A friend and I were able to phish passwords from nearly the entire school we went to with VB6 - the school (board) used active directory for logins on a shoddy network where some switches would often just drop all traffic to a random port for any length of time, meaning a PC would lose connection to the AD server at random. The kicker was that attempting a login after the connection was dropped greeted you with a "could not connect to //SCHOOL_BOARD//SCHOOL_NAME/PC_NAME" to which the solution was reboot the PC and it would work again (99% of the time, anyways). The other kicker was the background image and login domain were the same for every single computer at a single school. We exploited this; we created a full-screen/un-exitable UI with the same background image behind a form simulating the normal login screen. We would first login to our own account and run the program (there were no login limits either), at which point someone else later through the day would sit down and try to login. The credentials that got typed in were added to a .txt in my own user folder before the user rebooted the "non-functional" system. Of all the dumb shit we did, that's probably the only thing we never got caught doing, and probably because we never did anything nefarious with them.
chrisbuc|2 years ago