Although this wasn't the purpose for what it was intended for, IntallRite could be used in such a way as to gather up info about the computer usage of an individual. As we saw, we could rather easily find out about my web activity during the examination period, and we even got a good glimpse at web sites I visited *earlier*, we saw what documents I worked on, all with full pathname and filename. You can also figure out the full pathname of various applications used by the individual, even if he had tried to conceal its presence (by putting it in an odd-looking folder, for example). You could tell the time I went to bed (look at the time!) or the time the victim would go to lunch (for a normal person :-). Login cookies are marked when you visit the sites (could this be used to crack mail accounts on systems like Hotmail and Yahoo?). Now, imagine that you made a web transaction with your credit card, and the sloppy web site puts your credit card number in a cookie, without you knowing. It is served on a silver plate for the snooper, as all he have to do is to make an install kit to retrieve all this information. What else could be found? You tell me. (NOTE: It is considered bad practice for a web site to leave your credit card number in a cookie, so if you're aware of web sites doing this, don't deal with them. Better yet, blow the whistle on them.)
Who is vulnerable? Well, of course machines that the snooper can have physical access. But also machines that can be exploitable via networking techniques and backdoors in which the snooper can have at least a command prompt on the victim's computer. He could then upload InstallRite and use it via the command line interface to achieve the same result. The snooper could use software other than InstallRite, of course. I think there's a couple of freeware that does similar things as InstallRite. The point is, it can be done.
3. The experiment
Appendice A. The BOFH Way
Table of contents