Chapter 9. Looting and Pillaging: The Enemy Inside
"Witchcraft once started, as we all know, is virtually unstoppable."
—M. A. Bulgakov
It is a tradition that every IT security book has a part devoted to what evil hackers can do once they break into your network. This exists to scare readers and worry them with tales of how hackers can read your e-mails, assume your identity, set up "warez" servers spreading illegal copies of Windows, or—the most horrible thing—know which Web sites you browse at night. We have decided to follow this tradition and include such a chapter, but there is a difference: We actually describe how they do it. From the penetration tester's viewpoint, these attacks make the security audit complete. From the system administrator's viewpoint, they are the best way to convince management and the rest of the IT team that something has to be done about network security before it is too late. Of course, it is not possible to give a complete and detailed description of all shared LAN attacks out there without writing a new "Hacking LANs Exposed" tome. However, providing a plan to launch such attacks in a logical sequence and outlining the main tools needed to perform them is possible and, even more, necessary.
Now you have discovered the closed ESSID, bypassed MAC address filtering, cracked WEP, perhaps circumvented higher-layer defenses such as the deployed VPN, associated your host to the network (maybe as a rogue access point or wireless bridge), picked up or received a sensible IP address, and even found a gateway to the outside network, which could be the Internet. What comes next?