Social Engineering - Christopher Hadnagy [158]
[+] Saving dictionary to John.txt, counting 13672 words.
[+] Now load your pistolero with John.txt and shoot! Good luck!
Notice at the end that a dictionary file of 13,672 passwords using the information provided was created. The power of this type of tool is that it can take a lot of the guesswork out of the password-guessing aspect of social engineering.
CeWL
As described by its authors, CeWL is a Ruby application that spiders a given URL to a specified depth, optionally following external links, and returns a list of words that can then be used for password crackers such as John the Ripper. For more information about CeWL see their website at www.digininja.org/projects/cewl.php. Take a look at a session using CeWL in BackTrack4:
root@bt:/pentest/passwords/cewl# ruby cewl.rb
--help cewl 3.0 Robin Wood (dninja@gmail.com)
(www.digininja.org)
Usage: cewl [OPTION] ... URL --help, -h: show help --depth x, -d x: depth to spider to,
default 2 --min_word_length, -m: minimum word length, default 3 --offsite, -o: let the
spider visit other sites --write, -w file: write the output to the file --ua, -u user-
agent: useragent to send --no-words, -n: don’t output the wordlist --meta, -a file:
include meta data, optional output file --email, -e file: include email addresses,
optional output file --meta-temp-dir directory: the temporary directory,default /tmp -v:
verbose URL: The site to spider.
root@bt:/pentest/passwords/cewl# ./cewl.rb -d 1 -w pass.txt http://www.targetcompany.com/about.php
root@bt:/pentest/passwords/cewl# cat passwords.txt |wc -l 430
root@bt:/pentest/passwords/cewl#
Using CeWL against a target company, this session generated 430 potential passwords to try from just one page on their web presence.
CUPP and CeWL are just two tools at your disposal to help profile and generate lists of potential passwords. An interesting exercise is to run one of these tools using your own information and see if any passwords you use are in the lists generated. It can be very sobering and make you want to take password security very seriously.
Summary
Tools are an important aspect of social engineering, but they do not make the social engineer. A tool alone is useless, but the knowledge of how to leverage and utilize that tool is invaluable.
If one overwhelming theme in this chapter resounds, it is that practice makes perfect. Whether you are using the phone, software-based tools, the web, or other spy gadgets, practicing how to utilize them is essential to success. For example, when using the phone for social engineering, you can use spoofing technologies or even voice-changing technologies, and while having all this great technology is amazing, if you make a call and sound too scripted, nervous and jittery, or unprepared and unknowledgeable, then all hope for social engineering success is lost and most likely any credibility, too. This principle goes back to being very well versed in pretexting. How would the person you are trying to impersonate talk? What would he say? How would he say it? What knowledge would he possess? What information would he ask for?
Whether the social engineer uses a software tool, hardware tool, or both, taking the time to learn the ins and outs of each tool and each feature can make or break the success of the audit.
Tools can take substantial time off audits and they can also fill in any deficiency gaps an auditor may have. This dynamic becomes apparent as you analyze the case studies in Chapter 8.
Chapter 8
Case Studies: Dissecting the Social Engineer
The best security is through education.
—Mati Aharoni
Throughout this book I go through each aspect of what makes a great social engineer. Putting the information in these pages into play can make a social engineer a force to be reckoned with.
In school, students review history to learn what should or should not be done. History is a great tool for educating us about what things have worked in the past and why. It can tell us where we are going and how we can get there.
Social