Ever wonder how windows knows you have internet access beyond the local network when you plug into a new network? Each time windows connects to a new network it attempts to download a file from a remote server that Microsoft setup specifically to help windows machines determine if windows has a connection to the internet or not Lets open the registry editor and browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet And take a look at these keys
ActiveWebProbeHost and ActiveWebProbePath when you combine the values you get www.msftncsi.com/ncsi.txt yes it downloads this file
lets go ahead and change these settings to www.domainyoucontrol.com/checkin.php?name=personsnamewhoownscomputer
You would then need to code checkin.php and make it return the following text "Microsoft NCSI" and then log the name value, time, location of the ip the machine checked in from and you have a large scale multi-user software-less tracking system capable of tracking 75,000+ computers from a simple $5.99 web-hosting account.
There is also a dns value in that registry location as well possibly for the ip lookup of the host specified in activewebprobehost or to determine full/partial connectivity(such as hotels/coffee shops before terms acceptance/payment for wifi)
Note1: I will not be coding a proof of concept checkin.php
Note2: The information on the registry location came from another site which I cannot seem to find now.
Ill be fighting to legalize freedom tell the day I die.
Subscribe to:
Posts (Atom)
