|
|
| Line 1: |
Line 1: |
| [[Image:143p 0c 1b.jpg|right|250px]]
| | Ant // is the best SE. |
| <h1><b>Social Engineering : A Beginners Guide</b></h1>
| |
| | |
| social engineering is when i own u noobs so add me on msn pls g@stoned.com
| |
| | |
| jhh
| |
| | |
| =Exercises=
| |
| The following exercises make use of a phone or an internet connection, although if you are reading this
| |
| now, chances are you have an internet connection. When mentioning exercises in the context of this
| |
| write-up, I will call them “hacks” because essentially you are simply hacking the mind.
| |
| | |
| ==Exercise 1: The “AOL” Hack==
| |
| This hack is an all time favorite of mine although I'm pretty biased with this opinion since it was the
| |
| first hack I ever did. Essentially you call up AOL (or any company for that matter) Customer Service,
| |
| tell them about a fictional problem you have, and try to keep them on the line fixing your “problem” as
| |
| long as possible. For this hack make sure to have thought of your “problem” before calling AOL, this
| |
| will build the foundation for the AOL 2.0 hack which you will read about later. For this hack you don't
| |
| need to write down the names of any employees you come across just try to stay talking to someone (or
| |
| on hold) for as long as possible. Below is an example conversation I had with AOL one day.
| |
| | |
| '''AOL:''' Hello this is AOL customer service, Michelle speaking, how can I help you?<br>
| |
| '''Sintakz:''' Yes hello, this is George(fictional name) and I seem to be having problems browsing the
| |
| interwide web (trying to sound pretty technologically challanged).<br>
| |
| '''A:''' You mean the Internet?<br>
| |
| '''S:''' Yes that thing.<br>
| |
| '''A:''' Please wait while we transfer you to our internet troubleshooting department George.<br>
| |
| '''S:''' Alright.<br>
| |
| ''[Note: So far I know that in the most bottom of the AOL hierarchy is Michelle who answers the phone
| |
| and redirects people to whichever department would better help the caller. Also I played the “stupid”
| |
| guy because that way I can say stupid things and have the rep spend more and more time on the line
| |
| with me.]''<br>
| |
| -some time later-<br>
| |
| '''A:''' Hello, this is Gary<br>
| |
| '''S:''' Hello Gary, my name is George and I seem to be having problems browsing the interwide web.<br>
| |
| '''A:''' Interwide web? You mean the Internet?<br>
| |
| '''S:''' Yeah, that thing.<br>
| |
| '''A:''' Well what is the problem you seem to be having?<br>
| |
| ''[Note: I had told myself to do something outrageous this time around]''<br>
| |
| '''S:''' Well no matter which website I type into the little box thingy(url bar) I always get sent to a bestiality
| |
| site.<br>
| |
| '''A:''' What do you mean by bestiality?<br>
| |
| '''S:''' Like young women having sex with farm animals and dogs.<br>
| |
| '''A:''' Oh my... sir I don't think I've ever encountered a problem like this, let me transfer you to the senior
| |
| rep for our department.<br>
| |
| Ok, I'll stop the example there. So far I've gotten two names from the company and had been on the
| |
| line a total of 15 minutes, not too shabby. Notice one thing though, because I acted stupid I got a stupid
| |
| rep. Had I told Michelle, “My client seems to be unable to resolve DNS's correctly and keeps
| |
| redirecting me to bestiality sites.” I'd still get Gary because Michelle doesn't know any better. Once I
| |
| got to Gary, if I told him, “I'm having DNS resolution problems” I would have still gotten to the
| |
| “senior rep” BUT I would have one less lie to remember. This is because I have still not explicitly
| |
| stated my problem and if I were doing this without a script written beforehand, it would give me less
| |
| time to think of a lie. By playing stupid I had a lot more time to think of a lie. That bring us to our next
| |
| exercise.<br>
| |
| | |
| ==Exercise 2: The “AOL 2.0” Hack==
| |
| This hack is exactly like the last except that you call without a prepared problem or script already at
| |
| hand. Once the first person picks up you have to either think of a problem on the spot or work your way
| |
| up the ladder while thinking of your problem. With this exercise make sure to write down the names of
| |
| people you encounter and “where” in the company they stand. The example text from Exercise 1 would
| |
| do here as well.
| |
| | |
| ==Exercise 3: The “Family Member” Hack==
| |
| This is always a fun hack. Take that list of names from Exercise 2 and pick one of the higher ups. Call
| |
| up AOL Customer Support and tell the first person who answers that you are the
| |
| brother/sister/dad/mom/cousin/gay lover/girlfriend/boyfriend whatever of ''{Insert Name Here}'' in the
| |
| ''{Insert Name Of Department Here}'' department. Hopefully the person who answered will transfer you.
| |
| Here is where the fun comes, once your significant other in whatever department answers act as if you
| |
| reached them through the normal means of “Please hold while we transfer you,” and act as if you have
| |
| a problem (think about it ON THE SPOT) and see how long you can keep them on the line.
| |
| The following hacks can be done essentially anywhere.
| |
| | |
| ==Exercise 4: The “Lost Contact” Hack==
| |
| This one came to me one day while watching a woman search frantically for her contact lens. The
| |
| premise is simply, play the lost, confused, sad person who just wants to find their contact lens and try
| |
| to enlist people to help you. See how many people and/or how long you can get the people to help you
| |
| look for your lost contact lens before you sigh and proclaim, “I'm sorry for wasting your time, we can't
| |
| find it and I guess I'll just have to go back and buy a new pair.” This exercise can be done with any
| |
| easily misplaced item in any area at all. Losing your shopping bag in the food court at the mall,
| |
| forgetting your cellphone in a coffee shop, losing your mind, etc.
| |
| | |
| ==Exercise 5: The “Friendship” Hack==
| |
| I've only done this a handful of times but it was fun to do none the less. Go to a moderately crowded
| |
| area and at random choose a person (or group if you are up for the challenge) and try to establish a
| |
| conversation with them. Here is the fun part, you have to make yourself seem as good a potential friend
| |
| as possible. This tests all the random things you pick up everyday and all the research you should be
| |
| doing on different types of people. Say you unknowingly pick a metal-head. Would you be able to hold
| |
| your own while talking about favorite bands or how much old school metal and Nu Metal are? This
| |
| hack will teach you to learn a little about everything as possible so that you can become any person at a
| |
| moments notice. Of all the hacks, this is the most valuable hack to master which is why it is the last one
| |
| you should attempt.
| |
| | |
| =Conclusion=
| |
| This is a beginners introduction to social engineering, and as such, things have been left out. After
| |
| “wetting” your feet with these techniques and hacks you can create your own exercises and develop
| |
| your own style of “people hacking”. This is in no way the only way to social engineer but I believe it is
| |
| the best way to teach the basics although others may disagree. Knowing how to Social Engineer helps | |
| to teach you how not to fall for social engineering attempts. In the case of Dade Murphy and the
| |
| Television Network security guard, there should have been some rule stating that certain information
| |
| not be disclosed which would have put a big boulder in the path of Dade Murphy hacking the network.
| |
| Now that you know the basics, it is time to delve deeper into the practice and learn as much as you can.
| |
| See ya in space, cowboy.
| |
| | |
| | |
| | |
| ==External Links & PDF Mirror==
| |
| * [http://anonym.to/?http://www.uploadjockey.com/download/3771374/Kevin_Mitnick_The_Art_Of_Deception.pdf Upload Jockey] <-- '''Update: All Links updated with new ones.'''
| |
| * [http://tinyurl.com/28uwmdr Kevin Mitnick Art of Deception] <-- has examples and techniques. '''Update: Re-uploaded via Google Docs.'''
| |
| <!--
| |
| If Sharebee ever becomes unaccessible, the links are below.
| |
| *http://anonym.to/?http://rapidshare.com/files/414804317/Kevin_Mitnick_The_Art_Of_Deception_Includes_Chapter_1_Banned_Ed.pdf
| |
| *http://anonym.to/?http://www.badongo.com/file/23955690
| |
| *http://anonym.to/http://www.megaupload.com/?d=09TAU3HR
| |
| *http://www.zshare.net/download/79663752aba7ebb4/
| |
| -->
| |
| [[category:Tutorials]]
| |
