Many teachers left the default password on their accounts. Was messing in the interface that I didn't understand very much and sent a broadcast message to the entire network. One by one they started beeping and displaying a blank message notification across all the computer labs in the school. Luckily I had some opsec at that age and didn't do it on the workstation I was assigned to. Logged out and quickly went back to my seat in the confusion that quickly spread in our class.
Wasn't till 2 years later that I got in trouble and got kicked off the computers for a month. For having a shareware game on the network. The network admin said something to the effect of "We are pretty certain you have done a lot of things far worse than this, but we can't pin any of them to you, so this is what you get punished for", and well, he was right.
Yeah, I didnt start cracking passwords until I was in college - I didnt need to. When in junior high, the IT admin would kick off a tape back up of the network, and stay logged in. Id wait until later, like 6pm-7pm and dial into his computer (his computer had a connected modem that accepted inbound connections with no username/password), do my thing, then restart the backup before I was for the night, so he wouldn't notice in the morning. Never did anythinf destructive, but I did have about 6 bogus accounts with full admin access. Kept those accounts to myself, lest they grt discovered. They never did... He left around my freshman year of high school. Didn't trust his replacement, so kept my lips shut about the access I had. Graduated with nearly all of my accounts with admin access intact.
In college, had to crack some passwords. Turns out all of the lab computers, the admin password of all NT lab Pcs was a 5 character building abbreviation + room number of where campus IT was based... I was expecting the crack to run overnight on my then 500 Mhz P3. The password was cracked before I could stand up to go to dinner. Last cracked passwords on my old XP laptop, that I couldn't remember the password to. Hard part is getting the unencrypted password file (since I think Win2k, Windows encrypts the SAM file on disk and exclusively locks the file while the OS is running), but if you can run something with system authority, you can inject a dll and extract the decrypted file. You still have to brute force the NTLM hashes after that, but on modern hardware, takes just a few mins. Back in the NT 4 days, at least the way our comouters were configured, nonadmins had write permissions to everything under c:\Windows. Easy way to get system? Replace the default screen saver with a copy of cmd.exe, then log out and wait for the logon screen saver to fire. Back in the day, screen savers ran as system. They dont any longer.
On the NT 4 boxes, I was able to script everything. Pop in a bootable floppy with the script and an NTFS driver, reboot, wait for the script to complete, having copied the SAM file, then reboot again and back to normal. Walk back to my dorm room, crack at will.
Many teachers left the default password on their accounts. Was messing in the interface that I didn't understand very much and sent a broadcast message to the entire network. One by one they started beeping and displaying a blank message notification across all the computer labs in the school. Luckily I had some opsec at that age and didn't do it on the workstation I was assigned to. Logged out and quickly went back to my seat in the confusion that quickly spread in our class.
Wasn't till 2 years later that I got in trouble and got kicked off the computers for a month. For having a shareware game on the network. The network admin said something to the effect of "We are pretty certain you have done a lot of things far worse than this, but we can't pin any of them to you, so this is what you get punished for", and well, he was right.