My local community college has hundreds of computers with no lockdown on the BIOS. Not only do they not have BIOS passwords, they also have a network bootable image with no root password. I've already brought this to their attention, via a phone call, but I'm not sure they're going to do anything about it. I go back tomorrow, and I want to see if they have fixed the problem or not. If they haven't I want to do something to show them it's a major (I feel like it's a major problem, but I've only just started in the world of pen testing) problem. I'm aware I could just wipe the drives and leave it, but that's damaging and I don't want to get in any legal trouble. What should I do?