Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Wi-Fi customer "proof of problem"

From: "Greg" <pchandyman () ozemail com au>
Date: Thu, 14 Apr 2005 07:32:47 +1000
Not sure what to call that but that will do in the subject. The idea is that I am attempting to prove to open wi-fi 
prospective customers that their networks are open.

In order to do this, I currently set my wi-fi nic on my laptop to auto assign. Once I get a hit and connect, I open a 
shell in XP and do an Ipconfig /all to get as much detail out of that as I can. This rarely ever impresses the 
prospective customer but it gives me the details I need to start Essential Net Tools and do a net audit. Eventually, 
this gives me share names including the network name. At that point I change my workgroup name on my computer to 
whatever theirs is and reboot then bring it up, let it connect again, then tour their network showing them how, for 
example, I can drop a text file in their startup and tell them that though it is harmless, if I were an honest to God 
blackhat, it could be anything that started next time I started the computer, even a program that installs a VPN direct 
to me at my laptop so I can even be at home over internet doing nasty stuff. If I get this far, I have the person 
knowing they face problems and definitely talking to me about what I can do to fix it.

Unfortunately, by the time I do all this, most don't have a clue types with short attention spans see the time it takes 
me to do that and say that NO-ONE would bother doing all that and that this proves them safe. So, I don't get that 
customer. 

What I am looking for is a program that I can use that will automatically, upon running, attempt to find all their 
network details, change my laptop automatically to that so as to allow me to show them that anyone can do that this 
quickly, do nasty stuff and be away before they even know the blackhat was around.

Is there anything like this about? Thanks for any help.

Greg.

---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security
professionals.  Norwich University is fulfilling this demand with its MS in
Information Security offered online.  Recognized by the NSA as an
academically excellent program, NU offers you the opportunity to earn your
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: