The Bank Job: Part 2
After planting the call home box, which is a dumbed-down way of saying an IP over DNS with an overlayed tinc VPN that we made bespoke for this client because they claimed everything was locked down and we needed a backup, which became our primary because why not? We contemplated poking a NAT hole in the network, and we could make a higher quality tunnel, but this worked for what we needed, which was a latency-tolerant call home that asked for a package to run, which started the high latency error prone (yes, we eventually used par2) delivery of instructions.
Device planted, the network being mapped, and I out the back door like an unstoppable ox; I made it back to the truck, and we started off to site two. After a few miles, I pulled over and laughed hysterically at the scenario that had just played out. I could've played it cool for my compatriot, but this job is too fun to not enjoy.
The second site had the same layout as the first one, but they had construction going on, so I tossed on a vest hard hat, and walked through the front door, was buzzed through w/o a second glance, and the data closet was precisely where it was supposed to be. This time I asked politely for the door to be opened “because we're running cables,” and I was given the lock code because they were heading out to lunch and I may need to get back in. Wait... roll that back... “I may need to get back in?” Oh no. Oh Yes! Yes, the back door was the same PIN and the same at the third location.
At this point, I let down my guard a bit but kept focused on the task at hand, “plant a device and get out,” with a secondary of “get whatever information you can on your way to and out.” Unfortunately, the bank manager for the third site didn't recall any construction, and I should've just used my sport blazer and vest.
This complicated things for the fourth site.
Continued in Part 3