Should I be admitting to this?
Anon for a reason.
Should I be admitting to this? Well it was over 20 years ago in the 90s, surely nothing can come of it now.
Was on an IT course back then and enjoyed it. Never really took in the networking side for some reason, considering I enjoy it now. Anyway. The one thing I had notice was the way we'd login to the network. Boot the PC to Dos. Switch from C drive to F drive (can't remember exact letter). Type Login and press enter. Then you'd put in your login details and password. You were now logged in with your network account. Now type WIN, to start Windows 3.1
Interesting (it was relevant). During this time we were being taught programming in Pascal. I loved it but turned out I was crap at programming. Anyway. One day while playing with Pascal at home I discovered a bit of code in the help file that taught you how to write what was input on screen to a file.
So a plan appeared in my head but purely for education use only. I knew I wasn't great, I thought surely it wouldn't actually work. And I'm being honest about using it for education only. I coded what turned out to be a sniffer program. I had noticed so many people in lessons would type Login when on the C drive. So I made my program, called it login.exe and dumped it on the root of C on a few PCs in class. Told a few friends about it but told them NOT to abuse it. We would then collect the assignment.doc later (the file where all logins and passwords were getting stored from my program). Because people had a habit of saving their college work on the drives as well. I never could work out how to make the password appeared starred out on screen though, that was one flaw.
I only remember we used one login that actually worked and was in that persons account. I was amazed. Not knowing enough about network at the time and amazed my program had worked. I do remember to this day for some reason, the password was masterofpuppets. Once in the persons account we never did anything, I insisted we never did anything, I'd just created it to see if it would actually work. And that was it.
Later said idiots I told got caught messing around with animation software and pressing reset on PCs when a lecturer was near (that was banned because it meant if you pressed reset, you were up to something)
Lucky for me I was off sick the infamous week or just couldn't be bothered to go in, I can't remember which. They got pulled up for the animation stuff (they were creating animations being derogatory to the staff) but also I think one of them got caught with the login program. As I told them at the time, if you ever abuse it and get caught, you know nothing about the author. I was lucky they stuck to this code as in their "interviews" they kept quiet. They were told "Whoever created this program is really good. Tell us what you know". I knew that was bullshit, the college hoped they'd boast. It wasn't good code, it was code taken from the Pascal help file. Two got kicked out and the other one was allowed to stay. There was also a big "talk" about it in the hall. It was weird sitting in a hall having a "security talk" about how "serious" it was and knowing it was me and that no one else in the room knew it.
About a year later I found an article in the 2600 magazine talking about very basic encryption for Pascal. So I added that to the sniffer program. So now, if you found the assignment.doc file it looked all scrambled instead of being obvious was it was.
Never did anything with it after that. The talk successfully scared me off doing anything else. I wonder if that's where my interest in IT security came about.