• rho50@lemmy.nz
    link
    fedilink
    English
    arrow-up
    45
    ·
    1 year ago

    Discovered that the credentials for the library computers (which were helpfully printed on stickers for the forgetful librarians), were in fact domain admin credentials.

    Gave myself a domain admin account, used that to obtain access to some sensitive teacher-only systems (mostly for the challenge, but also because I wanted to know what was going on my school report ahead of time).

    My domain admin account got nuked, but presumably they didn’t know who had created it. Looked up the school’s vendor (“Research Machines Ltd.”) and found a list of default account credentials. Through trial and error, found another domain admin account. Made a new account (with a backup this time) and used it to install games on my classroom’s computers.

    Also changed the permissions on my home directory so that the school’s teachers (who were not domain admins) couldn’t view my files, because I felt that this was too invasive at the time.

    That last bit got me caught proper, and after a long afternoon in the principal’s office I left school systems alone after that for fear of having a black mark on my “permanent record”.