First,
imbibe or smoke large amounts of
intoxicants. This will become important when it comes to
deniability later. Then download a nice
packet sniffer like EtherPeek, Ether Pro LAN, or Sniffit. Install and read all
documentation, make sure you know how all options work, most importantly
filtering and
connections. Open
sniffer and filter for something containing the word "
password".
CyberGoat and I used this exact recipe one night with suprising results. A few hours before, CyberGoat had noticed that when checking our web-based email, we were assigned a random system ID. Something like "2324H20488bx10uiD=false". Well, if one were to save that string and paste it into the web browser, preceeded by the nessicary address for the login page, you would get back to the email inbox. So we sniffed the network filtering for the word false in any packets. In less than 30 seconds, about 25 session ID's came up. Very nice, but a session ID is only good until the next time that user logs in. So if we really wanted to read someone's email, we'd have to wait until they logged in. We're impatient. A sad thing about the university we attend is that it specializes in computer science as one of the larger majors, yet session ID is sent plaintext in the packet. CyberGoat and I became suspicious of the network not encrypting anything, so we filtered for "User" and "Password" sure enough, leave the sniffer up for a while and the logins just piled up. After a few toasts to our success, CyberGoat became wary that we were being watched. He decided to telephone DoIT (Department of Information Technology) and inform them of their blatant security hole. It was about 3am, and we got some 18-yr old techie who acted like we had just insulted his lineage. The conversation went something like this:
Useless Techie: Hello, DoIT Tech-Support desk, how may I help you?
CyberGoat: Uhmm... I just discovered an insecurity in the network, and I'd like to report it.
Useless Techie: You what? No, our network is secure. What are you talking about?
Me, to CyberGoat: Hang up now! He's calling the FBI!!
CyberGoat: (punches me in the gut) Anyway, yeah, the session ID and the Username/Password are all sent plaintext across the network.
Techie: And how did you figure this out?
CyberGoat: Well, I was sniffing packets and came-
Techie: OHHH, you're in big trouble now!
CyberGoat: Actually, sniffing has been ruled legal by United States courts.
Me, to CyberGoat: See! They're gonna hunt us down!
Techie: Uhh... right, can I just get your name and dorm room number?
CyberGoat: (Gives out info)
Techie: Okay, you should be expecting a call from a DoIT supervisor. I'm recommending your network privileges be revoked. Hacking is dangerous.
CyberGoat: But I called to tell you about it, I didn't exploit it! I'm a whitehat!
Techie: Whitehat? whatever...
Me, over the sound of whatever CyberGoat was saying: Your mother was a hampster and your father smelt of elderberries! Muah ha ha ha!
Techie: Did you just insult my parents?
CyberGoat: Click. (hangs up phone)
In the end, CyberGoat ended up getting a call from the DoIT department leader who offered him a job and as many intoxicants as a college student could ever want. 2 months later, he still hasn't been appointed the position he was promised, nor have we seen any booze come from computer hacking. The security hole still isn't patched, and we still get dirty looks from the useless techie when we see him around campus.