher. I
| wrote a little TC++ program that ran from autoexec.bat. On
| bootup, it put out several seconds of a low frequency buzz from
| the PC speaker and then printed "Oh, Excuse me! I couldn't
| contain myself!" and then disappeared. At that point, the
| autoexec.bat removed the binary and then overwrite the old
| autoexec.bat over itself, removing any proof.
|
| Nobody could say it was me, but the Librarian knew and said if I
| did it again I wouldn't be able to go back. But she also said he
| was really pissed by it and I get the feeling she got a kick out
| of it, too.
| JeremyReimer wrote:
| You reminded me of a time in high school when I worked for the
| local library. The librarian had a perverse habit of closing
| the windows in the back room during the summer, making it
| unbearably hot. My mother, who worked there full-time as the
| Children's Librarian--the Librarian's direct subordinate--told
| me that during winter this woman would open up the windows and
| make everyone freeze.
|
| So while I worked on a program in FoxPro to automatically print
| out new catalog cards, I also wrote a small program in
| QuickBasic to print out (depending on the time of year) a
| message saying "OPEN THE WINDOW!" or "CLOSE THE WINDOW!" (the
| latter signed by "The Frozen Ghost") and then pause the
| computer for a good minute or so just to make sure somebody
| read it.
|
| For good measure, I made the AUTOEXEC.BAT file and my program
| read-only, and then deleted ATTRIB.EXE from the hard disk so
| that it would at least be somewhat annoying to remove.
|
| Years later I got a call from an IT tech who wanted to ask me
| some questions about DOS (he never specifically said why!) and
| I feigned ignorance. It felt good.
| at_a_remove wrote:
| I mean, there _was_ security, it 's just that most of the holes
| were so big you could drive a bus through, honking and dragging a
| bunch of rusty bikes.
|
| I have walked onto MUDs and, annoyed at being killed by some
| wizard for saying "hi," (stupid n00b move on my part) figured out
| how to bring the game to a screeching halt in about fifteen
| minutes. They had to bring it all down and patch to make me go
| away. This wasn't a testament to my ability, it's just that
| nobody was _thinking_ about this stuff in a defensive way.
|
| Oh, your system won't let me email that file out, you'll just
| return it to me? Well, lemme just forge my send from so you give
| it to me anyway.
|
| I got up to a lot of horsing around, almost all of it non-
| destructive because getting attention generally is not a great
| thing and it wasn't my stuff, I just wanted to see what was out
| there and you either had to hear about it from someone who knew
| it already or you had to stumble across it.
| BrandoElFollito wrote:
| Early 90's, university. I tricked the administrator of the UNIX
| cluster to "su" from my account.
|
| The su binary was mine, she typed the root password and the
| cluster was mine.
|
| I went to the administrators to say that I cracked the system and
| would like to be part of the administrators team. I was accepted.
|
| I learned an awful lot over the next few years (as a student, and
| then as a PhD student) - this helped me to land a job at IBM, and
| then at another company that was expanding in Europe.
| a1369209993 wrote:
| > I went to the administrators to say that I cracked the system
| and would like to be part of the administrators team. I was
| accepted.
|
| See, this? This is how school computer systems are supposed to
| work.
| ddingus wrote:
| The 80's
|
| This piece brought a few memories and impressions forward.
|
| One was hacking ULTIMA 2 and 3. Copy protection involved the bad
| sector technique. However, those programs did not do an in depth
| error check. Atari machines made a beep on each disk sector read.
|
| To play a copy of the game, one just counted the beeps, open the
| drive door, wait for the error sound (how handy is all that?),
| then close the door and carry on.
|
| Chain smoking... all through primary and most of high school, the
| teachers lounges were filled with tobacco smoke. To their credit,
| the educators did not reek in class, well one did, but those
| areas of the building did.
|
| All grades were old school analog, in the grade book, in pen.
| Changes were done with a strike through, new value, initial.
|
| One of my peers wrote a book report program in BASIC that would
| generate a fairly healthy set of variations. The seed was a wait
| for input loop. Was double digit report success before there were
| questions.
|
| Someone plugged an expansion card into a running Apple ][
| computer and killed it. Despite a dead CPU, it displayed video
| anyway. Was my first real experience with simple hardware vs
| custom chips. Those computers did not have the spiffy sprites,
| colors and sounds the C64 and Atari machines had, but they did
| have just enough of the things that really mattered when it came
| down to getting real work done. Someone looked the machine over,
| plugged in a replacement chip and it was running again. Nice.
|
| At the local university there was a card operated photo copy
| machine. 5 cents a page or something like that. But, one could
| ask for a copy, and listen for a little wine as some part began
| to spin up, hit eject on the card and get a free page.
|
| Most locked doors in my primary school could be opened with just
| hand manipulation of the doorknob. Turns out they were not
| mounted in their recommended orientation. A gravity based attack
| was possible and I found it one day bored just fiddling with the
| knob. Turns out, the more I moved it, the more motion was
| possible!
|
| Reporting that got me into trouble too. I remember that clearly!
|
| Of course they were angry at the doors being so easy, tried to
| assign blame to me, a 6th grader, amd were more concerned about
| the work and cost to fix the issue.
|
| If only people would just avoid doing anything unexpected, there
| would not be a problem. In fact, there was not a problem, until
| you came along...
|
| I remember looks on adult faces I did not see often when my
| response was, "How would you know?"
|
| Some foreshadowing there for sure.
|
| Heck, I even did responsible disclosure. Took it right to them
| first. Could have blabbed it to others and then what?
|
| Yeah, got the look again.
|
| One phone related one was super interesting too. A friend and I
| took an old pulse dial phone apart and were kind of stunned to
| see how simple it was. Then we made calls successfully without
| the dialer, just slapping the handset hook with anything close to
| the expected pulse rate. Cool.
|
| Then we called one another and were doing it again, just
| interrupting one another. Soon, an operator was on the line
| asking how we did this call. So we told her.
|
| Turns out we had dialed some test sequence or other. Of course it
| was not published and was not intended for use doing an actual,
| live call. Tech had to reset the whole thing, but we did get a
| super cool tour of the system later as that same tech was happy
| to show us how the robot like, electromechanical system worked.
| Amazing. These trees of open circuits! When one dialed a number,
| that number was an address that literally moved an rotated arms
| that closed the circuit to connect the intended phones!
|
| Fun times. So much was human scale and could be directly seen,
| heard, felt and was slow enough to be explored directly.
| teknopaul wrote:
| seems like bragging about is still the number one way to get
| caught.
| Bluecobra wrote:
| > (Also worth mentioning: everyone's assigned password was their
| social security number!)
|
| My student ID in college was my SSN, and that was only 20 years
| ago. :(
| tptacek wrote:
| This is a fun post. It's sort of mind-blowing to think about in
| the era of 15 page Project Zero posts about reverse engineering
| nested AMD SVM virtualization control blocks, but throughout much
| of the 1990s, the modal vector for an actual hacker taking over a
| network --- any network --- was simply by mounting a world-
| exposed NFS share. Leendert van Doorn's NFS shell was probably
| the most important hacking tool of that entire decade.
| mikewarot wrote:
| I was a young CS student, and the VAX administrators had written
| a program called SETUIC to work around some limitations on
| hardware to allow business students access to an IBM mainframe.
|
| If you ran SETUIC with no parameters, it set your UIC to [0,0],
| silently. _Anyone_ , not just business students, could run it.
| The system environment variables pointed to it, like a big
| advertisement sign to a young CS student.
|
| I learned many things about how the world works after
| accidentally discovering this fact. It is fortunate for me that a
| 2 year suspension was the extent of my punishment. They were
| hopping mad, not at my actions, but at those who I was foolish
| enough to share this knowledge with, and had acted far less
| conservatively than I had.
|
| I later was a system administrator, elsewhere, for 15 years.
| api wrote:
| My friends and I "hacked" AT&T System 75 and similar PBX (intra-
| office phone system) machines in the early 1990s for various
| reasons, and they were easy to get into because they came loaded
| with like 20 default admin accounts.
|
| I remember a few of these: "cust/custpw", "rcust/rcustpw", and
| "craft/craftpw" come to mind. Almost nobody removed or changed
| the password to these accounts.
|
| We'd find the machines using a "wardialer" (named after the phone
| scanning scene in Wargames) app that would dial every number and
| look for modems. We used a DOS scanner called "ToneLoc." We lived
| in Cincinnati and could easily scan all kinds of local number
| prefixes for free that overlapped with areas that were likely to
| dredge up a rich PBX haul: downtown, near the airport, near
| universities, etc. A certain kind of weird 1200-bps answer with
| unusual parity settings (7E1 if I remember correctly) was a dead
| giveaway for one of these ridiculously vulnerable AT&T PBX
| machines.
|
| Once you got in you could pull pranks, set up remote access lines
| to get "free" phone calls, set up party lines for you and your
| friends, etc.
|
| I was like 14 or 15 at the time.
|
| We also found other "phun" things with our wardialer including
| large outdoor signs with modems to allow remote configuration of
| the text they would display. If you saw "SMOKE POT EVERY DAY" and
| similar things a 15 year old would write on a highway or
| advertising sign in Cincinnati in the early 1990s that was us.
|
| There was a real sense of exploration back then. When we scanned
| areas like downtown Cincinnati we'd find tons and tons of modems
| that would answer with mysterious (to us) prompts or blobs of
| binary spew that I'm sure represented protocols we didn't know
| how to emulate. A few times we managed to try obvious-sounding
| login/password pairs on some of these login prompts and find
| ourselves inside an Ultrix or a SunOS machine full of mysterious
| data. We really didn't bother anything on those machines, just
| looked around. We pulled pranks with things like signs but the
| only things we really ever messed with or possibly damaged were
| the PBXes. There were just too many fun things to do with those.
|
| The weirdest thing I remember finding was something that
| initiated an Xmodem transfer and sent a black empty pixmap and
| then hung up. I wonder if it was some kind of camera or
| industrial monitor that was not actually working but was still
| on.
|
| The most "alarming" thing we found was some kind of building
| controller that we assumed belonged to a downtown skyscraper and
| seemed to control elevators, which we didn't fuck with out of
| concern that it could actually hurt people. Don't know if you
| could have done anything dangerous with it but we didn't want to
| try so we just dropped that one.
|
| There just wasn't a lot of security back then because it was all
| new and very few people knew how to do what we were doing. Even
| though Wargames popularized the idea of phone scanning people
| still seemed to assume that a live modem on a phone line was
| secure if the number was obscure.
|
| All that started changing really rapidly in the late 1990s when
| tons of people got online.
|
| Edit: found the scanner!
|
| https://en.wikipedia.org/wiki/ToneLoc
|
| https://archive.org/details/20040130-bbs-mthreat
| passwordreset wrote:
| SWIM once said to me: Funny thing about those System 75's, the
| entire ordeal originated from the hack of a bank's telephone
| system, who had a small Unix UUCP network and, for some odd
| reason, put all their System 75 logins and passwords into their
| Systems file. The default login information leaked out after a
| hacker named Syadasti announced that he was willing to turn any
| System 75's given to him into usable remote PBXes, and
| eventually some other hacker (Scott Simpson, maybe? don't know)
| set up a system on his own home line that responded like a
| System 75 would, and gave Syadasti that number. He promptly
| tried to login with the cust/rcust accounts, which were
| recorded by the other hacker, which led to the explosion of
| System 75 hacks throughout the US.
| tyingq wrote:
| Shared computer labs were dead easy to scrape account info from.
| Since the terminals were text, it was easy to code up a password
| scraper. You write a program that faked the login and password
| prompts, record the data, say "password incorrect", then exit, at
| which point the real login daemon would take over. Cliff Stoll's
| "The Cuckoo's Egg" describes this pretty well.
| [deleted]
| colordrops wrote:
| The easiest exploit I can recall (late 80s? Early 90s?) was
| getting credit card numbers from tossed receipts at gas station
| pumps.
| 29athrowaway wrote:
| Initially there was no validation for credit cards. There were
| programs called credit card generators that could generate a
| card from any bank in the world, with any name on card, etc.
|
| If you wanted you could generate a card for McLovin from some
| bank in Hawaii and it would work.
|
| I never used them but a close friend back in middle school did
| and got his computer taken away permanently.
| edmundsauto wrote:
| This was a checksum that machines could run locally, to make
| sure the account # was "valid". Then, in batch, systems would
| connect to the bank for the account interaction.
|
| Some services (AOL, when it charged by the minute) wouldnt do
| the actual bank reconciliation for a few days, during which
| you could use the service.
| bluedino wrote:
| You could get the whole carbon from a counter at a department
| store if the cashier wasn't around.
| sgerenser wrote:
| I worked at Sears selling TVs while in college from 2002-04,
| and even in their latest POS systems anyone could walk up to
| the thermal printer, press a button (even with the register
| itself locked) and print out a reverse-chronological "journal
| roll," which included names, addresses, phone numbers and
| full credit card numbers and expiration dates for every
| transaction. Crazy that anyone thought that was OK in the
| early 2000s.
| failwhaleshark wrote:
| Before carbonless, the carbon slips between the layers. There
| were up to 4 additional copies make on some of those kinds of
| forms and you'd have to press very hard with a ballpoint pen in
| order to get it to register at the bottom. Then, the credit
| card imprinter had to press the card to get through them.
|
| Since most cards don't have raised numbers anymore, manual
| credit card imprinting is no longer possible.
| irscott wrote:
| You used to be able to Google for transaction information from
| a particular e commerce shopping cart and get .txts of credit
| card info, name, address. The wild west was wild.
| Trias11 wrote:
| You could browse all files on many remote computers via:
|
| net use \\\123.45.6.78\
|
| dir \\\123.45.6.78\
| spullara wrote:
| I've been thinking about writing up a similar post focused on all
| the dumb stuff that was possible in the 80s. Everything from
| default voice mail passwords, long distance carriers with
| predictable code patterns, office phone systems that tell you as
| soon as you have a wrong digit for outside line access, DECs own
| global asset management system having a huge security hole in it,
| etc. Honestly though you can just read the first half of
| Mitnick's book up until the point he starts breaking into actual
| buildings to get a feel for it. Social engineering was and will
| remain the most powerful tool in the hacking arsenal.
| 300bps wrote:
| _long distance carriers with predictable code patterns_
|
| Thank god for statutes of limitations. Sorry MCI and Sprint for
| getting about 20 codes per night with my 300 baud modem when I
| was 13.
| leifg wrote:
| I still remember when Windows computers beging hooked up to a
| dial up would be open on the internet. Lots of them had no admin
| password and all drives where shared by default.
|
| So by just port scanning on the SMB port you'll find a lot of
| computers and would have access to all their files.
| arminiusreturns wrote:
| Man I stumbled on some crazy stuff back then when doing scans,
| one of the more notable was finding and ISP billing system with
| it's C drive shared over netbios (137/138). It was such the
| wild west days of the internet.
|
| Stuff like: I got in the local newpaper for recovering a county
| server password that had been lost... cracks me up in
| retrospect.
| AnimalMuppet wrote:
| With a cable modem, you were on the same physical cable as your
| neighbors. If you looked at "Network Neighborhood", you would
| see your neighbors' computers and printers (unless they had
| turned off file and print sharing).
| bluedino wrote:
| Fire up Ettercap and read unencrypted AIM conversations...
| thedougd wrote:
| Ah yes, I had forgotten about this. Routers and access points
| weren't yet a consumer item.
| MeinBlutIstBlau wrote:
| The typical 80's hack I always think of is in Ferris Buellers Day
| Off where Ferris hacks the schools records to change the number
| of days he was sick. Not only was there no internet, but how did
| he connect to the network? It's something I've always wondered if
| it would've even been possible.
| kgwxd wrote:
| He learned a lot while hacking the WOPR.
| pjmlp wrote:
| Here are modems for Timex 2068,
| https://www.timexsinclair.com/products/hardware/rs232-serial...
| mad_ned wrote:
| possible, maybe not likely. our school for instance had a modem
| line you could dial into, that let you access this one program
| that was for career counseling, it was like a buzzfeed quiz
| that asked you questions, and then recommended a career for
| you. I think I got plumber. we tried to hack past this to get
| at the general OS, but no luck. I suppose someone could set
| something like that up for the school record access, but would
| they? (like I claim in the article, it was the 80s so maybe)
| dave_sullivan wrote:
| I had a project one time for a school district and had access
| to all of that. Made me think of the "changing grades remotely"
| trope and had a pretty good chuckle. Wouldn't have been
| possible when I was a kid but it is now I guess.
| bluedino wrote:
| Early 90's, but our computer system (some sort of minicomputer)
| had a modem bank so that teachers could do grades and such from
| home. I worked in the office because I had an open hour, I
| earned a credit and I also got to see the guidance counselors
| view students records and such. It would have been very, very
| easy to change grades.
|
| Also, many schools had internet connections back then. I know
| our school had a T1, it might have also had a leased line to
| the state education system for some reason, I would guess the
| security was very lax back then.
| dragontamer wrote:
| > Not only was there no internet, but how did he connect to the
| network?
|
| Most "networks" were over phone lines those days.
|
| You call in with a modem, and that connects you into a
| particular computer (or in the general case: a network). BBS
| for example was just a shared computer on a modem on a well-
| known publicly posted telephone number that many people called
| every now and then to check for message.
|
| If you knew the correct telephone numbers and the proper
| parameters to connect (baud rate, modem type, etc. etc.), you
| could even get a printer (aka: Fax Machine), a UNIX login
| prompt, or other equipment inside of an office (and presumably
| a school).
|
| ----
|
| Now why would a school put their grades database on a publicly
| facing telephone number and hope it doesn't get hacked? Well,
| that's a good question.
|
| But then again, ATM machines in tiny liquor stores are still
| largely on this telephone-line / modem technology (I dunno if
| its still like this today, but even just 10 years ago, a
| surprising number of ATM machines were still accessible over
| dial up). So why don't you ask the ATM machine engineers why
| they think that this practice is safe.
|
| After all, if its safe enough for ATMs, its probably safe
| enough for a school network. If this thought process is
| horrifying to you, then welcome to the 80s / 90s era of
| computer security.
| kQq9oHeAz6wLLS wrote:
| > Now why would a school put their grades database on a
| publicly facing telephone number and hope it doesn't get
| hacked?
|
| Same folks who built David Lightman's school system,
| apparently.
| goalieca wrote:
| My high school had the attendance computer in main office and
| it could be found on the network from any other machine.
| Everyone knew the password to it since was used and shared
| for all other admin and IT tasks.
| kmeisthax wrote:
| This concept is a little weird to think about today, but the
| Internet used to be accessed through regular voice phone lines.
| You'd plug your computer into the phone network with a little
| thing called a modem. In the _really_ early days you actually
| had to use an acoustic coupler for regulatory reasons. Then you
| dialed the phone number of the computer you wanted to connect
| to - most of which were _not_ running the Internet Protocol!
|
| Typical computer systems you would dial into would include...
|
| 1. Proprietary data services (AOL, Compuserve, etc)
|
| 2. BBS systems - typically individual computers running
| services that let you send messages or files to other users who
| could then dial in to receive them. Some BBSes were even
| networked to one another, the largest of such systems being
| Fidonet
|
| 3. Remotely-managed IT equipment - the sort of thing depicted
| in the movie.
|
| 4. Mainframes - universities and large businesses would often
| have remote access that you'd dial into. This is roughly
| equivalent to SSHing into an Internet-connected machine today.
|
| 5. The Internet - originally only through remote access to
| mainframes (#4). Later on, data services (#1) started offering
| open Internet access. (notoriously, AOL utterly demolished
| USENET's existing cultural norms by doing this) Then companies
| started just selling dial-in Internet access without other
| services and this became the dominant use case for modems.
|
| This concept was inverted starting in the late 90s. First,
| phone companies started offering "digital subscriber lines"
| (DSL) that provided way more bandwidth to connect to an ISP
| with. Then, (at least in North America, thanks to various Sega
| Genesis related reasons) cable companies got in on this and
| started offering "broadband Internet", too. With the greater
| bandwidth of these services, it suddenly made sense to send
| Voice over Internet Protocol (VoIP) instead of Internet
| Protocol over Voice. So dedicated landline channels became very
| outdated _very quickly_ , and today we think of voice as just
| something you send over a multitude of Internet apps.
| bluedino wrote:
| Don't forget about your dialing into your office computer to
| work from home, using something like LapLink or PC Anywhere
| CountDrewku wrote:
| Watch War Games and that'll give you a general overview of how
| you'd access a system back in the 80s. They were still
| networked and accessible remotely, just not the way they are
| today.
| ulzeraj wrote:
| Very cool stories. I remember running some pranks but those are
| all from the early 2000s.
|
| Best story I remember there was this arrogant guy that worked
| with on the Unix department. He was into FreeBSD by that time and
| had an attitude towards the Linux guys. One day he left his table
| and forgot his machine open with a root prompt. They took the
| chance and modified inetd.conf to map a certain port to the
| shutdown program. People had so much fun shutting down his
| computer remotely and watching his reaction.
|
| There was also this time working for a smaller company and we
| would prank each other all the time. I had admin access to the
| Linux router so I've created a NAT rule to redirect this guy's
| traffic to a transparent squid proxy running a perl script that
| relied on imagemagik to turn the images upside down. Got the
| script from a Slashdot post. Poor guy even tried to reinstall the
| OS to no avail. He eventually found out and had his revenge by
| going into my computer CMOS and setting disk access to PIO
| instead of DMA.
|
| I also remember scaring people through Windows' net send commands
| and that one where you take a screenshot of the desktop then you
| remove all the icons and interface bars and set the screenshot as
| background image. Also randomly adding 'alias ls=exit' to some
| server /etc/profile.
| jonshariat wrote:
| Not a programmer but lots of good memories doing the background
| trick by hand. Good times.
| 29athrowaway wrote:
| A highly recommended text file, enjoy:
|
| Anatomy of a pirate
|
| http://www.textfiles.com/piracy/anatomy.txt
| tobinfricke wrote:
| When the web was new, one could use Altavista to search for
| /etc/passwd files accidentally exposed to the web, and crack
| them. Even better, many *nix machines shipped with some accounts
| having no password by default. I remember one could easily telnet
| into almost any SGI Irix machine via the "lp" account.
| jamal-kumar wrote:
| Back in the mid-2000s I was really into computer security (still
| am) and managed to trick my school's truancy system using
| something called a silent termination test line. Basically what
| this does is cuts out the line entirely to test for line noise
| for a few minutes, like you pick up the phone and it'll still be
| connected to that number, no dial tone just silence. I just
| confidently went right up to the secretary and told her my new
| home phone number was the silent termination test line. There
| would be this automated truancy bot calling everyone but whenever
| it would reach my name, skipping around a class a day at one
| point (Still don't know how I actually graduated other than the
| teachers liking me and getting my homework done anyways), it
| would just fuck the entire system up and a bunch of people
| wouldn't get calls after me either.
|
| Smoking drugs and hanging out with girls was way funner,
| completely zero regrets getting doing stuff like that out of my
| system early... considering the trajectory my life has been on I
| really didn't need post secondary. Can only imagine how stressful
| and expensive that would have been and to what depressing,
| indebted end.
|
| There was a bunch of other fun stuff on that test prefix, but
| half of that is lost to the sands of time, the funnest I don't
| even know what the hell it was. I've asked random phone company
| linemen about it and they're basically just like "how the hell do
| you even know anything about this?", and can't tell me what this
| number I found was. I basically war-dialed it based on patterns
| from other numbers on the prefix and it'd give me 30 seconds and
| then a real dial tone (payphones around then actually used some
| recorded tone). Since I could call these numbers for free from
| the school payphone, it was easy to find, and that real dial tone
| was probably in the phone company HQ. We found this enormous list
| of interesting phone numbers from phonelosers.org (Wish those
| were archived!) and just started doing shit like calling the
| white house and the president of kenya's office. I think we only
| stopped after a friend of mine made a huge stupid mistake and
| tried to print the list out. The library printer just started
| spitting out REAMS of paper, the librarian was like what the hell
| and I just remember thinking damn he fucked up, and running away
| hahaha
| techrat wrote:
| Web archive goes back to 1997...
|
| http://web.archive.org/web/19990125102138/http://www.phonelo...
| jamal-kumar wrote:
| I don't know if I have time to dig through all of that with
| th interspersed broken links but I am pretty sure it was on
| phonelosers.com which was their forum
|
| Still thanks for the link I haven't seen this in ages
|
| I think RBCP went to jail at some point
|
| The closest thing I can find on google is a really old
| version from 1995:
| http://www.textfiles.com/groups/PHONELOSERS/pla007.txt But
| the thing got HUGE over like a decade
| thedougd wrote:
| Some fun ones:
|
| BBS games started adding virtual currency that you could transfer
| between players. Some even participated in a network of BBS
| systems, allowing the movement of game currency from one BBS to
| another. These frequently didn't have input validation and you
| could transfer -1 to another player and they'd receive 4294967296
| dollars. Unfortunately we were kids and kids do nasty things. We
| would completely upend a competitive game by giving all the
| underdogs huge wealth.
|
| Pager numbers all fell in the same exchanges. Every number under
| 123-456-xxxx would be a pager. I wrote a program to war dial all
| these and leave the same victim's phone number on all the pagers.
| We did it to a friend and witnessed an endless stream of
| frustrated calls to their house for a few hours. Brutal.
|
| A school system put their mechanical control systems on a modem.
| We acquired the software and directory that could access these
| control systems. Not only did they put all the HVAC systems on
| it, they also added things like emergency and off-hour lighting.
| Some of the stuff that was controllable through this remote
| interface was down right scary: boiler pressure measurements,
| boiler system valves, etc. We weren't stupid enough to mess with
| that but would have fun turning off all the lights at night, or
| turning up the heat before the Saturday morning recreation
| basketball games in the gym.
| brk wrote:
| I remember using odd/unprintable characters in those BBS games
| for my username. There was one (spacewars?) where you got a
| bounty, but had to type in the characters name to claim the
| bounty, people would complain they could not collect the bounty
| against me, as my name was basically brk[null character].
| reid wrote:
| My high school in 2003 used IBM PCs with Windows NT. I discovered
| the Messenger service, enabled by default, remained enabled and
| was not turned off by group policy.
|
| Start > Run, type "cmd", then: net send B131
| "Hi there"
|
| This would pop up "Hi there" on the B131 computer. The hostname
| of each computer (B131, for example) was taped to the top of each
| monitor, so I had a great time annoying my classmates in computer
| lab. One day students around me noticed me doing this and I
| naively showed them how to do it. I helpfully suggested to
| _never_ type * as the hostname or the message would send to all
| computers.
|
| After a school wide DDoS from several students around me sending
| messages over and over like: net send * "this
| school is the worst"
|
| ...and a lot more unmentionable messages, I was soon escorted out
| for a three day suspension for "hacking the school network." Good
| times. :)
| jamal-kumar wrote:
| heh I remember doing a little bat file that was something like
| @echo off net use e: \\Network\Share
|
| to get to the network shares which I could see in windows
| 2000's network display but would just tell you 'access denied'
| if you tried to simply click on them. Just giving them a drive
| mount like that worked fucking swimmingly. It gave us access to
| pretty much everything, including this program called
| 'photodex' where the username and password was the first
| initial of our principal's first name and his last name and the
| password was 'teacher'. Some other kid figured this out at some
| point before us, and we found a folder containing bunch of shit
| with super obvious file names like TEENPORN.JPG.EXE and the kid
| we didn't really like in our IT class who turned out to be a
| registered sex offender as an adult (he told me this at a
| wedding after complaining that they took his guns away, and all
| i could do was remember this incident and laugh) actually went
| and clicked one of these because he was a bit thick in general,
| and ended up getting in shit for this. I don't remember if they
| managed to lock things down properly after that but I think I
| remember recalling that this ruined the fun.
| peter_l_downs wrote:
| Great writing. I never did anything so interesting, but I have a
| few fun stories from highschool. Our school district gave every
| student access to a mac laptop for coursework, but of course we
| used to play a lot of flash games. Eventually they got around to
| updating the network's blocklist or whatever so addictinggames
| couldn't be accessed anymore. I'm sure they thought they were
| very smart but this just raised the stakes.
|
| Of course we couldn't install games or our own software on the
| computers -- the `/Applications` folder was locked down and
| nothing would execute outside of it. They weren't totally stupid,
| they had some remote monitoring and privilege blocking software
| to prevent us from getting control of our own machines and doing
| silly things like playing games or even opening the Terminal. But
| eventually someone (not me, really, I wish I were this smart)
| figured out that inside of one of the pre-installed .app's there
| was a directory to which users still had write permission. So
| everyone in the entire school started playing Marble Blast Gold
| and, for some reason, Pokemon Red through an emulator, all just
| by dropping the programs inside the special fold
| `/Applications/SomeThingICantRemember.app/contents/special-
| folder/`. The games spread like wildfire because the school had
| also set up a system of shared network folders, one for each
| teacher, so that teachers could more easily share files with us.
| Turns out we could also use it to share files with each other.
| Lots of movies, as well. Eventually someone noticed and shut that
| all down.
|
| Of course, highschool students want to play games instead of
| doing coursework, so one day someone (not me, really) realized
| that if you removed the battery from the laptop you could then
| unscrew the case and remove a stick of RAM, which would allow you
| to hold certain keys at boot to reset the PRAM or something like
| that. This would let you boot into safe mode, circumventing the
| remote monitoring and permissions software they had in place, and
| make your user account an administrator. Boom, games were back. I
| mostly used it to be able to work on software projects, of
| course, but I did end up playing a bit of Advance Wars.
|
| I can't remember now but there was some issue where this didn't
| persist for very long -- maybe there were updates that the remote
| monitoring system would send that would reset your admin status?
| -- so you would have to go through the whole PRAM reset
| rigamarole, with a screwdriver, and that was a pain in the ass. I
| was out of school for a while my senior spring due to the flu and
| I figured out a way to totally disable the remote management
| software.
|
| This was great, and I was having an awesome time working on
| software that would eventually get me my first programming job
| while I should have been focusing in class, when I got called
| down to the principal's office, where I was accused of being a
| computer hacker. I of course denied it, but they said that it
| certainly was odd that my computer had stopped communicating with
| the remote management software entirely. I think because I was so
| close to graduating and actually hadn't done anything wrong I got
| away with a week of detention and a firm promise to not do
| anything of the sort ever again.
|
| Around that same time it had come out that certain administrators
| at the school were misusing the remote management software's
| features to spy on highschool students in their own homes, which
| was pretty absurd and of course a huge and expensive debacle, so
| I think they were somewhat more sympathetic to me disabling it
| than they might have been otherwise.
|
| https://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School...
| peter_l_downs wrote:
| Oh, one other fun thing. We had a schoolday that ended with a
| 30 minute activity period where every student had to sign up on
| some web interface to a different teacher's room. This was so
| that you could get help, meet with teachers, project groups,
| whatever if you needed it. But there were limited spots in each
| teacher's periods and you needed to sign up in advance, with no
| more signups allowed after noon on the same day. I took a look
| at the web interface and realized that all the checks were
| client-side, so I wrote a little script that would let me sign
| up for any activity period, at any time, even during the
| activity periods. It was good fun being able to switch periods
| at the end of the day, and seeing teachers being confused after
| they had called attendance, checked me in to their room, and
| then seeing me drop off the attendance and show up somewhere
| else. Gave me a free pass to go wherever I wanted which was
| nice.
| Pick-A-Hill2019 wrote:
| I took a look at that link (Robbins v. Lower Merion School
| District) and - Wow, remotely activating students webcams in
| their own bedrooms is ... just ... SMH. I hope I am wrong but
| as far as I can tell, no-one went to jail for it?? Dayamn!
| __MatrixMan__ wrote:
| In my middle school you could just x out of the Windows NT login
| window and get a userless session.
|
| We didn't understand that we hadn't hacked anything, and neither
| did our teachers. Their misplaced awe at our ability to cloak our
| activities in anonymity was intoxicating.
|
| Most of my cohort then are engineers now.
|
| I worry that as security gets better, opportunities for
| creativity and exploration go away, which might not bode well for
| future generations.
| tester756 wrote:
| Don't worry
|
| If you're into real world security / reverse engineering and
| other stuff, then try CTFs, other strong people will ensure
| that you'll have enough room for creativity and hacky hacks :)
| jamal-kumar wrote:
| I think about this alot too. Tons of the current tutorials on
| learning how to break windows security teach you on an old
| windows 7 VM just to make it easy to get around mitigations and
| learn without hindrance. I mean I know I learned on windows XP
| VMs... but what happens when Microsoft rescinds offering those
| free windows 7 IE11 VMs any arbitrary time soon?
|
| On the other hand I like how Microsoft actually seems to be
| giving a damn these days.
| grawprog wrote:
| In university, for some strange reason, we were required to
| spend a few hours in a 'learn how to use a search engine
| class.' It was brutal, they used remote control software and
| slowly and painfully taught us how to use google.
|
| I figured out pretty quickly you could Ctrl-alt-delete to bring
| up the task manager and just close the client on the computer I
| was using.
|
| The teacher never figured out why one of the computers vanished
| off the remote software management screen she was using.
| nogridbag wrote:
| Yeah I also got a bit too creative in middle and high school.
| It was all harmless fun, e.g. writing scripts so that various
| computers would start beeping at random times during the day.
|
| None of my school faculty had any understanding of computers. I
| was even yelled at for using "Google" during a research
| project.
|
| I think the bigger fear is that people cannot make mistakes
| anymore. Even in my local town a simple mistake went viral on
| social media and now the student's whole life is ruined for
| something that may have been a simple visit to the principle's
| office back in the day.
| liketochill wrote:
| I did a school project where I dos'd a local ISP for 10 seconds
| using broadcast amplifiers on misconfigured routers that
| allowed the source address to be spoofed. I was probably 15?
| The isp I think only had a T3 but most people were still on
| dial up so overwhelming a T3 seemed like a big deal.
|
| I miss having shell accounts at all the .edu's for my egg drop
| bots. That is how I learned about all the us schools hah
| twox2 wrote:
| It's a moving target. The opportunities for kids to get
| creative and explore are now in emerging technologies, but they
| are "emerging" only to us old farts. To young people, it's just
| what's there. I think these things come easy to the inquisitive
| minds that are not tainted by what you can and can't.
|
| For example, I often read bug bounty write-ups, many of which
| are obviously written by young teenagers. Some of them are able
| to find issues that appear to be hiding in plain site. I kind
| of think that what you're describing is a matter of
| perspective, but boy do I miss the good old days when
| everything was easy to exploit.
| Zenst wrote:
| My earlier hack was a ICL 2903 running George OS, involved
| creating large file in area previously used for system journal
| and could then dump that file out and read the content of the
| system journal and that was how I got the admin password. Other
| one I did was in effect a keylogger that I ran on the system that
| would take control of the terminal it was directed too and
| present login, take the input and then pass to the system making
| the user oblivious.
|
| But for practical use, the old 0800 free calls trick of the early
| 80's was probably most favourite. Back then they introduced 0800
| free calls, when landline calls in the UK wasn't cheap. These got
| used for marketing, so companies would have there 0800 sales etc.
| Now, outside office hours they would direct to a recorded message
| on the PBX. Then what you could do is after the message, if you
| stayed on the line it would drop you into the exchange and you
| then pressed 9 on tone dial pad and could dial any number you
| likes as if you was dialling from that exchange location. Most
| being in London so was nice for free calls. Had limited use for
| BBS access, case of all that routing and line quality at times as
| well initial set-up. But still fun.
| fatnoah wrote:
| It wasn't just the '80s. Things persisted into the mid '90s as
| well. - Pirate FTP sites were in plain sight with
| folders named with unprintable ASCII characters - My
| college-provided Telnet client for Windows included a backdoor
| FTP server with a plaintext user name and easily brute-forced
| password (unsalted hash that turned out to be a birthday of a
| school admin) - Admins had to resolve our network issues by
| connecting to network via modem, from our computers. Of course
| terminal program had keylogging enabled... - Open SMTP
| relay was widespread and everywhere. Spoofing and forging was as
| easy as a little Telnet and HELO
| flatiron wrote:
| 90s I got suspended for "hacking" when all I did was create a
| windows file share. Had me and my friends split the typing
| assignments and combine them on the share so we could browse the
| internet during typing class.
| pdkl95 wrote:
| In high school "AP CS" class in the early 90s, a friend of mine
| was annoyed at the stupid "security" software the school
| installed on the macs (system 7). It was basically just a system
| extension that asked for a password on startup.
|
| Poking around, my friend noticed a slightly hidden/obscured file
| that had a file size that matched the number of characters in the
| password. N char password, N byte file. The file didn't have the
| password in plaintext, so my friend asked the teacher of a common
| way to scramble a byte. The teacher quickly suggested, "XOR?"
|
| So my friend decided to try XORing the bytes in the file with a
| few values to see what happend. His _first guess_ was right: the
| password was "obscured" with: for (char *p =
| password_str; p != NULL; p++) { *p ^= 0xC9; }
|
| Why did he guess 0xC9? He was a total Trekkie/Trekker. 0xC9 in
| binary is 11001001.
|
| https://memory-alpha.fandom.com/wiki/11001001_%28episode%29
|
| I guess we know what show the author of the "security software"
| likes to watch...
|
| Epilogue: my friend quickly did the obvious thing and made a boot
| floppy with a small program that printed out the password, so we
| had access to most of the computer in the school _and_ discovered
| all the passwords we weren 't supposed to know. I think we only
| used that to play bolo (early tank proto-battle-royale).
| _However_... several years later in my first year at university,
| I happened to talk to someone attending the local high school.
| The had a copy of my friend 's boot floppy! I know we never
| bothered to upload it a BBS, but somehow it ended up in the hands
| of quite a few high school hackers in multiple cities.
| Communitivity wrote:
| Nice. This brings back a very fuzzy memory. I think I found at
| one point the 'software developer switch' a physical trigger
| for the NMI, was still in the software in the form of flower G,
| and would pop you into a debugger. I think.. the memory is very
| fuzzy, as it's been 30+ years since high school.
___________________________________________________________________
(page generated 2021-06-30 23:01 UTC)