insomaniacal wrote:I don't have much time on my hands, but yes, you'd probably be looking to sniff packets in this case.
Look into ARP poisoning. Basically, you are tricking the other computers on the network into thinking you are the router. They send you the packets, you save them, and then send it on to the actual router, so nothing appears amiss to the other users.
Thanks for the reply,
just wiki'd it, interesting stuff ill have to give it more of a look later, if i ever get around to finishing this lab report im working on
A few follow up questions/ some info i forgot to mention last time. On top of logging on to these public machines users also have the ability to use their own laptop both wirelessly or wired. The difference is when using a laptop the user must
login with their username and password to access the internet. So the batch file exploit lets the user have complete anonymitity.
So with that being said would it be safe to assume that a network like this does have a method for catching network intrusion? Or would spoofing the mac address to the gateway fool even that? Extending on this train of thought, if an intrusion is detected would it be linked to the username/password on the account? or the computer name? (would spoofing the mac address also cover the original identity of the machine?
Although i guess those last two are irrelevant since the account is completely anonymous and i suppose the computer name/ other methods of identification could be changed.
-- Thu Nov 11, 2010 8:51 pm --
So giving this some more thought (this report is never getting done
The network already implements arp routing to force users not on the public computers to login. Would it be possible to redirect users to the compromised computer where a fake webpage (somewhat like a phising page i guess) would record the data, store it (like an excel file userid/psrd) then return a "incorrect username/pswrd" message, then on a subsequent attempt the user would be routed back to the standard login page, or would this be significantly more complicated than just stealing/analysing packets with a program like Wireshark/WinDump? Also distinguishing between admin and standard user accounts is very easy on this network, standard users begin with numbers, admins do not.