April Fools

[Woodstriker]

Hey all,

I'm looking to play a little prank on everyone at my work on April 1st. I would like to set it up so that any page they visit will gradually become cornified. I don't know how to set it up but I have access to everything on the network. This is just an idea and I have no idea if it would work or how to make it work but maybe it will spark some discussion. I was thinking I could make it so all web page requests get redirected to a page I set up which could nest their request inside. Then have that page run a script to cornify every minute or so. Is that possible or do I not know what I'm talking about?

Wood

[Sparda]

You'll lose your job.

[dr0p]

You can use ettercap + a custom filter to inject the cornify code into any page so that it automatically loads. However please note that this is technically illegal since you don't have permission to do this on your network and it could result in you losing your job.

[shonen]

I admit that would be funny however your ass could get dragged over the fire for this one.

But hey its your job so what do I care, GO FOR IT!!!

[messsy]

LMAO it aint your job, you'ld be a little gutted if he replys back saying he took your insperation to do it and he lost his job haha,,

ild laugh through the summer lol jj

[lopez1364]

Yeah this would definitely be against company policies. This post must be a joke because anyone with common sense and that works in IT knows that this would be stupid.

[shonen]

gutted me? I highly doubt that, due to previous dating women experience I am immune to guilt trips. XD

*Wait.... whats that lil horned man on my shoulders? Oh ok cool I will ask.* Hey Woodstriker if you go ahead do you mind taking a screen dump and upload the images?

[Razor512]

it's only illegal if you get caught but in this economy do you want to risk it

[Woodstriker]

I'm not going to do it all day, just for about a minute or so during the day some time. It's a pretty laid back environment so I doubt they will get mad. I'm half in charge of the network which is why I have access to everything.

[shonen]

Well even if your boss is pretty laid back, it doesn't hurt to run it by him and get it in writing.

With the legal bullshit out the way with it's full steam ahead! XD

[Destro]

This is a great idea! If you get your bosses permission I would take like 5 pictures from the website, enlarge them, and have them cycle through. So, every time someone reloads their page or goes to another website they will get another one. Just an idea. Great idea, hope to hear results!

cheers,

Destro

[Woodstriker]

Well people aren't really supposed to be surfing the web unless it relates directly to work, which is usually not the case. I'm still going to run it by them, but I have a feeling they will like my idea. I just don't know how to go about doing it . The Ettercap method sounds quick but I've never used that before.

[shonen]

Ok this maybe some half assed information and I personally have not used ethercap. However I did take a read of this tutorial some time ago and found it useful.

http://openmaniak.com/ettercap.php

I would suggest you do the same, that way you can come back and ask more specific questions so that the others who are more 1337er than myself can point you in the right direction.

It may pay to set it up in a mini lab at home and trial it prior to doing it in a live production enviroment.

As for the filter to inject the cornified code, hopefully dr0p will explain it in a little more detail if you ask really politly. XD

Anyways hope this is some what helpful, sorry I cant be of more assistance.

[Woodstriker]

Awesome, thanks for the link man. I have the script I want to run and now I just have to figure out how to inject it! I think I'll try this on an unsuspecting friend first

[DingleBerries]

http://www.ex-parrot.com/~pete/upside-down-ternet.html

just dont flip everything upside down or if you have a wireless network airpwn.

[shonen]

lol Airpwn, I have always wanted to have a crack at doing that, maybe come this lot of school holidays if I don't cop a shit load of work.

Hey seeing as we are talking ARPing on a company network it got me thinking. Any respectable network would implament VLAN's to logically sub divided its deparments into groups. So Lets say we have this scenario VLAN 1 Sales, VLAN 2 Accounting. Sales and Accounting are not setup to communicate with one another only within their own VLAN/colision domain.

Now lets say someone is ARPing on sales VLAN 1 as far as I can gather the malicious attacker will only be able to affect users on Sales and not in Accounting.

Question:

1: Is the above assumption about the VLAN the attacker can affect correct.

2: If question 1 is correct would this affect our friedly Prankster Admin in this post?

Sorry if this is a bit of a stupid question (still a networking n00b) but I was curious as to how VLAN's would affect the above. eg would he need to configure anything? I would assume he would be setup to be a member of all VLAN's.

[Woodstriker]

Correct me if I'm wrong, but I believe if you are on a VLAN that can communicate with all other VLANs or if you're on a VLAN trunk you would be able to see all traffic. If you're on a VLAN that cannot communicate with any other VLANs then you would have an issue. Either way, I'm only affecting one VLAN on my network so it's not a problem for me.

[Woodstriker]

Sorry for the double post but I have a question about the ettercap filter. I got the custom filter working but it only works on some pages. It seems that any time it goes to load an ad I get the following error in ettercap:

SEND L3 ERROR: 1514 byte packet (0800:06)

Right now I have it replacing the </body> with a </body> along with the script before it. Is using the </body> tag a bad idea or is there a way to avoid touching advertisement packets?

[shonen]

Ah I see, awesome.

Thanks for clearning that one up for me woodstriker.

[ADM1NX]

Provided that you get permission, I wouldn't do this to all websites, but just the ones that they shouldn't be on, such as facebook, twitter, myspace, etc. I would get fucking pissed if I was trying to work, and all the sites I was using for work was switched over to something else.

[shonen]

Adm1nx Thats a really simple but good idea, I agree for the april fools prank once you have permission you should do it to all non-work related websites for the whole working day.

or a mass rickroll could be fun. XD

[ADM1NX]

or a mass cakeroll

http://www.youtube.com/watch?v=61Qv_8cFFbQ

[DannyF]

I admit that would be funny however your ass could get dragged over the fire for this one.

But hey its your job so what do I care, GO FOR IT!!!

I agree. this would be REALLY funny, but you will most likely/definitely loose your job.