Social Engineering - Christopher Hadnagy [150]
Figure 7-21: Exporting the target’s entire route.
Figure 7-22 shows the data exported and displayed in Google Maps.
This short section could not possibly cover all the tools available to a social engineer. The keys to success are practice and research. Knowing what tools are available to social engineers can make or break the audit. That is just half the battle, though, because then as a professional social engineer, you must practice, practice, practice. Knowing how to properly use the tools will make a huge difference.
On the Social Engineer Framework located at www.social-engineer.org, I will be reviewing many tools that social engineers can use to enhance their practice.
Physical tools are just one part of being a successful social engineer though. All the physical tools on Earth are backed up by quality and thorough information gathering as discussed in Chapter 2. The next section covers some of the most amazing information-gathering tools in the world.
Figure 7-22: The target’s route rendered in Google Maps.
Online Information-Gathering Tools
As previously discussed, information gathering is a key aspect of social engineering. Not spending enough time on this point alone can and will lead to failure for the social engineer. Nowadays many tools are available to the social engineer that can help collect, catalog, and utilize the data that is collected.
These tools can literally change the way a social engineer views and uses data. No longer are social engineers limited to what they can find in routine searches; these tools open every resource on the Internet to them.
Maltego
Collecting and cataloging information is probably a weak point for many people. What if a tool existed that enabled you to perform dozens of searches specific to a domain, IP address, or even a person? What if it gave you the weightings of those findings, showing what was more likely to be important or not? What if this tool then had a GUI interface that showed everything in color-coded objects that you can export and utilize? On top of it all, what if a free version of this amazing tool was available?
Enter Maltego. Maltego is a social engineer’s dream tool. This amazing tool is made by the guys at Paterva (www.paterva.com). Maltego has a community edition available for free download from their website, which is also included in every edition of BackTrack4. If you want to remove the limitations of the free edition—like the number of transforms you can run and saving data—spending around $600 will get you a full license.
The best way to show the power of Maltego is to tell a story of an audit I was involved in. I was tasked with auditing a small company that had a very small web presence. The target was to get to the CEO but he was heavily guarded, paranoid, and didn’t use the web much. As the owner of a printing company he was all about his business and didn’t use technology to its fullest. Surely this task was going to be a difficult one.
I whipped out Maltego first. Using just the company’s domain and pulling up all e-mail addresses linked with Whois info and the domain itself gave me a nice base of information to start searching with. I then delved deeper to see whether the CEO’s email that came up was used on any other sites or URLs. I found he had written a couple reviews for a local restaurant and linked his email address publicly. He also used it in a review he did for a restaurant in a different state. Reading his review fully revealed that he had visited that restaurant when he was visiting family in that state, even naming his brother in the review. With a few more searches in Maltego I located his parents and brother in that area. A few more searches with the family name and I found a few links that spoke about using another email he had from a business he started there to discuss a problem he had had with a local church and his switch to a new one. Later on, I found a blog post linking his Facebook