[knodi123]

Exact same story. I was having way too easy a time in my comp sci class in high school, so I wrote a program that simulated our login screen, saved whatever you typed into the box to a text file in my home dir, gave the "bad username or password" error, and then seamlessly sent you to the real login screen.

After a week, I'd stolen the credentials of everyone in my class and the class after mine. And then, I did... nothing with it, because I was already able to finish the homework in class and had a high grade.

The teacher busted me because I had a file in my home dir called stolen_passwords.txt. But instead of punishing me, he made me help him patch all the security flaws I'd exploited. It inspired my decision to go to college for comp sci. Best high school teacher ever. (a few years later, I had graduated with a comp sci degree. and he was trying to recruit me into selling amway. oh well.)

[comice]

lol I did exactly this at school too. My first version wrote the passwords to local disk and whenever I logged in anywhere myself my login script would gather them up. Til I realised I could leave myself logged in and write to my home dir.

I love how this same vulnerability was discovered independently and exploited by students all around the world!