A 'trick' used by the file-sharing community in order to hide their files on these anonymous FTP servers was to create some nested directories with these kind of keywords. The FTP server allowed you to create the directories as well as access them (if you knew the full path) but on Windows they would just cause errors or crashes if someone tried to access them. Combine that with the ability of creating directories with just spaces as names and you could hide quite a bit of stuff from the unsuspecting FTP server administrator.
The lab admin had disabled Ctrl+C and Ctrl+Break to keep folks from breaking out of the DOS-based login prompt to a C:\ prompt, but I somehow figured out that Alt+3 passed an equivalent character and had the same effect.
I once got yelled at for being “in the lab too much” by one of the teachers, but I never got in any trouble. I suspect the lab admin (a kind older programming and math teacher) knew what we were up to.
Figured out the default password scheme for teachers.
Found several teacher accounts that didn’t change their default password.
Teacher accounts could write to network drives when students couldn’t.
Put games like it, quake 2 and c&c ra2 on the network.
Lasted about six months.
A student I had confided in ratted me out.
I was no longer permitted to touch another school computer.
I failed every class that required me to use a school computer.
Despite the fact I brought my own laptop to school, they wouldn’t let me use it.
Formal education and I never got along after that.
Unless your parents can and will sue, the public schools (SPIT) will do as they choose.
I'm convinced that I would have had a more useful education if I had dropped out, moved to Silicon Valley, and lived out of a van working for minimum wage at a startup than if I had finished high school.
For a couple weeks the school was absolutely convinced my friend and I were responsible for taking a few computer labs in the district offline and claimed we created a virus.
Eventually our folks replaced At Ease with some other app, (Cyber something, control something? no idea) but they setup a hotkey to disable it which was nothing less than shift + K. That didn't last long at all, with Karla, Kyle, Keith, and Katie getting incredibly frustrated just trying to type their name.
It was used for broodwar mostly, this was around 1998
The only thing was that you had to access your own machines with an ftp client because of path tricks like this. (Or get a Linux box, and cross your fingers nobody would find yet another wuftpd buffer overflow)
wuftp was responsible for the popularization of format-string attacks, which were magical at the time.
We all knew about buffer-overflows, and when it was explained format-string attacks were obvious, but it was the first time I'd seen a genuinely new class of software attacks.
And then Microsoft got tired of it, and (IIRC starting with Windows XP SP2) locked it down. Now if you have a legitimate need to use DCOM (for instance, OPC-DA), you have to jump through a series of hoops.
I wonder if that was really the case in the early internet at an enterprise level. Did security take a backseat to functionality?
Shouldn't it have crashed, like the blue screen-causing <img src="C:/con/con">
I assume the FTP server created the directories using a different file-system API call than Windows Explorer.
Here's a post by someone who found one of these directory structures on his FTP server back in 2003:
Man, I remember doing this to find video game executables. Good times.