Comment by bfirsh
4 years ago
Reminds of me my school leaving prank. I rewrote the whole internet on my school's computers. Google's logo became "Leavers '08", Facebook became "Hatebook" and was red, YouTube only played videos of cats, amongst other things.
These were the days when nothing had SSL, so you could just intercept and rewrite traffic!
My only requirement was: do no actual damage
It was implemented as a Debian live CD that you could drop into any school computer. It would boot up, then Ettercap would MITM the whole network by spoofing the router. It routed all HTTP traffic via Squid and a custom ICAP server that did the actual rewriting. If you removed the live CDs, the network just went back to normal within a couple of minutes.
Routing the whole school's network through one old Pentium machine wouldn't work though, so I figured out a way of doing distributed load balancing: it would do the ARP spoofing slowly and randomly. So, as you added more machines, it would just magically balance between them.
It worked great for about an hour then whole network mysteriously stopped working for the rest of the day. I left all the live CDs in the computers as a calling card.
Sorry, school network admins.
Unless you had a special case for the hijacking machines to ignore the spoofed ARPs, the whole thing probably fell apart when they ended up with a loop between each other rather than a path to the real gateway.
Oh, yeah. That's a very good point. That's probably why it stopped working. I always thought the network admins pulled the plug assuming they'd been hacked.
That's a common issue with distributed systems.
Something has to be "the leader" and you need a system for choosing a new one once the old one is offline for a certain amount of time.
Add in a sprinkling of how to figure out if you have more than one leader active at a time.
2 replies →
Used to be that Windows allowed programs to hook into each others’ event busses. (It might still, I’m not sure.) This might be why a few of my Highschool’s computers would interpret every 5th right click in minesweeper as a left click
I ran into a fun bug in W10 where my arrow keys were moving the mouse cursor around. Turns out MS Paint does this as a feature and somehow it leaked beyond Paint.
https://superuser.com/questions/1467313/mouse-pointer-moving...
Wow, that's been happening on one of my machines for weeks! I always have mspaint in the background to edit screenshots. Thanks!
Yup, you can still do that. AutoHotkey is a wonderful tool for this. You can intercept input events globally, and transform them or send completely different events to the target app.
For example, I use AutoHotkey to implement my JKLmouse program, which turns certain keyboard events into mouse movement for precise control. It's similar to the MouseKeys that comes with Windows, but made for laptop keyboards without numeric keypads.
And yes, you could definitely do that Minesweeper hack in AutoHotkey! :-)
https://www.autohotkey.com/
Would you mind sharing that script? I have been looking for something simmiliar, but didn't find anything that worked well and did not have the time yet to give it a try myself. I would really appreciate it.
2 replies →
> This might be why a few of my Highschool’s computers would interpret every 5th right click in minesweeper as a left click
This is just pure evil.
Wow, somehow that use of random and slowly ARP proxying as a duct-taped together load balancing mechanism makes this so much cooler.
I'm not sure I quite understand the details, though. I assume there was only one gateway for the segment, so were the spoofed ARP replies unicast instead of broadcast? Otherwise, wouldn't all clients just switch to whatever machine announced their spoof for the gateway IP last?
This was 13 years ago so my memory is fuzzy... if I recall correctly, spoofed ARP replies were unicasted to every possible address on the network. It switched from machine to machine slowly, which is fine because they all served the same content.
There were several subnets at the school, each with its own gateway. I remember having to set up live CDs in several computer labs to cover each of the subnets.
based on http://www.ex-parrot.com/pete/upside-down-ternet.html by chance? or parallel evolution? :D
Hah! I have vague memories of this. I think this might have inspired it, yes.
> I rewrote the whole internet
The web is not the whole internet, and Google, Facebook and YouTube are not the whole web.
Makes me sad to think that someone could possibly believe either of these things. I suspect the rest is just something you read somewhere, but don't understand what the words mean. Enjoy your MIPs (meaningless internet points).
I don't think this happened.
https://www.dropbox.com/s/hyt24p4j43szpdi/logo.gif?dl=0
Wow takes me back to old Google's former logo! It looked so much better with old logo.
Hypothetically it could happen and even if it isn’t true, I feel it adds something to the conversation. Besides, you cited as many sources as they did.
Sounds way overly complex for a high schooler to pull off. At least the OP sounded legitimate, the details didn't sound over the top.
5 replies →
I did some similar shenanigans when in 10th grade, with backtrack 3 and ettercap-ng it was pretty easy. I didn’t do the load balancing, and ended up crashing the network when my laptop couldn’t keep up lol.
I'm less skeptical. OP already mentioned that most things were not encrypted back then, so this was probably still in the days of transparent proxies, so OP could have "just" added one with some ARP spoofing. They were somewhat common in school and office networks, and like regular HTTP proxies (except the transparent ones had the traffic redirected forcefully to them) they essentially consumed HTTP requests and sent new ones out to The Internet. While mostly used for caching and blocking, it seems relatively simple to me that OP could have just replaced e.g. some stylesheets served back to the client.