|
|
|
|
|
|
by sdmike1
2036 days ago
|
|
|
I love fun hacks like this! Back in college, a group of students and I spent far too much time in some lab space that was on a separate LAN from the rest of the school network (Lab-LAN<->Lab-Router<->Campus-Router<->Internet which meant it bypassed the campus firewall which was nice). One of the regulars wrote a little chat client that abused ARP in some really creative ways to give us effectively an IRC type chat. Specifically it took advantage the Hardware Address Length field and embedded the message in the Sender Hardware Address field. I can't recall why we didn't just embedded the message in a raw ethernet frame with its dest address set to broadcast... However, there was quite a lot of fun had with what was really a pretty simple hack! For instance, there was the time we had a stack based buffer overflow which, after some work, one of the gals managed to get RCE with (we had basic stack protection and DEP, but she bypassed it with a ROP chain), which rapidly lead to shenanigans. There was the time some freshmen used it on the normal campus LAN and somehow triggered the shit out of the monitoring IT had in place. Lots of fun, I'll have to see if I can't dig up the source code for it haha |
|
|