I, Hacker: Chapter 2, Part 2: “Shell Games”

 The first door I found wasn’t locked. That’s what surprised me.

I was poking around my home directory, getting familiar with the shell commands — ls, cd, grep, the usual — when I discovered a script buried in one of the shared folders for the computer science department. It was called grade_report.sh. No password. No encryption. Just sitting there in a directory labeled /usr/local/share/scripts. The script pulled data from a CSV and generated formatted grade reports for the entire CS101 class. Instructor comments included.

I stared at it for a long minute. Not because I cared about the grades — I wasn’t even in that class — but because it was like someone had left a loaded revolver on a park bench and just walked away.
That was the moment I realized something fundamental:  The real system didn’t trust itself.

There was no security training back then. No firewalls. No intrusion detection. The campus sysadmins were graduate students who barely understood the systems they were running. Most of them were just happy if the printers worked. But I paid attention. I watched. I noticed that student login IDs followed a predictable pattern: first initial + last name + year. Mine was dsmith82. The system didn’t force password changes. It didn’t limit login attempts. It didn’t even mask password input — it just asked politely:

> PASSWORD:

I tried logging into a dormant student account — mjones81. I guessed the password.

 password.
 Access granted.
 
Just like that, I was someone else.

From there, it wasn’t hard to map the userbase. I built a crude script that pinged every possible ID in a given range and logged whether the login succeeded. I didn’t use brute force — that was noisy. I used logic.

I knew dorm floors, class rosters, lab schedules. If someone didn’t log in for more than a week, odds were good they weren’t paying attention.

I avoided anything that would generate noise in the logs. Never edited files. Never deleted anything. I just read. I wanted to see the skeleton beneath the skin.
I started finding breadcrumbs.

.bash_history files showing recent commands — some of them typed by faculty. Configuration scripts with commented-out admin tools. A text file in one user’s directory labeled staff_memo_draft.txt, which included a line about “budget reallocations due to misuse of lab time.” (That one made me laugh.)

I made copies of everything I found and stored them on an encrypted partition of my own account — not standard encryption, of course. I wrote my own XOR-based scrambling tool in C. Weak by today’s standards, but good enough back then. I called the tool “Whisper.”

The breakthrough came when I found a misconfigured cron job. It was a script that ran every Sunday night to clean temp files in a shared folder. But whoever wrote it forgot to use absolute paths — which meant it relied on the PATH variable to find executables. And the PATH variable included /home/shared/bin/ — a folder I had write access to. So I tested a theory.

I created a dummy script called rm.sh and placed it in that folder. Instead of deleting files, it just logged the action to a hidden file and exited silently. Then I waited.

Sunday night, 11:59 PM:  The system executed my fake rm.sh script, as root.

I didn’t get a shell — not yet — but I got something almost better: proof. They’d run my code. Blindly. With full privileges. All I had to do now was ask for more. By the end of my first semester, I had:

A growing archive of system documentation and internal memos.

Access to multiple student and faculty accounts.

An entire folder of tools I’d written myself — some crude, some elegant, all effective.

A map of the entire file system, including admin directories I wasn’t supposed to see.

And a creeping sense of detachment from the real world.

I stopped going to class. Stopped returning calls from home. My roommate dropped out sometime around midterms and I barely noticed. The system was more real to me than anything outside. And the more I understood it, the more I realized how little anyone else did.