Vote for this Blog

Right, I haven’t blogged in a while.

Working at Interexcel has really taken up a lot of my time, and I made a point of not touching the Laptop after work during week nights to ensure that I spend time with the family.

To add to my time away from them I am in Mafeking fairly regularly these past few weeks, and I had the pleasure of spending two days with a colleague and buddy of mine.

While working on-site we hatched a scheme to spoof the office from the site. It needed to be creative, epic and deniable. After a bit of throwing ideas around we hit on the perfect scam.

Spoof a hack of our web server.

Now our web server is hosted at IS, so we needed to make it seem to those in the office that it has been hacked and ALL OF THE HOSTED PAGES DEFACED.

It was actually easier done than I expected, at least.

My colleague (name withheld to protect the geekty) is a networking expert. His solution was simple and elegant. The office runs through a gateway to the internet. This gateway just happens to have apache running, since our proxy server and mail server is controlled via a mail interface.

So an ssh session was set up, and the gateway was instructed to direct all port 80 traffic intended for our web server to go to a spoof page we loaded on apache on the gateway.

Next we needed eyes on site to pull the plug if mass panic set in and things were in danger of getting out of hand. A fellow Linux geek was furnished with a string to reset the gateway to it’s normal setting within seconds, and our accountant was instructed to let us know should things at the office begin falling apart.

Easy as that. When the web developers walked into the office this morning and tried to view pages hosted on our web server they were presented with a yellow-on-black page that simply said “You’ve been pwned!” and some other innate gibberish in 1337 5p33k that was almost impossible to decipher.

The one weakness in our plan prevented it from progressing to full glorious awesome carnage. Our on site personnel pulled the plug on our scheme within ten minutes. The effect was that mass panic did NOT set in as we hoped.

We did get another colleague (the intended target for our scheme since he is the “new guy”) to panic and rush to our senior staff to ask for help.

So there, a quick anecdote. We shall refine this scheme and perfect it. And we shall return. And we, shall, prevail.

Till next time.

Blogged with the Flock Browser

Tags: , , ,

No related posts.