> In high school, we had a Netware 3.12 environment, and the Guest account was enabled, albeit with very limited privileges. But for some reason, Guest could still use NET SEND, which popped up a little message in the bottom row of the destination machine's display. > ...Nobody noticed that these messages came from GUEST

You mention Netware, but as I recall the Netware function you describe was just "SEND" and "NET SEND" was a Microsoft networking thing. (But maybe there was some integration between the two after my experience with Netware, who knows.)

I mainly wanted to say, as someone who used/abused a Netware network in high school, I disassembled the SEND program and discovered that the username included in the message is not authenticated at all -- the IPX (or NETX, I forget which) software interrupt just took a string, and the SEND executable formatted the username into this string. So by crafting your own SEND program that used the software interrupt directly, you could easily forge any username you wanted. So you could very easily send a message from "ADMIN". :)

This should not be construed as a confession of any network shenanigans that may or may not have occurred at my high school. ;) :D :)

I had discovered the windows net send command as a highschooler too. We mainly just messaged jokes back and forth. One student later decided to try the wildcard to send to everyone, just a simple "Hi". It went out over the entire district hitting multiple schools. I forget why, but no one knew who did it at first. But we had some software installed that let the admin/teacher remotely blank screens or lock the computer, etc. I remember they blanked his screen remotely and once he complained they knew it was him. Didn't get in too much trouble, but I still felt bad for teaching everyone about net send.

In high school a friend figured out you could map any network drive to your desktop and access it (Windows XP), and since everyone in the entire school district had a username of {last name}{first initial}, you could gain read/write access to anyone’s network drive (essentially “home folder”). He used it to get test answers from teachers, I used it to create (empty) folders named “porn”, “porn 2”, et al.

Anyway when he was caught (a fellow classmate ratted him out) he got 10 days out of school suspension. The VP threatened to call the police… for what offense I’m not really sure. There seems to be a fundamental misunderstanding of cybercrime and cybercrime laws. I mean was it really unauthorized access (they called it “hacking” of course) if his user account literally had permission to map network drives?

They removed the ability for student accounts to map network drives, but the district IT guy was not fired. I really don’t get that. Maybe the union saved him… but dog, everyone knows you can map network drives by right clicking on the desktop. I never thought to try it, but that doesn’t mean the district’s IT SME gets a pass.

I have a very similar story. In high school, our library was using a windows environment and through some luck, I discovered NET SEND or something like that. I figured out my friend's computer names and I started sending them messages. We eventually communicated this way even under the strict librarian and I eventually hatched a plan to annoy everyone. I put together a crappy batch file that iterated through every computers name and just mass sent messages but screwed up the iterator and it went forever. I think we had to restart all the computers but no one figured out it was me except my friends.

Miss those days and also miss playing soldat on those crappy PCs.

Once swapped the system disc of a netware server live. Can't remember why exactly, I think it stared to count bad sectors as we watched and we needed to keep it alive copying the data to the new, to-be system disk. Then we made sure, nobody was logged in, it was about midnight, hit Alt-LeftShift-RightShift-Esc and while Netware paused in the kernel debugger, swapped the disks. Continued the debugger and - it worked :)

A bunch of NET SEND stories in this old thread: https://news.ycombinator.com/item?id=28844101

As I said there, back in the day I wrote a C++ program that was basically an IM interface on top of NET SEND. Fun times.

We used to pull similar shenanigans in middle school. Teacher computers were finally on wifi, So I'd pull out my little android tablet and USB Wi-Fi card. Run an evil AP, deauth, downgrade to HTTP, and put whatever I wanted on the web page. Good times.

Oh, wow, Novel Netware. That takes me back to high school.

Our computer lab had Novel Netware, I forget which version. Every once in a while, our regular programming classes (Pascal in first two years, C and Assembly Language in third year, Prolog and Theory of Relational Databases in fourth year) would be held in the lab, instead of the classroom, and we would get to put what we learned to use and do some actual programming.

Now, some of us had computers at home and had been using them since before the high school, so we tended to finish our work really fast and then get bored. And just like a lone sharpie cap is the most terrifying thing a parent can stumble upon, so a bored high school kid is the worst thing for your computer security.

Each student had their own account, but teachers shared a limited number of teacher accounts, with special privileges, such as monitoring other students' screens, having full write access to every student's files, etc.

For some reason, I don't remember why, teachers would occasionally go to a student's workstation and log in as a teacher there, to fix the problem. I honestly can't remember why, but it was a common enough problem that it wouldn't raise any brows even if one of us "advanced" kids did it.

So, of course, I eventually came up with the idea of writing a really small and simple program that would look exactly like the Netware login prompt, with one small difference: when you entered the password, it would write it to a file on the filesystem spit out whatever the "incorrect password, try again" reply was, and then execv the actual login program.

The ruse worked perfectly: I called the teacher, they tried to log in, thought they mistyped the password, tried again, succeeded, did whatever it was they were supposed to do, and logged out. Now I had the teacher account password, and so did my best friends in mischief.

We had some innocent fun by pulling a couple of very minor pranks on our fellow students that flew under the radar, so none of the teachers realized that the security was compromised.

But then the annual programming competitions came, and those went all the way from school level, to municipality, to city, to republic, to federal. I was one of the people who qualified to the city-level competition, and what do you know, that year it was hosted in our school's lab.

I finished all the problems with plenty of time to spare, which is how I came up with the "brilliant" idea of helping some of my peers by sharing my solutions with them using the teacher account. Now, one thing they neglected to teach us was the importance of testing, but I'll be honest, even if they did that, I was a typical teenage "gifted kid", which meant I was overconfident and lazy. As a result, everyone who I shared my solutions with happened to have the exact same bugs in them.

A few days later, they called me to the teachers' room in the computer lab, and said that they knew I cheated, that I was already disqualified, and that I should save myself some trouble and explain what I did. So naturally, I came clean and I thought that was the end of it.

Indeed, it was the end of it for me. Nothing else happened, at least nothing of consequence for me. Years later, I found out that I almost got expelled. They held a teacher assembly or conference or whatever it's called when you get all of them together to make a decision, and the decision was whether to kick me out of the school. Fortunately, they decided to let me off with a warning and the official reprimand from the headmaster.

My mom didn't think that was funny at all.

On Windows these messages are created using SMB IPC and you'd think this would mean the "sender" (user and host) are authenticated, but nope, the sender name is just a string field that can be anything. You'd also think the host would be based on something like the client IP and a reverse DNS lookup, what with the whole Active Directory thing, but nope, it's also just a string field that can be anything. And with SMB IPC you'd think only some privileged component can invoke it, but nope, any user can send those message popup commands to any machine pretending to be anyone on any other machine. I did not make wise use of this knowledge back then.

In my high school, we put SETI at home on the image used to ghost all the PCs, and set it to run at night. Our high school had a few hundred PCs so we were climbing the leaderboard for a while until the District IT department found out and did not approve of using that much bandwidth...