Comment by snerbles
4 years ago
> All the computers displayed a popup window
When I engaged in `net send` shenanigans at the local community college, at least the IT staff was smart enough to know where to scramble a runner whenever those dialog boxes popped up across campus.
"ALL YOUR BASE ARE BELONG TO US" was quite the meme then, but apparently they thought it was some form of cyber-terrorism.
A good buddy of mine did the same, but with the message "DOOM!"
His punishment was community service, and the service was having to be basically an intern for the school IT guy. Smart administration, really.
That's the only proper response, really. You love to see it.
I'll never understand braindead school administrators whose response is "throw the entire CFAA book at them" for kids who do the most harmless sort of "hacking". I mean, they're literally 16-year-olds. How disconnected from reality does one have to be to think that police/legal action is appropriate for this type of stuff? It's like they're specifically trying to ruin lives and create criminals/blackhats.
Edit: And something I remembered while scrolling this thread... it's particularly disappointing when it's the actual IT staff who get mad and threaten to press charges. Like, sure, if it's a 60-year-old secretary who's worried about you starting WWIII by whistling into a payphone, that's just ignorance, that's one thing. But IT people ought to know enough about security/"hacking" to see how ridiculous they're being... just sad.
> How disconnected from reality does one have to be to think that police/legal action is appropriate for this type of stuff?
They don't ask that. They just want their computers to always magically work and having to dedicate mental resources to events in IT at all is an intrusion to their time - to them, throwing CFAA at them is "setting an example".
Nice Mitnick callback.
I received a similar punishment for running an autoclicker against some charity adware installed by a well-meaning administrator.
That semester of internship was pretty fun, all things considered.
That's such a wholesome punishment.
Same punishment for me back in high school when I "guessed" the admin password. They all knew I didn't guess it and was given the job/community service. They kept the same password.
I haven’t thought of net send in years. Circa 2000 I worked at Cisco and added some javascript to my profile in the corporate directory that sent me a net send message with the hostname of the computer that viewed my profile. At that time the hostname usually included the employees username, so I had a nice heads up that somebody was looking me up.
I should have left it at that, but Ingot cheeky and also did a net send back to the origin saying something like “thanks for your interest in onionisafruit”. That got escalated and I was threatened with disciplinary action. It didn’t occur to IT that they shouldn’t allow arbitrary script tags in user profiles. The best response was just to threaten the people who were creative with what they were given.
Curious how you escaped a (browser?) With JS to do "native" net send? Assume it was some activeX?
I don’t remember the details, but based on my skill level I know it wasn’t anything novel. At the time I was learning my first programming language, Perl. IIRC I had a Perl daemon running on my computer that accepted an http request, did a reverse dns on the origin and sent the hostname in a net send message. Some of my coworkers used Sun workstations. I could get notifications from them but obviously couldn’t send them a net send message in response.
The js probably pinged their own server with then did the 'net send'
IE supported vbscript, though I don't know how far back that goes. You can certainly run arbitrary commands from jscript or vbscript using an hta app (or wscript)
When I had my net send fun back in school, an IT guy found me and just explained that if it becomes a recurring thing, they'll have to disable it on the network. And that they would prefer to keep the functionality available, so it would be a real shame if I ruined that for them. I never did another one, because I understood it would be a dick move.
No condescension, no threats. Just treating me like an adult with a constructive conversation. It never occurred that anyone might overreact like many in this thread experienced. Makes me feel pretty fortunate now.
Ah good ol net send… we had a lot of fun in high school with that in the 90s
O mannn I was suspended from HS, and banned for 2 years from touching school computers for net send shenanigans as I wasn't smart enough to cloak the originating workstation.
My message to every single computer in our HS:
"Hey what's up!"
my friend added to this:
"Your network (H:/) drive is being deleted."
School administrators and teachers did not find this funny.
About a year after the college prank, I was recounting the incident to a helpdesk coworker on a relatively quiet Saturday. He refused to believe that "net send" even existed, and dared me to do it. So I did, the content of that message being a rather tame "This is a test message, press OK to close."
He was on phones, got about twenty calls including one from a VP - with even more popping in throughout the following week as people returned to workstations to see the dialog. We were able to play it off as "testing the network" (not wrong I suppose), but our manager was a responsible sort and had it blocked with a group policy shortly after.
What year was this? I remember a time in the mid 90s (c. 1996?) when Novel had just upgraded to "intranetware" and all the computers had fancy "web browsers" which was fun, there was a 64k ISDN for the computer suite (we actually had two, but the other was RM Nimbus machines which could just about run netwars). This was in the UK
I changed the homepage to a webpage which redirected to file://c:/con/con (which for those who don't know caused a windows BSOD at the time).
IT teacher thought it was hilarious, used it as part of the lesson about how computers can be broken into, and told everyone "ok we've seen that, don't do it again".
Another time I remember writing a simple program, probably in qbasic, which captured passwords to a file. It only wrote a the first 4 or so letters to the file - showed what we could do, had a little fun, tricked the teacher into logging in, and then told him "ha ha".
As long as you came up with creative things (not just copying others, which is tedious), which didn't cause too much disruption (no deleting files), and stopped doing it once you proved it could be done, you were fine.
Networked IT was new and exciting then though, to the students and the teachers. A few years earlier and it was all BBC Micros, a few years later and everyone was on the internet and trying to install backorifice, but for a brief moment well meaning harmless (for a teenager) curiosity was rewarded.
> and banned for 2 years from touching school computers for net send shenanigans
Ha, yeah I got banned for using net send as an IM app with friends too. There were a couple of us in my school who were skilled, enthusiastic programmers - it is kinda stupid that the punishment they decided on was to prevent us from being educated :-/
A computer teacher once threatened to kick me out of class for reading the help file, obviously because they were annoyed I knew more than they did.
*HELP. on a BBC Master
At a place I used to work, there was a lady who would prank folks. She was not very technical.
Those folks came to me with a request for some sort of Net Send revenge.
I wrote a VB script which ran in a loop, which randomly 8-10 times a day would get a new message from the BOFH excuse generator and net send it.
Ahh, youth.
Loving all these net send stories. Back in the day I wrote a C++ program that was basically an IM interface on top of net send. Fun times.
Wow, almost the exact same thing happened to me and I was thrown out of that school, mainly for using another students account to send the base message.