| We still found ways to have fun. The Chromebook model issued to students at my middle school powered off when a magnet was placed over the top right corner. After this was first discovered, it because common practice to carry a small magnet around and turn off people's machines when they weren't looking. If you wanted to be subtle, you could use the corner of another Chromebook to pull off the same trick. Chromebooks use (G)-mail sign-in, and the school generated us all accounts that had the format e-mail: <firstinitial><lastname><student ID sans the first digit>@schoolname.com password: <initials><full studentID> I figured this out a few weeks in, and we had great fun logging into each other's account and sending ourselves incriminating e-mails. Admin figured out after a while and for all successive school years we had random phrases. All machines had a remote-viewing/tab managing utility installed so that teachers could surveil us as we did our work. Many ``bypasses" came and went over the years, by my favorite was simply abusing Chrome's ability to play flash .swfs and disconnecting from the internet. Once that got out teachers often forced me to sit next to/facing them as I worked. Another was that only ``real tabs" showed up on the admin viewer -- `New Tab's and similar Chrome-isms would just be a blank screen. You could abuse this by opening Inspect Element on a new tab and writing in an iframe for the website of your choice. Web filters were often bypassed using interactive browser compatibility testers like Browserstack and Browserling[0]. Not terribly interesting, but it worked just fine for our purposes. Later, in high school, I wrote a script that autoran on a single machine's local storage no matter who logged on, copying itself to the shared storage. Next, when that user logged on to a different machine, it copied itself back to local. It didn't do anything flashy or obvious, so by the time I graduated, I had a calling card on maybe 75% of the machines in the school. I also aggressively portscanned the whole district, and found some IP cams and Cisco phones that had open (And seemingly unpatched) RCE CVEs. I never got around to doing anything with them, and my only regret is that I didn't pass the knowledge along to someone else before graduating. [0] https://www.browserling.com/browse/win/7/firefox/104/http%3A... |