[HN Gopher] Saying "sup" with `net send`
___________________________________________________________________
Saying "sup" with `net send`
Author : markchristian
Score : 305 points
Date : 2022-12-28 04:47 UTC (1 days ago)
(HTM) web link (drew.shoes)
(TXT) w3m dump (drew.shoes)
| bcjordan wrote:
| Same experience as OP and others here in discovering this setting
| (also in middle school). While sitting next to a friend I
| jokingly typed out "net send * [our third friend's name]"
| intending it as a "haha wouldn't that be wild. OK let's delete
| this now" quip, but my friend reached over and hit ENTER, we ran
| away from the computer like it was radioactive, and later
| discovered it was sent school district wide. We had used a non-
| user specific account but cracked under the pressure of being
| grilled as the obvious suspects for any computer shenanigans at
| our school and being good friends with friend #3.
|
| The third friend's father was LIVID that our friend's name was
| besmirched by being placed in the contents of the pop-up, later
| threatened me over the phone, and put pressure on the school to
| throw the book at us (fulfilling his promise to "TAKE THIS TO THE
| MAT!"). My friend and I were suspended for a day and banned from
| visiting the high school computer club for some weeks.
|
| From the district IT perspective the middle school's punishment
| somewhat backfired because news of our suspension resulted in
| many more students across the district learning about the
| command, greatly increasing the # of incidents and becoming a
| district-wide. They weren't able to figure out how to turn it off
| for a year+ after. As a temporary measure they made the printer
| in the high school library print out the originating computer of
| every net send message, which often backed up printer and caused
| the HS librarians (my mom happened to be the head one lol) to
| have to remove these useless sheets from the printer all day.
|
| 0/10 would not recommend glob experimentation
| 0_throwaway_000 wrote:
| LUL Brilliant!
| BoppreH wrote:
| Once upon a time we were pranking each other in the university
| lab. We thought ourselves pretty clever by convincing a friend to
| run a Fork Bomb.
|
| "What is it supposed to do? Nothing's happening."
|
| "Really? Did you run it in a shell?"
|
| "Yeah, in my SSH session in the main server."
|
| _Oh._
|
| The server was down for a couple of days while the admin figured
| out what happened, fixed it, and limited the number of open
| processes per user.
| donatj wrote:
| I too discovered the wild card net send in high school. I was at
| an assigned computer in class though and ended up with a stern
| talk from IT in which they claimed I caused all sorts of network
| issues. I thought it was hooey at the time but I was pretty
| sheepish about the whole thing.
|
| I didn't get in trouble and returned to class.
|
| Later that year I installed VNC server on my friends workstation
| in the same class and used it to mess with him during class. We
| had a pretty good laugh. Another friend saw this happen, took the
| idea with some of his friends and a few days later installed VNC
| server on a bunch of computers throughout the building. My
| understanding is they generally caused a bunch of chaos, it was
| figured out who had done it, and the group were arrested(!). They
| ended up with community service if I recall.
|
| I very thankfully was not pulled into this at all and found out
| about the whole thing later.
| andrensairr wrote:
| What fun that was. My friends and I did something much more
| innocuous in high school and earned outselves a stern talking-to:
| we changed the IE/Netscape home page on half- a dozen lab
| computers to a Geocities/Angelfire site we'd made and on which we
| had been experimenting with JS. Nothing sinister or malicious,
| but enough to cause a bit of confusion for a few students. The
| school's admins ran a pretty tight ship policy-wise, but it was a
| veritable playground for "network-curious" sorts like myself.
| iforgotpassword wrote:
| Oh the NT4.0 days. When we found out about the "*" feature, we
| spammed each other and everyone like crazy. A few days later the
| admin got very mad, as he found the domain controller showing
| hundreds of stupid messages that he had to dismiss one by one. It
| took him a few more days to figure out how to disable the
| messenger service. In the meantime someone found out that the
| sender and receiver displayed in the messagebox were actually
| included in the payload of the "protocol" and not verified by the
| receiver. So someone cobbled together a little tool that was even
| more fun.
| tialaramex wrote:
| Severals groups of boys at my grammar school+ built what were
| called "User groups" which were "online" services accessible only
| on the school's computers with (at least theoretically) exclusive
| membership. There'd be maybe some simple games for your users,
| perhaps some sort of "bulletin board" and most often a "chat"
| service. Except, on the PCs we were increasingly using, these
| chat services all worked by using file I/O to a shared file,
| which is obviously very hard on the poor file server in ~1991
| which is when this would have been happening. So the "chat
| services" were banned by staff. But I figured out how to write
| NetBIOS/NetBEUI software so I could implement chat without
| touching files, and this was allowed, increasing popularity of my
| User group, which I believe was named "Erewhon 2280".
|
| + for Americans, the UK used to have selective education, some
| parts of the country still do, under this system children who
| test well at age 11 or 12 are sent to different state funded
| schools from their peers, mostly single sex such as a Grammar
| School, so that's a school of mostly high achieving all boys,
| this is probably a bad idea on net but it's popular for various
| reasons.
| queuebert wrote:
| The hidden copy of UT resonated deeply with me. We spent many
| hours playing Doom and Quake in the high school computer lab when
| the teacher was out of the room. Every time we were discovered we
| had to hide it somewhere else.
| pedro2 wrote:
| Best way to hide files on Windows: \$Recycle.Bin :)
| acjohnson55 wrote:
| We had a computer lab that overlooked our library, which also had
| computers. It was fun to pick a specific computer and `net send`
| messages to that person that made it clear they were being
| watched. I sure hope we didn't cross any lines messing with
| people, but I really can't remember.
| cramjabsyn wrote:
| Had the same experience at my school, but IT was much slower. net
| send * worked for weeks if not months
| amccloud wrote:
| I don't quite recall how I did it but I have a similar story of
| ejecting disc trays across my HS and school district. something
| with novell iirc
| throwaway742 wrote:
| The command that got me in trouble was shutdown /i
| whalesalad wrote:
| My entire school district was in the same domain/workgroup and so
| I remember sending a net send to literally every computer on the
| network, 4 high schools (mine had a population of 4K students), 3
| middle schools and a dozen elementary schools. The IT department
| came running into the computer lab to figure out who had done it.
| I simply closed the window, switched back to MS Word and played
| dumb. Good times.
|
| A few months later I got expelled for some Novell netware breakin
| shenanigans but that whole experience was well worth it. I had
| been booting into slax and stealing SAM files from shared/library
| computers and then cracking them at home with lophtcrack to
| figure out passwords. The top level system admin had a 5 letter
| dictionary word, "north" as his password. I had keys to the
| kingdom. I'd shut systems down all the time for fun but never
| broke a thing. They tried to throw the book at me but fortunately
| it all fizzled out in the end.
| metadat wrote:
| Do you mean suspended? Expulsion is a permaban and means you
| have to find a new school to attend.
|
| In any case, your tenacious dedication to the cause was
| admirable.
| bayesianbot wrote:
| All these people getting trouble for net sending are not going
| far enough.
|
| When I was in school the admin left his account logged in and
| left the room. I was there to make few admin accounts to myself,
| and later programmed malware that worked as a keylogger and gave
| me some remote control of all the machines (I put it inside a
| .BAT script that was ran after login, distributing it to every
| computer in the school).
|
| I used my powers by downloading stuff and burning it to CDs as I
| didn't have a good connection. I also gave some access to my
| friends, and the computer lab turned into a war zone. We were
| opening stuff on other people's screens, but not good stuff.
| Things like Goatse and people doing stuff with farm animals they
| shouldn't be doing..
|
| After some time it had gone way too mad and computer lab got shut
| down. But the crazy thing is, after a while the school just let
| it go and didn't even notify our parents. Apparently, nobody
| wants to tell the parents that a room in school has been OnlyFans
| Farm Edition for a while.. I had some stern talks with the
| principal and IT teacher as the only suspect, but that was it.
| efitz wrote:
| I worked for Microsoft during those times doing security for
| Windows.
|
| In the early 90s employees still occasionally used the Messenger
| service (the service behind "net send") for messaging. It was
| originally intended for alerts like print job completion or
| server powering down, but it became widely abused.
|
| It could actually be used over the internet if the target machine
| was addressable, eg had a non-rfc1518 address.
|
| We started getting lots of complaints about abuse in the mid 90s
| as the web was taking off, and changed our best practice
| recommendations to disable that service; it was not mission
| critical.
|
| Most of the low level NetBIOS services were designed naively
| before people thought much about security; we eventually disabled
| or removed most of them.
| urbandw311er wrote:
| > most of them
|
| ...surely begs an interesting question!
| drivers99 wrote:
| I was worried for them, glad it worked out. I wouldn't be so sure
| about this statement: "now that I'm a grownup I know that [...]
| we wouldn't have gotten in very much trouble anyway."
|
| Unfortunately this was the type of thing that would get students
| banned from the computers, or only allowed to actually use the
| computers on Friday to do their computer science work (like my
| friend Dave).
|
| Speaking of NET SEND specifically, I went to a vendor for
| training once (circa 2000) and they mentioned someone who had
| recently come for training and was sent home because they had
| used NET SEND * there. I wonder what their employer thought of
| that.
|
| Either me or a friend has at some point (in the 80s or 90s as
| minor students) been: kicked out of computer lab, had notes
| posted in the library that we are not to "hone our programming
| skills", kicked out of the Supercomputer Challenge[1], been told
| (second-hand) we're "a security risk" by the government, been put
| specifically under remote monitoring by the teacher, lectured,
| sent to the principle, had the police sent to their house, been
| told we "probably have an FBI record" and "are putting their
| parents' jobs at risk" over similar levels of playing around with
| computers that they let us use, not even trying to do anything
| particularly "hacker (cracker)"-like.
|
| [1] https://supercomputingchallenge.org/22-23/index.php (Not this
| specific year obviously. More like 30 years ago.)
| gorkish wrote:
| just wanted to say I enjoyed the alert() at the end
|
| It was an absolute free for all when windows machines started to
| be plugged into campus networks.
|
| The prankster's evolution generally went from net send to NetBus
| and then to Back Orifice in those days as the tools rapidly made
| such tomfoolery a point-and-click affair. Interestingly many of
| the features in these early Windows prankster/hacking tools
| heavily shaped modern day remote administration / MDM software. I
| actually remember BO being used as a proper remote management
| tool in some situations.
| AdamJacobMuller wrote:
| Sub7!
| vyrotek wrote:
| It's fun to see how we had such similar experiences growing up.
| We pretty much did the same thing in high school with Net Send.
| Except we sent "All your base are belong to us" and then left the
| library computer lab in a real hurry once we saw the message go
| everywhere. Pretty sure it reached other schools too.
| jastanton wrote:
| I did: "net send * The server room is on fire, please turn off
| your computer!"
|
| Not only that, but my computer name was assigned to my username
| so it said my full name next to it.....
|
| I was called up to the office within 2 seconds and immediately
| suspended. I also got braces that dad. Rough day. :(
| nicbou wrote:
| I can't get enough of these stories from the early days of
| computing. Perhaps I was just young, but those years felt magical
| to me.
| e808 wrote:
| I recall in the late 80s on vt100's accessing BITNET allowed you
| to 'net send'-like to other BITNET nodes around the country. I
| used to randomly try to contact other users at other random
| educational institutions after using the 'finger' equivalent to
| remote BITNET sites. I can only imagine how my messaging probably
| messed up their terminal session screens and just end-user
| confusion ensuing.
|
| Another 'write' unix shenanigans was the ability to send control
| sequences, so one could send a 'terminal reset' sequence to any
| user online a terminal room using a dumb terminal (wyse, vt100
| etc) and it would quickly reset the terminal and log them off.
| One could even send a long sequence of control strings to force a
| crude ascii animation, then reset terminal if you wish. (not me
| of course)
| pedro2 wrote:
| Ah the memories of innocence in computing :)
| moron4hire wrote:
| IIRC, you could do this by IP, also. I remember my best friend in
| college and I mapping out the addresses of all the computers in
| our main lab and using it to send messages between each other.
| Kept the map in a notebook so we always knew where to send to
| regardless of where we sat down. We also used it to troll the
| student in front of us who was looking at porn and playing games
| in the middle of class. It didn't get shut off until after we
| came back between semesters, so I don't think we ever explicitly
| got caught, other than network techs seeing someone was doing
| something.
| donalhunt wrote:
| At university, we had a whole IM network built around "write" on
| a multiuser *nix server (over the past 20+ years, the university
| netsoc has run services on freebsd, solaris and various flavours
| of Linux). We also had terminal based maps which would allow you
| to find friends based on the IP they logged in from.
|
| See https://c-hey.redbrick.dcu.ie/ for the wrapper around write.
| These days students seem to prefer discord. :/
| rmccue wrote:
| Exactly the same experience for me, and similar with the game
| too.
|
| We figured out that while the C: drive wasn't accessible in
| Explorer directly, you could create a desktop shortcut directly
| to subfolders. Installed a copy of Worms World Party on all of
| our machines using that; somehow, although the machines were
| imaged weekly, it ended up on the image and got copied across to
| every school computer which was convenient.
|
| I also went a step further with the joke messages, creating a
| program which showed a bunch of dialogs with choices in a loop.
| It couldn't be closed and some choices did things like open/close
| the CD tray (as a "diagnostic"). People started just dragging it
| to the corner of the screen out of sight.
|
| We also had a self sign-up system for sports, where you could
| pick a main interschool sport, or a "development" sport that was
| more about learning interesting stuff. The system was pretty
| insecure, using your date of birth as a "password", but it also
| turned out that it had an SQL injection, so I used that to set
| everyone's sport to Equestrian. Getting to hear an announcement
| at the school assembly about how the computer system had a
| problem was pretty great. I even emailed them about the injection
| issue but they never fixed it. (A risky move, really.)
| adamrezich wrote:
| I also discovered net send in high school and abused it similarly
| for a brief time, but never knew it had wildcard support! wow
| chagaif wrote:
| Totally worth reading until the very very end, loved the js alert
| :)
| Hikikomori wrote:
| Had 3.5 weeks of excel classes in school, completed everything in
| 2 days and spent the rest of the time playing quake or annoying
| the ones not finished with net send in loops. Now that I think
| about I'm not sure this classroom of computers were on their own
| broadcast network or not, but they were running an older version
| of windows that didn't block net send by default while others had
| a newer version.
| schmichael wrote:
| I remember doing this! I remember graduating to the more
| nefarious "Microsoft's IPX implementation responds to broadcast
| pings". It might have been this CVE:
| https://learn.microsoft.com/en-us/security-updates/securityb...
|
| Luckily I went to a school that believed in redirecting the
| (endless) time and (boundless) energy of obnoxious nerds like me,
| and I spent far more time helping out than breaking things. Or at
| least I hope... the long tail on the IPX ping was pretty painful
| to stop.
| grahar64 wrote:
| Same series of events happened at my school.
|
| 1. Discover net send
|
| 2. Discover net send *
|
| 3. Get in trouble for using net send *
|
| The next step was discovering telnet and the schools smtp server.
| nsenifty wrote:
| Same here. However we discovered that the windows service
| "messenger" had to be re-enabled on the target machine to make
| this work again. So we'd sneak into a gullible person's
| computer, log in (each one of us was an admin, yay!), run "net
| start messenger" and were back in action!
| nirav72 wrote:
| Spoofing email addresses and sending prank emails via open SMTP
| gateways was fun. Pretty much all smtp gateways were open back
| in those days.
| csmattryder wrote:
| When your school's IT department realise you're doing this, and
| remove "Command Prompt" from the machine's whitelist, you
| definitely shouldn't create a file called "COMMAND.COM" and
| double-click it to get into the prompt again...
| superhawk610 wrote:
| My high school also had a hidden copy of Unreal Tournament
| squirreled away on a network share somewhere, half of CS class
| always finished up with 20 minutes to spare to get in a few
| rounds. Good times.
| xaduha wrote:
| Yep, happened to me. Literally just sent 'Test'. Got yelled at by
| two people, but that's about it.
| lormayna wrote:
| I had a friend that was very religious, he also had a blog about
| religion. Me and a friend of mine sent him a series of
| profanities via email through an open SMTP relay, that seemed
| like it was coming from one of the parish leader's account. I am
| very embarrassed now for doing that, but it was really funny in
| the moment.
| greggarious wrote:
| >When I was in junior high, my friends and I discovered that a
| Command Prompt command called net send was enabled on our school
| network
|
| I knew some folks who did that as well. Unfortunately I was not
| in the set of folks who could get away with such nonsense. You
| were incredibly privileged, and need to be mindful of that for
| the rest of your life.
| hex4def6 wrote:
| This brings back memories.
|
| My favorite discovery was that the "scheduled tasks" folder was
| shared on every computer in our school. This meant you could do
| the net send * bomb from a friend / enemies computer, and get
| them in trouble.
|
| The other fun one was Borland C++ 6 had a limit on how wide the
| code window could be -- you could only horizontally scroll so
| far. However, you could hold down tab for a few seconds, then
| write something like cout<<"logout next time"; in their code.
| Unless you knew the trick, you'd never find the code afterwards
| -- you couldn't scroll to the right far enough due to the
| limitation of the viewing window.
| mickeyp wrote:
| Heh. If you used the underlying windows api calls, you could
| spoof the sender. Something I discovered when I did just that, in
| the Windows 2000 days.
|
| Combine it with a for loop and you could generously message
| everyone on the LAN with little effort.
|
| There's a reason why everyone around me turned off the net
| service after a while...
| Zach_the_Lizard wrote:
| I did something like this, also on Windows 2000, when I was in
| high school. It definitely surprised some teachers....
|
| I also discovered that our student IDs and PINs were based on
| our birthdays, though I was not creative enough to come up with
| an amusing use of student logins.
| c7b wrote:
| Lots of memories, very similar experiences. Fun detail: net send
| * only broadcasts to machines in the same working group, and
| since we had classes where each student had their own machine and
| each class its own group, we could actually use it to broadcast
| messages to our class, and no one else. We also gave self-chosen
| names to our machines and used net send as a reasonably practical
| live chat system during classes.
|
| I also told a friend in another school about the command, and
| their attempt also ended up sending a message to every machine in
| a district with over a dozen schools. We knew it would go to the
| whole school based on the group settings, we were still surprised
| that it went to other schools as well (still haven't really
| figured out how that worked). Luckily for them, nothing got
| disabled, and they kept using net send as a bilateral chat system
| happily ever after :)
| woodruffw wrote:
| Very funny! I guess is this more of a universal (tech) experience
| than I had realized: my friends and I spent a lot of time in high
| school griefing each other with `net send` (and the other `net`)
| commands.
|
| My memory is fuzzy at this point, but I vaguely recall being able
| to change others' desktop backgrounds with a remote client. That
| produced a lot of entertainment value.
| cramjabsyn wrote:
| A classic at my high school was taking a screen shot of the
| desktop with icons, setting it as the desktop background, then
| hiding all the desktop icons.
|
| Bonus points if you could get the teachers machine
| augusto-moura wrote:
| I rotated the screenshot to be upside down, set it as a
| background and then rotated the whole screen on Display
| settings. So that the background would be on the correct
| orientation but the mouse cursor and everything would be
| reversed.
|
| Good times :D
| tinco wrote:
| Yeah, we played around with net send as well, I'm pretty sure
| you could also shut down other computers with either a net
| command, or with the shutdown command itself.
|
| We found a way to circumvent the way they prevented third party
| apps from running and spent hours just playing AoE2 in the
| "study" hall.
| gavanwilhite wrote:
| Read to the end!
| dylan604 wrote:
| my page didn't load the images (or whatever) in any kind of
| timely manner, so i bailed on it before they loaded. was there
| more than just the one pop-up?
| zamfi wrote:
| Pretty sure there aren't images, and you received, but were
| unimpressed, by the outcome.
| dylan604 wrote:
| ultimately, this is what I thought might have happened.
| Reading it on a desktop had enough space that the down
| arrows were probably meant to indicate scroll on mobile,
| but showed all at once on the desktop experience. However,
| with all of the blocking that I have sometimes causes
| render/layout issues when people embed things, so I
| naturally just assumed something wasn't loading vs lame
| layout tricks
| PM_me_your_math wrote:
| I think we've all done this to various effect. I made every
| computer (hundreds, maybe over 1000 on the domain) on campus go
| BEEP simultaneously. I almost didn't press enter, but I'm glad I
| did. When I heard the ubiquitous beep, the yelps from startled
| students in the rooms next door, and the sound of chairs as
| people jumped, I about lost it. I had tears coming out of my
| eyes. They never did figure out who did it.
| dylan604 wrote:
| we used to do similar with the Mac's ability to speak using the
| command 'say'. we'd ssh into a computer we knew someone to be
| sitting and have it 'say' something while using their name. at
| least, until one day, the 'say' app was not longer available!
| donatj wrote:
| I worked in an office in the early 2000s that was PC's but we
| had a single shared Mac workstation we'd use for tasks like
| testing things in Safari. I sat right next to this workstation
| and every time someone would sit there I would ssh in and use
| `say` to make it say strange things like "help, I'm stuck in
| the computer". It was one of those green G3 towers and it would
| come kind of creepily out of it's internal speaker.
|
| No one knew who was doing it until one day my friend was using
| it and I made too much of an inside joke that gave it away.
| krazydad wrote:
| And if you used the -v option to set the voice to "whisper", it
| was super creepy. say -v whisper "Get out of the house"
| dylan604 wrote:
| Were you home schooled? ;-)
|
| Saying that in a school lab wouldn't make much sense
| cuttysnark wrote:
| say -v cellos "droid"
|
| Pretty sure this is how they generated the sound that was
| used for those commercials once upon a time.
| msarnoff wrote:
| Us too. And if the sound was off, we could just turn up the
| volume with `osascript` commands!
| dylan604 wrote:
| Luckily, the internal speaker on the Macs were decent enough
| so you could do this even if there were no speakers
| connected.
|
| By designating the voice, you could even have multiple
| "people" talking to the user. It got annoying quite quickly
| to be on the receiving end
| jamal-kumar wrote:
| We used to do this in high school all the time.
|
| The other thing we did was access network shares which you could
| see, but if you tried clicking them in explorer they'd say
| "access denied". The administrator apparently didn't lock things
| down very hard so a two-line .bat file: @echo off
| net use Z: \\administrators
|
| Would get us access to all sorts of crazy stuff.
| budafish wrote:
| also @net use Z: \\administrators
|
| Would achieve the same effect :)
| grubbs wrote:
| We used to run executable versions of Quake and Tribes off the
| Administrative share. No need to install. Just run .exe and it
| threw you into the LAN game.
| jamal-kumar wrote:
| Our computers weren't that high spec but we did the same with
| scorched earth.
|
| There was also evidence someone else found this before us
| because they had filled this one directory with viruses that
| had extremely obvious .jpg.exe extensions and basically
| various thirst trap stuff for creepy teachers filling the
| rest of the filename to click on it. I think I remember
| access to all of this was lost when this one kid was dumb
| enough to actually click something in there and he got blamed
| for it and expelled, which was pretty funny.
| dangero wrote:
| When I was in college I realized that they hadn't disabled net
| send with wildcards on the CS computer network. We all had
| individual logins.
|
| One day I walk into my lab class and see that a poor soul forgot
| to logout of his session. I'm sitting with my lab group and
| explain this "net send *" macro that would send a message to
| every single account on the system.
|
| Another person in my group says "I'll do it." He types it in and
| presses enter.
|
| We log out of the account, then log into one of our accounts, see
| the message, laugh and move on.
|
| The next week, I get to my lab and this kid walks in and says to
| my lab group member sitting in front of the computer "Can I speak
| to you outside?"
|
| He goes outside and we think nothing of it, but then I hear my
| lab partner outside the door say in a raised tone "Look, I have
| no idea what you're talking about! Goodbye!" and he comes
| storming back in.
|
| This lab partner was absent the week before and didn't know what
| had transpired. We ask, "What did that guy want?" He says, "Some
| BS about how he thinks I sent a message through his account to
| everyone on the network because he forgot to logout last week and
| now he's in trouble with the CS department because they think he
| did it."
|
| Our jaws dropped and I think if he had spoken to anyone else in
| the group we probably would have laughed and he would have known
| it was us right away. I still wonder how much trouble he got in
| on our behalf for embarrassing the CS IT department. Didn't seem
| like that big a deal to me.
| pea wrote:
| Oh man I remember doing the exact same thing in high school,
| didn't think the wildcard would actually work. Overheard
| concerned teachers talking about it and never fessed up until
| now!
| ilyt wrote:
| Ah, yes, back where network security was an oxymoron
| ocdtrekkie wrote:
| Congrats on topping HN with your blog's first post, lol.
|
| This is something I actually _worry_ about future generations
| missing. My core love of computers came from being able to tamper
| with them. Being able to poke around in the operating system,
| figure out how to do neat things, etc.
|
| Today, students are given either an iPad or a Chromebook, and
| generally locked into using some horrific privacy nightmare like
| Gmail, and have very little ability to actually experiment with
| computers.
|
| I suppose this means we have better security, but people like me
| born more recently may not end up in the field because of it.
| nirav72 wrote:
| Oh this brings back memories. I remember before NAT routers
| became a common thing for home broadband connections and when
| most households only had one PC - my local DSL provider was
| assigning IP addresses from one block of IPs in an area. So
| browsing through other people's shared directories on windows NT
| or 98 machines was trivial. So many people had open shares.
| Including sending out NET SEND messages.
| dgfitz wrote:
| I wrote a net send script in high school that sent a pop up to
| every computer in the building... 500 times. Someone snitched on
| me. I regret nothing.
| alxjsn wrote:
| This brings back good memories from High School. Here's a bunch
| of things we used to do:
|
| 1. Set fun messages on all the HP Printers:
| https://www.irongeek.com/i.php?page=security/jetdirecthack
|
| 2. Bypass firewall restrictions by setting http:// to https://
| (later had to resort to SSH tunneling using Putty). Got me banned
| from our library for a month when I was on Facebook and a teacher
| passed by.
|
| 3. Our student directory set a cookie to a 6 digit identifier in
| the cookie. We could access any student's grades and details by
| just setting it to another ID, or looking at their lunch card.
|
| 4. During finals we wouldn't be allowed to see our grades until
| after all the finals were submitted into our grading portal.
| Somebody picked up on the fact that if you stop the page load
| before it finished that the grades would show up. Using JS to
| block our grades after they loaded didn't stop even the least
| technical people.
|
| 5. Some of our labs had monitoring software to make sure we were
| working. We could just kill that process and they would lose
| access.
|
| 6. Invert MacOS screen colors using Control + Option + Command +
| 8. Teachers didn't know how to recover from this and would resort
| to restoring the entire Mac.
|
| 7. CTRL + ALT + Down to flip the Windows screens. Again caused
| issues for a lot of people who didn't know this shortcut.
|
| What a bunch of troublemakers we were...
| metadat wrote:
| Heh, you've reminded me.
|
| I used to go to Fry's Electronics computer department and
| screenshot the desktop with clickable stuff, then proceed to
| set that as the background and close all the windows and remove
| or relocate all desktop items. To an end user, it then seemed
| like the computer was frozen or otherwise fubar'd. Rinsed and
| repeated that for a whole row of machines a few times. It was
| entertaining to then watch people approach and try to interact
| with them.
|
| I know this is weak kung-fu compared to many stories in this
| thread is but it was a good time! (at the time..)
| dilap wrote:
| I still occasionally accidentally do this to myself when I
| come back to my phone looking at a screenshot in full-
| screen... It's almost a sensation of vertigo when you realize
| what's going on and your brain readjusts.
| somat wrote:
| With regards to point 6. invert macos screen colors. What is
| the use case for this? and more importantly why bind it to a
| key combo?
|
| For example a left-right flipped screen could be needed in a
| rear projection setup, but I am at a loss for what you would
| use inverted colors for.
| 13of40 wrote:
| One of the labs in my highschool was for typing training, and
| it had something like 50 barebones PCs in it. Every day you'd
| sit down at a random machine, which booted from a 5.25" floppy.
| The autoexec.bat on the floppy let you log into the network
| where it ran another batch file from your user directory there.
|
| As an experiment I wrote a piece of batch script that would
| append itself to both the network and local batch files if it
| wasn't already there (i.e if it was on the disk it would copy
| itself into your network account and visa versa), put it on one
| random computer, then forgot about it for a few days.
|
| By the time I got around to checking again it had propagated
| itself to every computer in the lab and presumably every
| network account that had logged in during that time.
| ceautery wrote:
| That's pretty funny. I worked at a unix shop and occasionally got
| a kick out of things like the following, if I ever saw one of my
| buddies logged in at the same time as me:
|
| echo 'Terminal overheating, please blow on screen' > /dev/tty0
| jimt1234 wrote:
| I was working a tech conference, probably around 2001, with about
| a hundred PCs networked together. A colleague of mine intended to
| send a simple "net send" message to only my workstation, just as
| a joke. He messed up the syntax and the popup appeared on every
| PC in the conference, including the giant screen in the main
| conference hall. The message: _" Fuck you"_. He was fired the
| next day.
|
| (Don't feel bad for the guy. Getting fired was the best thing
| that ever happened to him. He was a weekend "action photographer"
| [surf/skate/snowboard/...] who decided to go full-time after
| losing his job. He rode the early-2000s "extreme sports" wave and
| ended up being quite successful, and more importantly, much
| happier.)
| msla wrote:
| https://everything2.com/title/Jordan+K.+Hubbard
|
| > Long before FreeBSD, Jordan K. Hubbard earned a spot in
| Internet history in 1987 when he accidentally attempted to
| broadcast an rwall message to every machine on the Internet. He
| stopped it once he realized what was happening, but not before
| he & the other UC Berkeley network administrators were flooded
| with complaints.
| smoldesu wrote:
| Got in trouble for something similar in middle school,
| actually. I would bike over to the high school for my
| robotics club, and some of the older members had written a
| privilege escalation script for the Windows machines. So, I
| brought it on a flash drive to my technology class the next
| day and ran 'shutdown -i' with admin privs. Being young and
| stupid, I broadcast a reboot message to all ~700 machines
| connected on the network, and got a fairly thorough talking-
| to...
| ilyt wrote:
| I played with network sniffer on home network (that sent
| funny packets to switch to make it MITM traffic thru my
| machine). Except it didn't work/I fucked something up and
| all traffic went thru my machine.
|
| They couldn't prove it's me so teacher just blanked banned
| anyone in the library (our class with few of my friends
| were on the 4 machines in the library) from using machines
| there for few months.
|
| Then when we got new shiny machines for computer lab I was
| bored when the teacher was explaining something so I
| started guessing admin password. It was zaqwsx
| azinman2 wrote:
| When I was studying abroad, I noticed that the Ethernet
| at my Uni dorm seemed to have a lot of cross traffic. So
| I ran a simple password sniffer, not knowing it also
| effectively turned my computer into a giant switch. Soon
| after I came home to my flat mates saying "the IT
| department came and kicked you off the internet." I
| thought it was a joke, until I saw I wasn't on. I called
| and pled dumb, saying I had installed an "internet
| accelerator" and they believed me and restored access.
|
| FWIW I wasn't actually going to do anything with the
| passwords (of which I accumulated many!). It was mostly
| just a fun nerd flex with no bad intentions.
| HeckFeck wrote:
| [dead]
| bluesign wrote:
| Similar story; bet with a friend to hack and change his
| password at university. Accidentally changing all user
| passwords to some profanity including his name, luckily didn't
| get caught.
| kelseyfrog wrote:
| This brings back memories of sneaking a C compiler onto a
| classroom computer in high school and writing a program which
| issued ten thousand net-sends to a bully's computer. IIRC, the
| next send window popped over every other window and it
| effectively denial of service attacked his UI. The options where
| to click thousands of times or restart the computer. Well, it was
| pretty easy to rerun the program once his was restarted and let's
| just say he didn't take it well. It was a blessing that net send
| doesn't show sender information.
| spogbiper wrote:
| many years ago I had a fortran class where our lab was a bunch of
| x-terminals connected to some old SunOS Sparc thing. all of the
| user sessions used ttys that for some reason were world
| writeable. anyone who has had the misfortune of writing fortran
| code will remember that its very column dependent. each line of
| code has to have certain elements lined up in the proper columns.
|
| so, of course I wrote a little script that wrote a single space
| character to a random tty every so often. the character wouldn't
| be in the users source code but since it was shown on their
| terminal they would generally hit backspace to "fix" it which
| made the text on screen line up but misaligned the columns in
| their actual source file.
|
| very few people got their assignments to compile
| mrlonglong wrote:
| I like this very much, it's suitably evil.
| mrlonglong wrote:
| I had fun with fork bombs on the VAX/VMS machine at uni. Till the
| day it ran too quickly for me to stop it. Walk of shame to the
| CSO to own up and for them to terminate the run-away processes on
| the Sysop console.
| nickt wrote:
| Reminds me of the day, obviously some years earlier, that a few
| of us aged about 10 years discovered *NOTIFY and even better,
| *REMOTE on the Econet connected Beebs we had at school.
|
| Oh, here's the manual (PDF), which we never read:
| http://chrisacorns.computinghistory.org.uk/docs/Acorn/Manual...
| xingped wrote:
| Haha, I got a great laugh at the end-of-article scroll. Well
| played!
| dhammack wrote:
| Had a similar experience in middle school. We started initially
| doing net-send to specific users and having played around a
| little bit with batch files/command prompt before I tried net
| send *.
|
| Well the entire county was on the same network. All computers in
| the school district received my message. Fortunately the message
| was just "hi", and I think it was only sent once.
|
| Like the OP, in retrospect I saw that the message shows the
| sending computer+user. Since we had student-specific logins it
| didn't take long before I was tracked down and reprimanded. I
| think they even told my parents about it and were threatening
| suspension etc. But at a certain point it became kind of obvious
| that the network/configuration was more at fault than a curious
| kid. So I got off with a stern warning and narrowly avoided a
| life of crime.
| mastax wrote:
| I have very similar memories from my time in the computer labs at
| school. We also discovered `net send` and got it disabled a few
| weeks later.
|
| The computers were really locked down to the point that they were
| annoying to use. Right click was disabled (at least in windows
| explorer?), among other things. One of my acquaintances wrote a
| program in visual basic called "Firstname Lastname's Computer
| Fixer" that was somehow able to disable many of the restrictions
| on the computer. I remember it was a pretty large window with
| lots of buttons though I can't remember what they were all
| supposed to do. After passing it around for a few months it was
| deleted from all our home folders and I found out that he was
| suspended for a week and banned from using computers. The
| computers got even more locked down. Oh well.
| atkailash wrote:
| [dead]
| CamelCaseName wrote:
| Oh goodness, what an awesome end. I love this article so much.
| PrivateButts wrote:
| When our school started to provide network shares to students,
| they were pretty lax on security. I figured out that everyone's
| share was publicly read/writable, and the network path was pretty
| easy to guess. Whenever someone would annoy me I would replace a
| project file they were working on with some matter of nuisance
| program, like a zip bomb or a script that just kept opening word
| until the system ran out of ram. I'm surprised I never got
| caught, because I was too much of an idiot to properly cover my
| tracks.
| vsviridov wrote:
| I did this prank, only it was more elaborate. We were in the lab,
| playing around with Windows NT (so all machines were set up with
| the same Administrator password), and one thing you could do, is
| to get a remote telnet, and `net send` to yourself, but on the
| remote machine, so the origin would basically be that person's
| machine, which makes it impossible to detect the actual sender.
|
| Once the person was sufficiently annoyed, he disabled the
| Messenger service, but again, because all Administrator passwords
| were same, it was possible to just connect to the Services snap-
| in in Microsoft Management Console, and re-enable it, send the
| message, and immediately disable it, so once that person went to
| check - the service would be off...
|
| In retrospect it was somewhat cruel, but oh well...
| phamilton wrote:
| I put `net send * Seniors2005` 200 times in a OPEN_ME.bat file
| and put it in our shared folder on the school network (it was
| buried deep in the Art department directories and was full of
| emulators and music and stuff.
|
| My friend saw it and said "What's this?" I told him not to open
| it and of course he did so immediately.
|
| This was a K-12 school, so every single lab, every single
| teachers computer all the way down to kindergarten got it.
|
| When IT came to my friends machine, I fessed up and got in
| trouble. Banned from school computers for the rest of the year,
| all my teachers got a notice about it and I had more than one
| awkward conversation about what I did.
| naikrovek wrote:
| I changed the environment variable PROMPT in DOS to "Enter
| Password:" once, confusing my teacher endlessly.
| try_the_bass wrote:
| I remember doing this during one of my first years of college. I
| would usually finish the lab assignments early, so I would poke
| around the computers and see what I could get into. I eventually
| discovered `net send` on the cli, and read through the help to
| discover that you could broadcast with a wildcard.
|
| So, I promptly ran `net send * All your base are belong to us`.
|
| The immediate result was giggles from all around the computer
| lab. As soon as I realized I had sent it to every computer in the
| lab, I realized I had no idea what _other_ computers I had sent
| it to. I decided my best course of action was to log out of the
| machine and switch to another one.
|
| About 5 minutes later, a couple people came into the lab, going
| straight to the machine I had sent the message from. They looked
| around, asked the room if anyone knew who was using the machine,
| got a bunch of noncommittal shrugs, shrugged themselves, and
| left.
|
| A couple weeks later, the Messenger service was disabled across
| the campus. I found out from someone that the message had popped
| up on every machine on campus, interrupting presentations and
| leading to some slight confusion on the part of teachers all
| over.
___________________________________________________________________
(page generated 2022-12-29 23:00 UTC)