Page 41 - index
P. 41
expected, and asked if I could have some time setting up. They told me it would be fine to which
they offered me a personal office as well as a drink and that’s when I went to work.
Plugging into their network, I was able to run Armitage and started a scan. While that was
running, I booted up my router, and added an antenna to give the router a chance to talk to
wireless devices outside of the network before they connected to the real network. I connected
to their wifi, there was no password for their wifi, as only their clients are the ones that connect
wirelessly (and a few employees breaking the rules). I was able to set up my router and start
catching information because there was no protection. It was a slow day so there was not much
to catch. I figured I could just drop my car off into the parking with my router for a week and let it
capture all traffic coming in, but after meeting the criteria I stopped.
Due to the nature of the contract made, I was not able to record what private information I
gathered, as I’m a college student who didn’t need the bank account information of their cliental.
I was there to plug in the holes of the dam, not see what made them. I tested their website using
their email address (as a username, I didn’t know what else to do but knew emails are common
usernames to logon pages.) and a made up password to see if it was vulnerable to the SSL
strip, which it was but more important, they didn’t have SSL security for their logon page.
Because of this SSL strip was unnecessary and I was able to catch the password and user
name in clear text anyways. My scan using Armitage showed me several programs not updated,
and gave me a list of exploits I could use at the click of the button; however I just had Armitage
run me a vulnerability report instead. After making the report, I thanked them for the water and
left. Without my real contact information, and having walked there, there was not a way they
could trace back to me. I had fulfilled my mission, 1. Get direct access to their switch, 2. Find
vulnerabilities, 3. Verify the ability to open back doors for secure access and 4. Leave without a
trace.
About a half an hour later I explained to the owner what I had done, and suggestions on how he
and his employees could guard themselves better in the future. “They were just being nice” he
told me, I responded back “They were being too nice” they 1. Trusted someone that they didn’t
know, 2. Gave that untrusted person an office to work in, and 3. Left me unattended. The owner
said that they thought it was suspicious I was plugging into the wall with my Ethernet cable, to
which I responded “That is very suspicious, I’m very glad they didn’t stop me.”
However, I wasn’t done. I then crafted the following email to all the employees:
There has been an update to the policy on Holiday pay. Sorry for the inconvenience but lot's of
people have been abusing it lately. --- Owner of Company
Phone number to local pizza place
Please login here to review the policy.
www.thecompaniesnamecom/login.php
41 Cyber Warnings E-Magazine – May 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
