Table of contents:
Welcome to my tutorial on how to compromise a system.
When it comes to compromising a whole system people become scared and don´t even try. Well I saw this video which is a presentation by Frank Solinske and I thought I will cut it down, restructure it and translate it into english language for you guys. Here you go:
1. Where do I attack?
The most natural thing is to attack the weakest spot. It happens everywhere. If a bully at school wants to show off he beats up a small guy because it´s easier to beat up someone who doesn´t fight back (obviously).
Now where is the weakest spot in a system that has (probably) very expensive security technologies?
It´s the human.
You may wonder “why is the human a vulnerable spot?”
This becomes clear when you look at the fact that people are always trying to help. Whenever something bad happens, people are always happy to help out. This happened to me 2 or 3 years ago: I bumbed into a car while riding my bike and I didn´t even knew what happened when the first helpers allready arrived at where I lay. Those people were helping me up, asking about how I feel, etc., etc., even though they didn´t knew me. It´s this will to help that a social engineer makes use of.
2. How do I attack now?
There are a lots of ways how a social enineer can compromise a system but first of all you need to gather information on your target.
How do I gather information?
The simplest way on gathering information is to google-search the company you are trying to compromise. You´ll get more information than you think.
If that is not enough just go over to the company and have a lunch in the cafeteria. While you are there, allready try to befriend with some of the employees, remember names (will be used later on) and try to locate as many exits as possible in case you screw up (which shouldn´t happen if you did good research) and need to get out of the building immediately. If possible try to find out what OS and antivir program the company is using. This information will help you later on. Another way of gathering information is dumpster diving. It may be disgusting but you will find information here:
3. Ok I got enough information, what now?
Your aim is to not attract any attention at all when you visit the company again. Your aim is to do what everyone else does. Find out when most people go to work and visit the place at that exact time. To not attract any attention you should not stand around, ask for the way, or run around to search the right room. You need to know where to go!
4. What forms of compromising are there?
You could easily steal information by stealing a harddrive.
Sounds stupid? It isn´t! You bring the harddrive back to your home and have enough time to secure any data on it.
But how to steal a harddrive? By stealing the whole PC of course!
You are kidding me right? No. Here is how you do it: get a repairman outfit and walk into an empty office. Go to a PC and put an “out of order” sign on it. Take the PC and walk out of the building. Most likely no one wil ask questions since you are a repairman but if someone feels like asking you who you are you just show him a fake ID.
That´s an awesome idea right there but the offices are locked and I can´t get in. What can I do? Well you could learn pick locking or you could just ask a cleaner, janitor to open the door for you.
Why would he do this? Look at 1. again. The human is always the weakest part in a system. You just need to make him believe that you HAVE to be in there right now. Talk about the server and about what you have to do there. Since it´s only cleaning personel they won´t ask but they will believe that you have something important to do and they will let you in. Also, you are of more importance as a simple cleaner so most of the time they won´t question your actions.
Sounds good now but aren´t there any other ways of getting into the system? Of course there are. Just ask an employee. Act as an employee yourself (get the appropriate dress) and make up a story why you can´t log in with your username. Tell him you have a bug or something like this and tell him the boss said this and that, etc. .
Another good way is to find a very shy person and tell the guy you need this and that data but you can´t access it because of blabla. Now tell him the boss will be proud of him if he helps with this matter. This is like a button you push on that person because he senses his chance to please his boss.
Yet another way that might work very well is to tell the person that you are getting into trouble if you don´t do blabla. Looking at 1. again we notice that the person will now probably feel bad for you because this is human and he will try to help you as good as he can.
What you could also do is “reverse social engineering”. You walk into the company, pull out the plug from the server and walk into an office as a repairman, ask if there server went down, too and “help” them by restarting the server. Leave your number and tell them to call again if something happens. A few days later you will do the same and you just ask for the password because you need this in order to revive the system because a major bug appeared or something similar.
The last thing I will talk about here is to cause panic. Just turn on the fire alarm call the company intern support and act very panicked. Tell them “I need to rescue some uber important data!!11″. They won´t hesitate to tell your username/password to log in since a human life is in danger and they´ll probably have a lot of problems if they refuse to give you access in such a situation.
5. How can I attack via telephone?
Get a voice changer to speak with a female voice and call the support. They will tell you anything since they can´t really proof whether you are allowed to have access to these thing or not. Try to act like a noob so they think you are no risk at all.
Another way is to go to the company´s website and check if you find any partners. You could also use the information on their antivirus program here which you gathered at 2. . You now call the company and tell them you are from “insert partner or antivirus name here” and that you have a newer version of your product. Ask them if they allready have this update and send it to them. Your “update” is a keylogger/RAT of course.
6. What should I remember?
Main source: this video by Frank Solinske
- Introduction
- Where to attack
- Gathering information
- What now?
- Forms of compromising
- Attack via telephone
- Summary
- Credits
Welcome to my tutorial on how to compromise a system.
When it comes to compromising a whole system people become scared and don´t even try. Well I saw this video which is a presentation by Frank Solinske and I thought I will cut it down, restructure it and translate it into english language for you guys. Here you go:
1. Where do I attack?
The most natural thing is to attack the weakest spot. It happens everywhere. If a bully at school wants to show off he beats up a small guy because it´s easier to beat up someone who doesn´t fight back (obviously).
Now where is the weakest spot in a system that has (probably) very expensive security technologies?
It´s the human.
You may wonder “why is the human a vulnerable spot?”
This becomes clear when you look at the fact that people are always trying to help. Whenever something bad happens, people are always happy to help out. This happened to me 2 or 3 years ago: I bumbed into a car while riding my bike and I didn´t even knew what happened when the first helpers allready arrived at where I lay. Those people were helping me up, asking about how I feel, etc., etc., even though they didn´t knew me. It´s this will to help that a social engineer makes use of.
2. How do I attack now?
There are a lots of ways how a social enineer can compromise a system but first of all you need to gather information on your target.
How do I gather information?
The simplest way on gathering information is to google-search the company you are trying to compromise. You´ll get more information than you think.
If that is not enough just go over to the company and have a lunch in the cafeteria. While you are there, allready try to befriend with some of the employees, remember names (will be used later on) and try to locate as many exits as possible in case you screw up (which shouldn´t happen if you did good research) and need to get out of the building immediately. If possible try to find out what OS and antivir program the company is using. This information will help you later on. Another way of gathering information is dumpster diving. It may be disgusting but you will find information here:
- on old harddrives
- on unsuccessful prints which were thrown away
- and a lot more
3. Ok I got enough information, what now?
Your aim is to not attract any attention at all when you visit the company again. Your aim is to do what everyone else does. Find out when most people go to work and visit the place at that exact time. To not attract any attention you should not stand around, ask for the way, or run around to search the right room. You need to know where to go!
4. What forms of compromising are there?
You could easily steal information by stealing a harddrive.
Sounds stupid? It isn´t! You bring the harddrive back to your home and have enough time to secure any data on it.
But how to steal a harddrive? By stealing the whole PC of course!
You are kidding me right? No. Here is how you do it: get a repairman outfit and walk into an empty office. Go to a PC and put an “out of order” sign on it. Take the PC and walk out of the building. Most likely no one wil ask questions since you are a repairman but if someone feels like asking you who you are you just show him a fake ID.
That´s an awesome idea right there but the offices are locked and I can´t get in. What can I do? Well you could learn pick locking or you could just ask a cleaner, janitor to open the door for you.
Why would he do this? Look at 1. again. The human is always the weakest part in a system. You just need to make him believe that you HAVE to be in there right now. Talk about the server and about what you have to do there. Since it´s only cleaning personel they won´t ask but they will believe that you have something important to do and they will let you in. Also, you are of more importance as a simple cleaner so most of the time they won´t question your actions.
Sounds good now but aren´t there any other ways of getting into the system? Of course there are. Just ask an employee. Act as an employee yourself (get the appropriate dress) and make up a story why you can´t log in with your username. Tell him you have a bug or something like this and tell him the boss said this and that, etc. .
Another good way is to find a very shy person and tell the guy you need this and that data but you can´t access it because of blabla. Now tell him the boss will be proud of him if he helps with this matter. This is like a button you push on that person because he senses his chance to please his boss.
Yet another way that might work very well is to tell the person that you are getting into trouble if you don´t do blabla. Looking at 1. again we notice that the person will now probably feel bad for you because this is human and he will try to help you as good as he can.
What you could also do is “reverse social engineering”. You walk into the company, pull out the plug from the server and walk into an office as a repairman, ask if there server went down, too and “help” them by restarting the server. Leave your number and tell them to call again if something happens. A few days later you will do the same and you just ask for the password because you need this in order to revive the system because a major bug appeared or something similar.
The last thing I will talk about here is to cause panic. Just turn on the fire alarm call the company intern support and act very panicked. Tell them “I need to rescue some uber important data!!11″. They won´t hesitate to tell your username/password to log in since a human life is in danger and they´ll probably have a lot of problems if they refuse to give you access in such a situation.
5. How can I attack via telephone?
Get a voice changer to speak with a female voice and call the support. They will tell you anything since they can´t really proof whether you are allowed to have access to these thing or not. Try to act like a noob so they think you are no risk at all.
Another way is to go to the company´s website and check if you find any partners. You could also use the information on their antivirus program here which you gathered at 2. . You now call the company and tell them you are from “insert partner or antivirus name here” and that you have a newer version of your product. Ask them if they allready have this update and send it to them. Your “update” is a keylogger/RAT of course.
6. What should I remember?
- attack the weakest spot (human)
- people want to help – !use this!
- act like a noob in some scenarios and like a pro in another scenario, try to find the best role for every situation
- carry fake ID´s with you
- get a voice changer when working with a phone
- get a proper disguise (Repariman, Security guard, Pizza delivery man…)
- search dumpsters and bins
Main source: this video by Frank Solinske
0 comments:
Post a Comment