Netbus was everywhere. I would just scan random subnets and find open servers. I had one file bundled with a subseven server that somehow got passed around extensively to the point that I was constantly getting ICQ notifications of people being online that I had no idea who they were.

One of my favorite tools though was the Munga Bunga HTTP brute forcer. Uncovered tons of awesome hidden parts of websites.

Also the trick where you could specify a domaing like https://[email protected] or whatever and people would think it was some legitimate Hotmail thing and dump in their credentials.