Social Engineering - Christopher Hadnagy [144]
Lock Picks
Before getting into the topic of picking locks you have to know a bit about how a lock works.
Figure 7-1 shows a very rough image of a simple lock.
Figure 7-1: A simple view of a lock.
Basically the way a lock works is that it has tumblers that are manipulated by the key. The key pushes up the tumblers and upper pins, and when they line up it allows the key to turn and unlock the door, server room, cabinet, and so on.
A lock pick simulates the key in moving all the pins into the correct position one by one, allowing the lock to turn freely and open the door. You need two main tools to pick a lock: picks and a tension wrench.
Picks are long pieces of metal that curve at the end, similar to a dentist’s tool. They reach inside the lock and move the pins up and down until they are in the right position.
Tension wrenches are small flat metal devices that allow you to put pressure on the lock while using the pick.
Rakes look like picks but are used in a “raking” motion over the lock in an attempt to catch all the pins. It is the quick motion of moving the rake in and out of the lock that many lock pickers find attractive because it usually makes quick work of most locks.
To pick a lock, follow these steps:
1. Insert the tension wrench into the keyhole and turn it in the same direction you would turn the key. The real skill here is knowing how much tension to add—use too much or too little, and the pins won’t fall into place, thus allowing the lock to turn. Providing just the right amount of tension creates a small ledge that offsets the plug enough to catch the pin shafts.
2. Insert the pick and use it to lift the pins one by one until you feel them lock in place. You can hear a slight click when an upper pin falls into position. When you get all the pins into position the plug will rotate freely, and you will have picked the lock.
The preceding is the $2 tour of lock picking and barely scratches its surface. If you want some great information on lock picking visit any of the following websites:
http://toool.us/
http://home.howstuffworks.com/home-improvement/household-safety/security/lock-picking.htm
http://www.lockpicking101.com/
These are just a few of the many sites devoted to lock-picking education. As a social engineer, spending time practicing picking locks is wise. Carrying a small lock-pick set with you can be a lifesaver when you’re in front of a server cabinet, desk drawer, or other locked obstacle containing juicy information.
Lock pick sets can be as small as those shown in Figure 7-2, which are the size of a normal business card.
Figure 7-2: This business card–sized lock-pick set fits easily into a wallet or purse.
They can also be bulkier, as shown in Figures 7-3 and 7-4.
Figure 7-3: This set is about the size of a pocketknife.
Figure 7-4: This lock-pick set is bulkier but contains everything you would need.
A good recommendation is to not let the first time you play with a lock pick be in a critical situation. Personally, I went out and bought a few Master padlocks of differing sizes. After I was able to successfully pick all of them I then bought a set of practice locks, something like those shown in Figure 7-5. These come in many different pin types. Locks contain varying pin types, which can add to the level of difficulty in picking. Having practice locks of varying pin types and sizes maximizes the effectiveness of your practice sessions.
Figure 7-5: These see-through locks allow you to see how you are doing.
I have even seen some very nice setups at different conferences that would be excellent