I was expelled a few months later for all the fun I had after discovering this. Good times.
I also had the bright idea to try this on library computers and email kiosks around campus used by thousands of students. Rather than booting into Ophcrack I'd just log in with the admin account and run pwdump from a USB stick to collect password hashes. I figured out how to enumerate Windows machines over the network using NetBIOS and ran the pwdump utility remotely using psexec, so that I could hit every computer in the library at once, or every computer in a computer lab, etc.
I ended up cracking credentials for most students and faculty on the entire campus. I was really young at the time and thought this was some real cool James Bond shit. I never once used it for evil: never read anyone's email, never viewed anyone's private files, never poked around the academic file shares for test solutions, never tried to steal credit card numbers or social security numbers from the finance office's file share. It was purely a hack for the thrill of breaking down barriers and outsmarting the security. But MONTHS later after I had long since grown tired of tinkering with this stuff, a couple of uniformed police officers pulled me out of Calculus class and took me downtown. They tossed my dorm room and confiscated my computer and my phone and every piece of digital storage I owned. The school threw the book at me, I guess because they were so embarrassed by their incompetence on display from being beaten by a 16 year old.
(Posting on my alt account for obvious reasons.)
I don't understand this justification. The system owners can't know that to be true and have to proceed as if the systems are compromised. Would you still feel safe if a burglar broke into your house and left a note saying they didn't take anything?
Also, I didn't actually go in anyone's house. If passwords are really so inherently private even apart from their access implications, maybe we shouldn't be sharing Ken Thompson's old password.
Hell no. Otherwise you could just set up one gigantic crime by comitting a bunch of small "no damage done" crimes along the way-say, stealing a string of credentials one at a time, but not actually using them until you have all of them together and then you commit your major heist/crime.
> I'd just log in with the admin account and run pwdump
I was a kid, I was stupid, but I wasn't an asshole. I didn't go peeking and violating people's privacy because that would have been a dick move. Just like tons of people on Hacker News today have access to personal data on SaaS systems we maintain and don't go peeking. Just like tons of people are perfectly capable of picking their neighbor's locks but don't walk into their house for no reason. It's not even tempting. I don't care what's in my neighbor's house, and I don't care what's in random other students' homework documents or email or whatever. The only interesting part was breaking the security.
SOURCE: am locksmith
That doesn't make it okay, but it certainly should result in a much lesser sentence than if the perpetrator had damaged or stolen property.
You really believe this? What makes you think you speak for people in general, or know the mind of the average burglar?
And how far does your equivalence view stretch, if someone trespasses and uses your pool is that the same as taking your outdoor furniture? Why not?
Just make it more secure so the next people can have a bigger challenge.
You might feel safe if he didn’t, but you wouldn’t actually be safe, would you?
This is a problem, here GP is a hero, a hacker, a free spirit. But there is no point in romanticizing such behavior.
If you find a vulnerability in a system, you disclose it to the people that should know about it.
You can do that anonymously, or you can alert people in a subtle way.
What you don't do is sit on it and brag to people what a clever person you are.
I just cannot attribute something like that to altruism.
Dismissing the whistle-blower as a "kid, that wanted to just fuck someone over" is hardly fair.
You pretend that someone cracking everyone's password is not a problem that the organization should address or even know about.
We should not turn our gaze away. "This is not my problem" is simply not a correct response. Snowden knew that, and yet, some people call him a snitch and a traitor.
What an interesting alternate reality that would be.
You misspelled "prudent".
If you figured this out, it wasn't all that unlikely that a less scrupulous hacker could have.
(Not judging, both because I don't like to and because you were a kid.)
You broke rules for personal enjoyment and weren't even good enough to not get caught. You didn't beat them, they beat you. It doesn't matter if you went unnoticed for several months, the fact is standard monitoring and logs were your down fall. Nobody ever thinks of the log files and network monitoring tools as being part of security. Not being prevented from accessing the system is not the same thing as successfully hacking a system unless you aren't caught either.
Otherwise known as being young and in their formative years. Plenty of HN had similar experiences and luckily even 15 years ago this harsh view on teenage stupidity was in the minority.
He also doesn't seem claim to be a l33t whatever.
> Not being prevented from accessing the system is not the same thing as successfully hacking a system unless you aren't caught either.
> You didn't beat them, they beat you.
They beat themselves, which was understandable back in the day but that's a popular narrative to this day. If a school kid with random scripts or untargeted ransomware gets into a system I put far more blame on the process that prevented them from being patched than said kid.
Yet it was running for three days before the admin got around to checking the machine, and all he did was try to log in, failed, and rebooted the machine — bringing it back to the real NetWare login screen. I got his password and pretty much everybody else's too, and to this day, more than 20 years later, I still use bits of his admin password from time to time when I'm creating temporary accounts.
Its utility's limited these days since consumer configurations of Windows have users trained not to expect to have to press ctrl-alt-del to log in. I'm not sure that it's even enabled by default on domain-joined machines any more as of Windows 10 (still available via Group Policy, though).
I have no idea how network drives were managed with NetWare, but some students always managed to find world writable dirs (that shouldn't be). Then it was a matter of finding some obscure subdirectory, create a new one (typically containing alt+255 characters) and stick games there. Fun times.
We did get his password (and many others), but never actually did anything with it.
Mine would print the "typo" error message, save credentials, and then log me out and show you the real login screen.
I managed to get the passwords of every student and teacher, but alas, I stored them in a file called hacked_passwords.txt , in my home directory. Got busted, and got a dozen saturday detentions.
Instareboot on a DOS machine.
It turned out that someone hadn't changed the password, he had just mistyped it over and over again. At the time, I didn't know what "1337" meant, I just thought it was a weird number, and it wasn't until many years later that I suddenly burst into laughter, realizing the "elite" level of security in that lab.
Thanks for the good times, Ron! I'm really glad he just laughed and trusted me as I explored technology instead of freaking out when my portscanners started making the printer spew out a bunch of garbage.
My motivation for this was wanting to install my own software on the laptop that my (underprivileged) family was forced to pay for (much more than what it was worth). This was not an optional item, it was a requirement of the state-run school. The student user account was not given local administrator rights on the computer.
After using the administrator account for six months to install my own software (this is when I first taught myself how to program), the school did a random "computer" check, where they confiscated everyone's computer - unannounced, at random, and simultaneously. My computer was asleep, signed onto the administrator account.
During the inspection, the school's IT administrators and an external contractor not only went through all of the files on the local computer, but they also my Gmail account which had credentials saved in Firefox.
When my father was called into the office to discuss what they found, the school had the state police there to discuss charges. After listening to them rant on for about thirty minutes, my father turned to the female police officer and calmly said "I would like to press charges against [ ...... ] school, and Mr [ ...... ] personally for accessing my child's email account in an unauthorized manner". The head master agreed to not proceed with charges but I was no longer welcome at the school.
Unrelated, but five years later, Mr [ ...... ] was charged with possession of child pornography and jailed for fifteen years.
And if that's the only power you have in your life, you'll protect it viciously.
Teachers are usually in it for the warm fuzzy feeling of doing something good, but I've never met a headmaster who didn't behave like I described above.
In year 10, a friend of mine saw our school network admin type the admin password in (he used his index fingers and typed in each character one at a time like someone with very little typing experience - this was 1998)
Anyway, I used this info to log in as the admin and I promptly deleted all of the student accounts in the school. Students around me immediately started complaining they couldn’t log in or access their assignments.
It was a stupid and immature thing to do.
Guess it’s a good reminder and lesson that you should always be careful who is watching you over your shoulder.
I got it by writing a simple login spoofer in Turbo Pascal. The funny thing is I never bothered to remove it and after I graduated, I heard from the actual administrator that they were having a strange problem where the first login of the day spit out a disk full error.
Ha, I did the exact same thing, in turbo pascal as well!
Man, I miss those simple computer systems. I used to go to other peoples' desks and type the word "end" in column 100 of the first line of their program. They'd go mad with frustration trying to figure out why their program always ran instantly, with zero errors and zero output. Or I'd like them watch me type in my 6-digit numeric password, but they still couldn't log in as me because I was slyly holding down the alt key as I typed, so the password was really a single extended ascii character...
Getting up to all those hijinks gave me a love of computers that really set the direction my life would take.
I spent three solid semesters wasting my "Computer Science" electives on breaking into the Novell system... I found tons of these encrypted passwords, and it never occurred to me to just crack one. I did find plenty of other ways to get in, though :)
They had had a bad break up with another supplier and had lost access.
I used our Art directors MAC to break in - I did consider setting up a diy cracking farm using all our suns and running it over night but I suspect that the security department might not have approved.
NT hashes use MD4, which wasn't invented until 1990.
L0pth Crack utilized this when cracking, it first found the uppercase password, then it only had to brute force the case when cracking NTLM.
Promptly used explorer to navigate to my english teachers computer via the hidden c$ share, and delete the executable from the program files folder. Next time she logged in, BOOM nothing. no start menu, no desktop, no permissions. The admins had an incredibly consistent and predictable naming scheme, and my idiot "friends" I shared the vulnerability with promptly used this to nuke like 3 labs and a bunch of teachers computers.
Fast forward 1 month, we all got pulled out of PE by a cop and sentenced to 1-3 weeks of community service.
* I abused that profile bug to work exclusively out of portable firefox on a usb drive instead of being tied to internet explorer 6 and 7, which allowed me to bypass proxy settings and get access to gmail and read slashdot/ign/halo.bungie.org during school hours! Those were the days.
We had a meagre limited amount of quota on these shared systems (between 1 and 10 MB) but teachers had 1 GB. We stored the Quake binary on one teacher's account, Starcraft 1 on another and start kicking.
You could save the *.pwl files to a floppy, take them home, and crack them in a few minutes. All you needed was a PC that a teacher had logged into recently.
Life was so simple in the 80's.