I have a plan that I would like to carry out to demonstrate to employees the possible hazards of browsing the Internet on company computers. I would like to conduct a security meeting with those that handle sensitive information. During this meeting, I would ask each participant to provide me with a 5 digit number, which I would place in a text file. Once everyone had submitted thier numbers, I would save the file containing their numbers. Meanwhile, I would have created a bogus web site on our internal network… and here comes the tricky part… have placed a script that would run that would copy the txt file to my assistant in another room. He would arrive with everyones numbers.
I could probably “fake” this by having my assistant use the admin share and retrieve the file in that manner, and even if a few catch on, I think those that do would deem it justifiable.
Nonetheless, has anyone ever attempt such as this? How did you do it? Could I embed such a script?
Thanks!