Hmm, let's see. It would have been 2004-2008 IIRC. I think I did it at the tail end of that time period though. I want to say that it was on the gumdrop shaped macs but I know the school got some of the first iMacs around that time as well. The new iMacs were awesome to me because I could carry around an external hard drive and boot the newest macOS (Mac OS then) off it. It meant I had root and that coupled with a proxy gave me a fully unlocked computer.
> I want to say that it was on the gumdrop shapes macs but I know the school got some of the first iMacs around that time as well.
The "gumdrop shaped macs" were the first iMacs and were released in 1998 (I remember this well because that was around the time I worked for a publishing company so had to deal with MacOS 8 and 9 a lot as well as wiring a gigabit Apple Talk network (at the time that was very futuristic).
I had similar tails of exploiting my school network. Though it was Windows 3 and I way playing Wolf3D loaded via a program called something like "Object Manager" that allowed you to embed data into winword (might have been related to OLE?). Those machines were null terminals so the game was installed into my user area. Unsurprisingly I got caught but thankfully deleted the executable just moments before hand so I only had to make an excuse for the WAD files.
At college I upped my game and write a RAT which I installed on every PC on the network. I actually managed to get away with that one, albeit there were a couple of near misses. One time I got caught because some mates sat next to me were playing games. When questioned what I was doing I confessed to the lesser crime of also playing games because writing malware would surely have seen me suspended (or worse) rather than having my IT privileges revoked for 24 hours! That college did eventually find the RAT on the network but only after I left, but assumed it was someone else. It wasn't until my brother got a job at the college IT department ~5 years later when they realised it was me who installed the software.
> The "gumdrop shaped macs" were the first iMacs and were released in 1998
Ahh, my bad. This was early-days for my "paying attention to macs". I only used them at all because that was all the school had, I was a die-hard, PC-master-race, build-your-own-computer, windows user at this point. So yeah, we had the gumdrop shaped iMacs and then we upgraded to the chunky white-bodied-on-a-stand iMacs. We did have a few Mac Pros in the library (for video editing) and in the shop class (for 3D modeling), the cheesegrater style ones.
In a way, the ever-increasing restrictions during my final year at school pushed us into exploiting various flaws in their setup for a couple of reasons. Primarily, they were arduous - by the middle of the year, any window with a title containing certain strings, even ones as innocuous as "Firefox", would be closed automatically without warning. It got in the way of legitimate activities - a number of teachers also found ways to avoid them as sites they needed were often blocked. It was also interesting to keep having to find new ways to get around it ("CGI proxies"[1] found via Google -> self-hosted proxies -> wildcard domains to bypass filter lists -> access via IP and random port -> local admin exploit to disable protection/monitoring software).
In the process, we discovered that the security was rather inadequate. A VNC server was installed on all machines, including staff machines, with the very imaginative password of "vnc" (not hard to guess once you see a member of staff typing in a three character password), and we shoulder-surfed a domain admin password and it was just "school". This was later changed[2], but we bruteforced a cached hash[3] and found it was just the name of the school with a '0' in place of an 'o'. We had a 'shadow' domain admin account for _months_ before it was noticed, even after the staff were aware people were poking at holes in the system (someone else had sent a Window messenger service message to the entire domain around the same time).
We never really used it for anything though - we created the domain admin account to see if we could, then it basically went unused after that. We only got caught after someone else used a script to change the local admin password on every computer (I'm still not entirely sure why). It did provide an interesting lesson in OPSEC though - it was only tied back to us as they were tracking USD device names, and someone called their USB drive "<surname> USB" and still had it connected when logging into the domain admin account.
The punishment was to spend a week working with the IT technicians (mostly doing busy work such as cable managing rooms and tracking down serial numbers/asset tags), which gave us plenty of time to fully explain the flaws we found. I think they took security more seriously after that.
[2] we had no malicious intent, so upon realising that gave you read/write access to everyone's files, we left an anonymous note containing the login details at the IT technicians' office hoping they would improve things. Some of the teaching staff were also aware, and their only advice was essentially "Don't get caught" (and one asked for a copy of the Ophcrack live CD).
[3] Booted from an Ophcrack live CD, something that was "fixed" by removing the CD drive from every machine in the school
