It was back in 1996. After playing around with the high-school network, a friend and I found software to administer students and grades. It was called Leraren agenda 8.1 (Dutch name). After bringing some floppies to school, it was time to experiment with it at home. After looking at all the files, it wasn't clear where the configuration was stored. I couldn't open the software, because it required a password.
Oh well... I started testing individual files. Move one to another directory and start the software again to see what's happening. And there it was. After moving the "LA.INS" the software told me it was a new installation and asked if I wanted to set an admin password. I did. After copying the settings file I changed the password. And there it was... The file ended with a block of ASCII 0x01 characters and just before that there was a difference in both files.
The password was stored encrypted. Luckily I had the original password. The length was the same (good thing for me!). The difference between each encrypted character and the original was 128. After some more experiments it turned out that the character before the encrypted password told the software the length of the password. Of course caesar encryption isn't strong enough to fool curious 15-year old boys, but back than nobody thought of that.
After writing the password cracker (Turbo Pascal was the language for me back then) it was easy to retrieve the password used at school. The next step was to write a program to change the grades, although it worked fine, I never used that one on the school network.
A few years later I lost the source code, because my hard-drive crashed. Unfortunate! I still got the compiled version, though.