Notes of a Computer Scientist

Mischief

Fun fact which I haven't told you before but the title did: I am a computer scientist. And because of that I have adapted my ways to become efficient on the given task. I'm self-taught (started at 13 years old) because I got bored playing video games.

In my social circle, no one has the same skill as mine. Therefore, I also get to feel really lonely.

Annually, our school website posts our sections. But for a person to get their section, they have to enter their student number or fill up a form completely with the name and even the birthday accurately. I noticed a pattern with the url and the student numbers. (Our school has at most a population of 10,000 students). The student number is a 9-digit number of which the first 4 digits indicate the school years since 2000 that you enrolled for the seventh grade. I enrolled for the seventh grade back the school year 2016-2017. My first 4-digits is 1617. The next five digits seems to have been from an incremental counter. Mine is 00183 and I checked 00184 and 00182, and tested more different digits and got a positive result. The url just uses the student number at the end.

With that (and my OS is Linux) I wrote a bash script to generate all the urls with thousands of student numbers. Then a simple wget did the job. After that a python script to parse all the html files into a csv file. Each html file contained the name, section, learner reference number, and even birthday.

I turned that csv file to a pdf file then to an image and posted it on Facebook. Of course some of my classmates saw it and others too, it reached the student council and I got contacted by the oh-so-worthy-not-because-she-just-looks-beautiful-physically president 😏

She just bluntly said that I remove it. Charms like that don't work on me spoiled president with nothing better to have than her face. Anyways, I removed it. They also threatened me which was annoying because that vulnerability was their own fault. It's like, "Hey I'm stupid and because you won against me, it is your fault." Which doesn't make sense.

I then also got contacted by some older person who said that I can be taught to do those web security stuff. It led me to meet the school programmer, the one who works for the school and builds software to make teachers' lives a bit easier. The school programmer also integrated ReCAPTCHA on the school website and changed the urls to random gibberish so as to prevent the incident from happening again.

Another stunt I did was the school voting. We live in a democratic country and our school makes us vote among the candidates for the next student council. I messed with that one. I read the source code of the voting system they were using which was just on Github and was made by a senior who doesn't go to our school anymore. The code had too much vulnerabilities and with that I decided to write a script while voting to vote the person I want a lot of times. If the computers were centralized it would mess the whole count but it was not so I just messed up with one computer.

Later on, that led to the next school voting to be done by hand (stupid old people who think they know better). They could've simply paid me to make a voting system but I guess they're cheap. Some of my classmates are part of the council handling the elections and the forms are too bad. The print is too low-quality to save ink and you can't even read anything without squinting. The paper is sort of trashy too.

As you can see I am really quite a troublemaker if I try.