I changed the homepage to a webpage which redirected to file://c:/con/con (which for those who don't know caused a windows BSOD at the time).
IT teacher thought it was hilarious, used it as part of the lesson about how computers can be broken into, and told everyone "ok we've seen that, don't do it again".
Another time I remember writing a simple program, probably in qbasic, which captured passwords to a file. It only wrote a the first 4 or so letters to the file - showed what we could do, had a little fun, tricked the teacher into logging in, and then told him "ha ha".
As long as you came up with creative things (not just copying others, which is tedious), which didn't cause too much disruption (no deleting files), and stopped doing it once you proved it could be done, you were fine.
Networked IT was new and exciting then though, to the students and the teachers. A few years earlier and it was all BBC Micros, a few years later and everyone was on the internet and trying to install backorifice, but for a brief moment well meaning harmless (for a teenager) curiosity was rewarded.