this post was submitted on 09 Jul 2023
373 points (97.7% liked)

Asklemmy

43939 readers
425 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] rho50 46 points 1 year ago

Discovered that the credentials for the library computers (which were helpfully printed on stickers for the forgetful librarians), were in fact domain admin credentials.

Gave myself a domain admin account, used that to obtain access to some sensitive teacher-only systems (mostly for the challenge, but also because I wanted to know what was going on my school report ahead of time).

My domain admin account got nuked, but presumably they didn't know who had created it. Looked up the school's vendor ("Research Machines Ltd.") and found a list of default account credentials. Through trial and error, found another domain admin account. Made a new account (with a backup this time) and used it to install games on my classroom's computers.

Also changed the permissions on my home directory so that the school's teachers (who were not domain admins) couldn't view my files, because I felt that this was too invasive at the time.

That last bit got me caught proper, and after a long afternoon in the principal's office I left school systems alone after that for fear of having a black mark on my "permanent record".