Me and my friends had a lot of fun hacking into our school IT systems in high school. We took security as a challenge, not as a warning.
At various points, we had a shared file server for sharing movies and music for the whole school, bypassed the proxy (which also gave us a vastly improved connection speed), had Unreal Tournament 99 on the computers (this was ~2010, but it was one of the only games that would play well), we figured out how to send messages to all computers (using Novell Zenworks or something), and eventually a few of us just had full root access to the entire system. We also had lots of fun with fork bombs, setting peoples desktops to porn (we weren't meant to be able to change our desktop but there were workarounds), and the occasional broadcast storm.
If only we had known about bitcoin at the time, we'd have become rich running a mining network on the school computers.
Luckily, our school had a very relaxed attitude to our shenanigans. We generally avoided doing anything actively harmful and we also got a few free passes by helping the IT staff when they had problems (they were useless at their job).
When I was in junior high, circa mid 90s, I hade full control of my school's network. Was Novell Netware based, DOS only. Menu was meant to restrict what apps we could run to only those in the menu. Found an "exploit" in WordPerfect in that you could launch WP, hit a function key to launch a limited command prompt, but on exiting WP, it would crash, returning to a full command prompt. Being basically DOS 6.x, there was no further permissions at that point. I was friendly with the IT admin, so I always let him know when I stumbled into something (I also had about a half dozen admin accounts hidden). I had the ability to chamge grades, impersonate teachers and send messages as a teacher, but never abused my acceas. I did get suspended for a week after a network crash (likely caused by a failed disk) that I had nothing to do with.
My parents asked me point blank if I'd done and if I knew how to do it, or which I honestly replied no to both. That was when I got my first C++ book. My parents were like "if you got suspended for something you didnt do, you're sure as fuck going to learn how to do it."
Many teachers left the default password on their accounts. Was messing in the interface that I didn't understand very much and sent a broadcast message to the entire network. One by one they started beeping and displaying a blank message notification across all the computer labs in the school. Luckily I had some opsec at that age and didn't do it on the workstation I was assigned to. Logged out and quickly went back to my seat in the confusion that quickly spread in our class.
Wasn't till 2 years later that I got in trouble and got kicked off the computers for a month. For having a shareware game on the network. The network admin said something to the effect of "We are pretty certain you have done a lot of things far worse than this, but we can't pin any of them to you, so this is what you get punished for", and well, he was right.
Yeah, I didnt start cracking passwords until I was in college - I didnt need to. When in junior high, the IT admin would kick off a tape back up of the network, and stay logged in. Id wait until later, like 6pm-7pm and dial into his computer (his computer had a connected modem that accepted inbound connections with no username/password), do my thing, then restart the backup before I was for the night, so he wouldn't notice in the morning. Never did anythinf destructive, but I did have about 6 bogus accounts with full admin access. Kept those accounts to myself, lest they grt discovered. They never did... He left around my freshman year of high school. Didn't trust his replacement, so kept my lips shut about the access I had. Graduated with nearly all of my accounts with admin access intact.
In college, had to crack some passwords. Turns out all of the lab computers, the admin password of all NT lab Pcs was a 5 character building abbreviation + room number of where campus IT was based... I was expecting the crack to run overnight on my then 500 Mhz P3. The password was cracked before I could stand up to go to dinner. Last cracked passwords on my old XP laptop, that I couldn't remember the password to. Hard part is getting the unencrypted password file (since I think Win2k, Windows encrypts the SAM file on disk and exclusively locks the file while the OS is running), but if you can run something with system authority, you can inject a dll and extract the decrypted file. You still have to brute force the NTLM hashes after that, but on modern hardware, takes just a few mins. Back in the NT 4 days, at least the way our comouters were configured, nonadmins had write permissions to everything under c:\Windows. Easy way to get system? Replace the default screen saver with a copy of cmd.exe, then log out and wait for the logon screen saver to fire. Back in the day, screen savers ran as system. They dont any longer.
On the NT 4 boxes, I was able to script everything. Pop in a bootable floppy with the script and an NTFS driver, reboot, wait for the script to complete, having copied the SAM file, then reboot again and back to normal. Walk back to my dorm room, crack at will.
I managed to get root on the school district computer than were running every school thin client AND the system for grades. This was before any wide spread general software offerings to do stuff like that. The "hacking" consisted of aborting the boot process using ctrl-c and voila: root console.
I reported it to the school first and got threatened with legal action. Reported it to the central IT department and a guy came and bought me lunch and yelled at our principal for not letting me report it.
At various points, we had a shared file server for sharing movies and music for the whole school, bypassed the proxy (which also gave us a vastly improved connection speed), had Unreal Tournament 99 on the computers (this was ~2010, but it was one of the only games that would play well), we figured out how to send messages to all computers (using Novell Zenworks or something), and eventually a few of us just had full root access to the entire system. We also had lots of fun with fork bombs, setting peoples desktops to porn (we weren't meant to be able to change our desktop but there were workarounds), and the occasional broadcast storm.
If only we had known about bitcoin at the time, we'd have become rich running a mining network on the school computers.
Luckily, our school had a very relaxed attitude to our shenanigans. We generally avoided doing anything actively harmful and we also got a few free passes by helping the IT staff when they had problems (they were useless at their job).