
Coding Stories: Me vs. the VNC Guy - martinrue
https://martinrue.com/coding-stories-me-vs-vnc/
======
duxup
I went to a Catholic high school. One of the only sisters left that worked at
the school ran the computer lab.

Passwords were stored in clear text and it was common for students to ask her
what their forgotten password was. She would look it up in the system, and
tell them.

Eventually some of us figured out how to change other users passwords and of
course we changed them to all sorts of unseemly phrases that a high school
student boy would find amusing.

When that student would ask for their password she would simply change it to
something pleasant...but amusingly maintain the general structure of the
unseemly phrase changing only the bad words. We saw her laugh a few times.

~~~
celticmusic
atleast she had a good humor about it.

~~~
busterarm
Genuinely not how I expected the story to go! And the polar opposite from my
catholic school experiences as well (the headmaster caught me logged into my
Hotmail account one day, physically pulled me off the computer while he pried
through and read hundreds of my emails and then after finding nothing
untoward, used the entirely unread contents of my spam folder [which in the
mid 90s meant mostly porn & dickpill spam] as an excuse to try and expel me
from the school).

~~~
duxup
It's a strange thing the differences between my Catholic school experience and
when other folks describe what to me seems like almost caricature-ish type
Catholic school experiences.

~~~
busterarm
I don't know how things are where you grew up but it was only years later that
I learned that most of the people who taught at my Catholic school did not
have the required qualifications to teach anywhere else (and those that did
were total creeps, like the molesty kind).

Most of them weren't equipped for the job they were doing and I've seen that
in others in my own career(s). An important lesson about authority.

~~~
duxup
Interesting.

I think the nature of catholic schools being a diocese to diocese (or grouping
of them) thing tends to create a lot of variety.

My school had similar teachers (this one sister and one priest aside) to any
of the other local schools.

Also unlike the schools near me now ... it was basically open enrollment like
any public school and the costs were on a sliding scale based on income. Many
students (myself included) paid very little in tuition. The diocese picked up
the tab for the rest.

Meanwhile the catholic schools where I live now are ultra exclusive and
bonkers expensive. They like to hint at a very 'classical' education and a lot
of discipline.

But at my school things were very much easy going and by the time you were a
senior you effectively were taking mostly college classes from the local
colleges, and coming and going from school as you pleased as you might at
college. It was a great experience (although I proved to be a terrible college
student... so maybe not as effective for me, but I wouldn't blame the school).

------
hinkley
I have a reverse story of this.

Bumped into a friend from freshman year in the computer lab one day. I don't
recall what happened, but he decided that something I had said or done
offended his honor (half jokingly) and that he was going to email bomb my
account as retribution. He writes a shell script to do this, and proudly shows
it to me. I read the code, state, "You don't want to do that," and walk away.

He does want to do that. A moment later he notices that his terminal window
has started acting oddly. So he decides to log out and log back in (he could
have just opened a new window). And it won't let him log in.

As I open my email client to delete the couple dozen emails his script managed
to send, I explain to him that he just fork-bombed himself, and since the
ulimit was something tiny (32 processes?) it took me less time to delete the
'mail bomb' he sent me than it did to explain what he did. And since he closed
his only shell, only an admin could now get him out of this.

"I told you you didn't want to do that."

He did, in fact, have to go to the admin and apologize.

A year later, "friend" applies to and is accepted into the NSA. And joke's on
me, because I have slept a little less soundly every night since knowing the
idiot who fork-bombed himself is now involved in national security. God help
us all.

~~~
skrebbel
> idiot

Maybe he learned?

------
tylerjwilk00
I've had a similar experience with spying software in University. The
instructor was bragging about the spying tool during a lesson. Driven by
disgust of being watched I quickly identified the remote host and port. Hacked
together a shell script to flood the host with spoofed connections. While this
was going on the command server was projecting it's video signal to a large
screen at the front of the room. I watched with glee as the active clients
preview thumbnails of the spy app slowly filled with fake clients. Very soon
the machine locked up and became unresponsive. The instructor became noticably
flustered I raised my hand and claimed responsibility. I was excited to
explain how I did it and discuss but instructor was not interested at all.

~~~
HeWhoLurksLate
This was my life in middle school- we had these _crappy_ dual-core laptops
that had monitoring software on them, and the computers would grind to a halt
if a teacher wanted to see what you were doing. I think that running the
modified VNC thing that was used took about 80% of the CPU's available power,
and like 90% of the RAM?

Anywho, those experiences made me realize how much I value A) my privacy and
B) just being left alone.

~~~
core-questions
That's surprising - used to use VNC to do remote support for people running
Pentium II and III machines in the sub-1ghz, single core range, and
performance was fine. I suspect those machines were overburdened if you really
experienced that much of a performance hit.

Just for reference, in middle school we had one Pentium 60 with a CD-ROM that
was an absolutely mindblowing machine. I got to use it maybe once a month or
so... Everyone else had to use the 386s while one kid would have his day on
the fast machine.

It seemed so futuristic at the time, and now the story just makes me sound
old.

------
unnouinceput
1st year at Uni. Year is 1993. 286 running DOS on top of Novel Netware and
booting from network off a 386 behemoth that need it to run 1st.

So this guy was the sysadmin, a freshly minted assistant which had the bad
habit of copying our sources and see if anything interesting is in it.
Therefor I wrote a piece of code called Super.exe with nice graphics and a lot
of bling bling that had inside a virus which when run from a normal user (like
ours) did nothing but when was run from a Supervisor (Novel's name for
Administrator) account would create another user called Hypervisor with blank
password. I created the .exe, erased the sources and let it sit on my account
and went home.

Next morning I tried the Hypervisor account and what do you know! I got in.
Used for next 3 years to give my normal user more space when I need it and to
do creepy stuff to said assistant when he was pissing me off. Poor sod never
knew, always suspected bugs and viruses. I told him 5 years after that, when
we met by chance at a beer with common friends. His eyes opened wide and
exclaimed: "So it was you!!? I never suspected you". Fun times.

~~~
crtlaltdel
1997, pwd for the charter school dialup account was stored WarGames style. i
used to connect after midnight until about 4am a few days a week. lasted until
they switched providers.

------
tluyben2
Not entirely on topic, but I do remember going to college which was the first
exposure to this large rooms with computers. I had computers at home since the
early 80s but by the time I got into college it was win3.11 time, after my
MSX-2, Amiga, DOS but even C64, I really really hated Windows for it's
instability and inefficiency.

In college we had 2 (large) rooms with computers; 1 had Windows boxes with
win3.11 (for networks) and later win NT and the other had Sun sparcstations.
The Windows room was always full and the unix room always empty. So I sat in
the Unix room behind these machines that never crashed and had access to not
only all the others in the room for doing interesting distributed things, but
also to the 2 E450's in the basement of the college. While the Windows
machines were on another network and were just basically crashing all day long
(got a lot better with win NT obviously but still wasn't great). I later
learned that the school head sys admin seriously hated Windows and loved Unix.
So he basically ignored everything happening in the Windows world and just
switched off the entire room at night while the Unix machines had uptimes that
felt impossible if you compare them.

Ofcourse, as the PC won, the room with the Sun machines was replaced with
Windows machines; I got 10 SparcStation 5's (with the gigantic CRTs), a few
SparcStation 1's, few UltraSparcs (5+10) and an E450 after they removed all.
All are still working without fault to this day. It is depressing how throw-
away modern hardware is, but what can you do.

~~~
core-questions
Just found a picture of the E450 -
[https://s.yimg.com/aah/anysystem/sun-e450-large-27.gif](https://s.yimg.com/aah/anysystem/sun-e450-large-27.gif)
\- and I gotta say, any computer that looks like it could have been Zack
Morris's sweater is a good computer in my books

------
joelmeckert
I remember repartitioning the drives on the lab machines, so that when they
were reimaged, the content in the new drive E, volume label CD-ROM, remained
static. Hid the directory at the root, inserted a high ASCII character so that
one couldn't browse to the directory without knowing the character, and shared
this knowledge with a few individuals.

------
butterfi
I got kicked out of my high school programming class for logging into another
high school's computer network. I didn't even break in, I logged into a friend
of mines account and downloaded a txt file about a game. The teacher reviewed
all the paper (these were print terminals)that got thrown into the trash and
decided I was up to no good. (This was in the 80's when we really didn't have
rules about networks) It would be hilarious if isn't such a stark example of
how a poor teacher can almost fuck your life up.

------
danShumway
This is a really fun story, and I love your writing style! Thanks so much for
posting this.

A lot of my most creative stuff growing up came out of me needing to work
around really weird restrictions in middle/high school. In a really weird way,
I'm almost grateful for some of the arbitrary rules and setups because they
created a similar environment to what people seek out nowadays with platforms
like the Pico 8 -- limitations in an unfamiliar environment force you to be
creative with the resources you do have.

 _Edit: The other articles you reference in this one are also
great![https://martinrue.com/give-yourself-more-
playtime/](https://martinrue.com/give-yourself-more-playtime/) makes me really
happy._

~~~
martinrue
Thanks, really glad to hear you enjoyed them!

~~~
jwdunne
Me too! Interesting to see you’re in Manchester too - not every day a fellow
Manc hits the front page :)

~~~
martinrue
Awesome... small world :)

------
s_Hogg
I remember in my high school every computer was a windows machine that ran
Novell Net ware on boot. So some dude brought in a Linux distribution on a
diskette and found he could mount anything on the network and do as he
pleased.

He was honest and had a crowd of people around him including staff as he did
it, which was No Fun At All.

~~~
selpop
I got called into the administration office for running Linux off a USB stick.
It wasn't for anything nefarious, I was hoping could have my development
environment stick around, since the Windows environment would reset everything
after you logged off

It was clear the principal had no idea what this "Linux" thing was, but the IT
person did his best to make it as spooky and evil as possible unfortunately.

I don't remember what came of it, but later in the year a computer virus hit a
few computers in the school, and I distinctly remember a multiple people
thinking I had done it...

Of course I would never, I was the last person who would want a run in with
that IT guy again all. But no call into the office that time, and in
retrospect I wouldn't be surprised if it was a simple misconfiguration being
called a "virus" since it allegedly only affected teachers' classroom PCs

~~~
opticfluorine
I was reprimanded for using PuTTY to log into a remote server for a course I
was taking through the local community college in high school. The head IT
person said that the white text on black background looked too much like
"hacking" and that it wasn't allowed. I switched to black text on a white
background, and everything was good again.

~~~
bransonf
Green text, black background.

I’ll open a terminal in my university courses and take notes in vim just to
see people’s reactions.

Even better, doing anything with a lot of stdout. Fast scrolling text in a
terminal freaks out a lot of people.

~~~
mjevans
They've obviously never tried using Gentoo before... the faster the text
scrolled the better.

------
MrStonedOne
When encountering a problem, every now and then a programmer might say: "I
know, i'll code a C app that uses sockets to solve my problem" Now they have
two problems.

But this brings up a fun idea for a red team challenge, How well can you
disguise what you are doing while being watched by somebody.

~~~
c0nfused
Would recommend the bit in Cryptonomicon with a similar challenge. Actually,
the entire book

But as a formal challenge it would be super neat to try to do. The sneaky
hackathon

------
milankragujevic
I did this in school. Not the exact same way but I was so smugly satisfied
with myself. I tortured the IT teacher the last few months. He deserved it,
for being stereotypically uninterested in teaching anything beyond the minimum
and actively shut off any attempt to learn more about anything.

~~~
tylerjwilk00
Ugh. I'm not sure what's worse: them being lazy and uninterested or them
feeling actively threatened by a student's search for knowledge. The latter of
course being the antithesis of education.

------
rkachowski
This was a pretty great story, although I misread the title and expected the
admin to turn out to be a founder of the VLC project

------
sdca
When I was a junior in high school and computer lab monitor, I made a
suggestion that we install VNC on every computer and it was green lit by the
administration. We used an app that could view thumbnails of all screens at
the same time. I only enforced the "no porn" rule. Kids could play games,
browse the web and I accepted fake hall passes. But if they were watching porn
they would be thrown out and banned.

------
commandlinefan
Not my hack but - when I was in college, there were two computer labs: one for
CS majors and one for humanities majors who just wanted to type research
papers. The CS computers booted to a DOS prompt and you could run anything on
them, but the “writing lab” computers were configured to boot straight to
wordperfect, and the exit command was password protected. A friend realized
that you could hit F12 to get a shell (a DOS prompt), use that to look up the
exit password, and exit out of WP on the writing lab computers.

------
redstripe
I worked in a large call center and we used VNC to monitor the agents. This
worked until one one of them figured out what the VNC tray icon color change
meant - which meant they soon all knew what it was.

So I had to do the reverse hack of this guy. Easiest way was just to load up
the VS resource editor and change the icon so that it always looked like there
was no connection.

------
blibble
we had a similar system at high school: VNC on all computers, staff reguarly
logging in to check you weren't doing anything fun

VNC ran as a separate user with its password hash protected by the relevant
registry permissions

one day we found a machine undergoing an automatic rebuild, found the password
hash, and of course VNC only supports upto 8 char passwords

apparently it turned out they used the same VNC password for every single
machine, including the staff ones

~~~
3fe9a03ccd14ca5
Are there other fields like computer science, where some students start
university knowing how hashing works and being able to brute force passwords,
while others start having barely used a keyboard and mouse?

It seems like most programs people start on relatively level playing fields,
but that couldn’t be more untrue for computer science.

~~~
rjsw
Maybe some foreign language courses, the course itself will be mostly about
literature in that language, you can get a mix of people who have learned
other languages but not the one being studied and people who are native
speakers.

My CS course had everything from a few of us already writing commercial
software to people who had never touched a computer.

------
daneel_w
Fun story, thanks for sharing! Is it correct that it was around the year 1997
that you were using your Commodore 64 with a tape deck to get into computers?
You mention that the college was using Windows 2000 and VNC setups, and that
you were interested in the D language, which would place the start of those
college years no sooner than 2001. I also kept using my Commodore 64 up until
the late 90s!

~~~
martinrue
Thanks, glad you enjoyed it. Yeah, I first got into the C64 in 97. College was
5 years afterwards, so in 2002 for me. I link to another story, “Give yourself
more playtime”, at the bottom of the post. You may enjoy that – it’s the story
of how I securely wrote password programs to all my favourite game cassettes
:)

------
Thorrez
In high school I found there was an whitelist of executable names, as long as
I named the file firefox.exe it would be allowed to run.

For senior prank I created small Autohotkey executables that would swap what
some keyboard keys would do (e.g. 'm' with 'n'). Then I booted the lab
computers with a Linux live CD, and copied the executables into the global
start folder (a different executable for each computer). When students came in
that day to finish their homework in the morning at the last minute, they were
quite annoyed, but some found it funny. One clever student figured out that
killing the firefox.exe process fixed it (until the next login).

I didn't get in any trouble (senior prank was semi-sanctioned), but they did
need me to clean it up the next day.

------
franga2000
I have a similar story but with a lot less actual hacking. Our school was
monitoring lab computers using iTalk (?), which besides remote desktop also
allowed things like sending messages and blanking the screen.

After my Grand Hacking Crime of teaching all of my friends how to use proxy
servers and supplying them with a text file containing several hundred that
allowed them to bypass the website filter, I was constantly being watched,
which annoyed the hell out of me.

So I started digging around when the teacher wasn't looking and discovered
that, while only the server part of the monitoring system was "installed", the
files for the client part were still included. Without having the admin creds,
all I could do is send messages, but that was enough. After testing it on a
friend's computer as a joke, I sent the master PC a single message containing
several hundred lines of Shakespeare's plays. The message appeared in an
always-on-top msgbox and could only be dismissed by the OK button, which was
by my estimate several meters below the bottom edge of the monitor.

------
spentu
I love stories like this. It would be nice to have a site full of them.

~~~
ta999999171
Read old IRC logs.

~~~
exikyut
Assuming I had the patience and wherewithal to trawl specific channels, but
not to actually identify the channels in the first place, could you give some
recommendations?

------
connorfoxley
My school had something called Securus, which would scan the memory of all the
programs, scan for combinations of pixels indicating pornography (on the
screen and on your personal media devices) and of course key log everything.
Luckily they include Python on some of the computers for a quick task kill.

~~~
voldacar
>can for combinations of pixels indicating pornography

How could this possibly work in the era before convolutional neural networks?

~~~
marcoseliziario
Heuristics. Amount of skin tones mostly. Of course, lots of false positives at
that age, and some false negatives due to racial biases of the algorithm. It
was crude, but kind of worked.

------
eps
Could've just unplugged the network cable... though the plan to proxy someone
else's VNC server was a good one.

~~~
wtracy
It's a good plan until that person breaks some rule and gets you punished.

------
bArray
A few of my stories, back from the XP/2000 days at school:

\---

The internet webpage filter at the school would stop you from playing games
(particularly flash games), something as kids we quite enjoyed doing. I
noticed that sometimes the real page would flash up and then go to the block
page. After a while, I found out it was simply serving a "redirect" if the
page contained banned keywords.

My 14 year old brain figured that I could make use of iframes so that the top
section of 1 pixel height got given all of the "redirects" whilst the bottom
half opened up google.com, where we could merrily search for games and
proxies. This worked until I got VNC'd one day, logged off, account banned and
the blocking system updated to filter prior to connection.

\---

Still wanting to play games, I went to a friend's home (I didn't have internet
back then), downloaded the entirety of a games website using a crawler and
then brought the flash games in on a memory stick. As some of the teaching
software also used flash player, this method of playing games was good until
the every end.

\---

My friend was watching all of these little tricks and thought they were cool.
I wanted to try some things that would require two people to pull off. One
lunch time we go to the library (the only machines in the school I can
actually use now) and start experimenting with emails. It turns out that we
could set custom rules.

A few minutes later, he has a rule that emails "Hi" every time I send him an
email, and mine in return says "Hey". We trigger this snowball off... 500
emails... Haha. 5000 emails... Still funny. 50,000 emails - erm. 500,000
emails, the computers are grinding too a halt. Disk space on everybody's
accounts is evaporating.

Email system starts sending out "Unable to send message, not enough space".
Few, we thought. But each one of these messages was a few kilobytes, and each
one triggered a new one (as there wasn't any space for that either). Suddenly
the number of emails starts growing again as each of our accounts gets an
automated space message.

We undid the rules and held the delete key for 30 minutes, there was still
500k emails when we left for class, but it wasn't growing any more. I assume
an IT guy saw what we did, because the next time I logged on, the rules were
disabled and the emails were gone.

\---

Some of the kids in the school had started to give me a "hacker" status and
then one kid started to claim he was much better than me. Challenge accepted.
I wrote a simple javascript webpage that would keep opening itself up,m saying
something like "you think you're a hacker?" in every page. Crashed my machine
- perfect I thought.

I email him this web page, he opens it, crashes his machine. He thinks this is
as brilliant as I did. He emails it to all of his friends. Their machines also
crash. They email it to their friends, etc, etc.

The next day I get pulled into the deputy-head's office, complete with angry
IT staff. Apparently all of the kids using computers that day decided that it
was a perfect way to get out of working, claiming their work had been lost
(Word even back then had recovery options). Two weeks ban from using any
computer. I got asked where I got it from - at the time I said "I downloaded
it from some website", but I wish I had told them that I had learned
javascript and created it from scratch.

\---

"Trolling" had become a thing, where you would try to cause somebody an
inconvenience and leave a troll face there to let them know it was on purpose.
Some of our exploits included taping a troll face to the underside of a laser
mouse, unplugging mice/keyboards and taping troll faces over the USB ports,
swapping people's mice over so that they controlled each other's computers,
turning everything upside down in the settings when somebody left their
computer unlocked and left the room, holding down sticky keys to crash the
computer out whilst making an awful noise, etc. We got quite creative with
this.

\---

Printing was done by room, with printers automatically added to your account
depending on where you log in. In one of our classes there was an "expensive"
glossy colour A3 printer, where the teacher would monitor what it was used
for. We figured it did no authentication and that we could copy the printer
settings and print remotely. We could also pretend to be another user as it
didn't connect at all to the user database. In a class with a few friends in,
we remotely printed large cartoon pictures. Apparently the teacher was
frantically trying to find the person who was printing and they all had a good
laugh. They then took that printer off the network.

\---

File explorer back then was patched so that we couldn't see network drives and
even if we could, we couldn't get onto them. A few teachers sharing their
screens would leak the fact that they had a private staff share. Child mind:
Challenge accepted.

After several failed attempts using browsers and explorer, we discovered that
Microsoft Office wasn't patched. Suddenly we could access other student's work
spaces and save files in there. We could access staff's work spaces and save
files in there. We could access IT work spaces and save files in there. We
occasionally left a "I'm watching you" file (created at home so it didn't have
our user account metadata) in random staff accounts.

At this point I think we were on their radar, but they needed proof. One
afternoon we access the headmasters work space, who apparently left files on
his desktop with his various login details. A bunch of students could now
pretend to be the headmaster (we didn't as we knew this was suicide). (Turns
out later that this headmaster was stealing school funds, so in retrospect I
don't feel bad.)

We then found the "program" drive. It was a literal jack pot. Installation
binaries with site-wide licenses. Back then there was no IP checking, one of
these licenses was golden. We could install thousands of dollars worth of
software at home for free, including Adobe everything, Maya and other 3D
packages, office and every other custom piece of software.

Stupidly I had shown other people how to do this and they were running through
the network like a bull in a China shop, triggering lots of errors, and as it
turned out - getting lots of attention. In bursts a network administrator and
he shouts my username into the room. This was the "oh shit" moment. I was
dragged into the headmasters office whilst my teach protested that I was a
good pupil.

I sit there whilst being berated, the network admin wants to call the police -
whilst he wafts a large document full of screenshots in his hand (50+ pages).
(Apparently they kept screenshots for evidence as I caught them off guard and
they didn't have video capture.) They come to an agreement that I am
indefinitely banned from using a school computer with no police involvement,
as long as I give them all of my exploits. As a child I don't see any way out
and agree. They handed me single piece of A4 paper and said "write everything
you know on here". Before I put even a single word to paper, I replied: "Can I
have some more paper please?".

------
jstewartmobile
Undertaking nerd-duel with low pay disrespected computer lab janny is
shameful. Would not share...

