Social Engineering - Christopher Hadnagy [17]
Like any book, the knowledge contained herein is only useful if it you put it into practice. The more you practice the more you will succeed at mastering these skills.
Previously, I discussed how social engineering is like mastering the art of cooking. By mixing the right ingredients in the right quantity you can have a meal that is full of flavor and excitement. The first time you try to cook a meal it might have too much salt or it might lack flavor altogether, but you don’t immediately throw in the towel—you keep trying until you get it right. The same goes for social engineering. Some of the necessary skills may come more naturally to you and others may be more difficult.
If a particular topic is hard to understand or difficult for you to grasp, do not give up, and do not assume you cannot learn it. Anyone can learn and use these skills with the right amount of effort and work.
Also keep in mind that, just like a real recipe, many “ingredients” go into a good social engineering gig. The first ingredient might make more sense after you get down the line a little more. Certain skills—such as “the human buffer overflow” covered in Chapter 5—will only make sense after you master some of the other skills discussed in this book.
Regardless, keep practicing and make sure to do extra research on topics for which you need clarity. Now let’s start cooking. Your “recipe” starts in the next chapter with the first ingredient, information gathering.
Chapter 2
Information Gathering
War is ninety percent information.
—Napoleon Bonaparte
It has been said that no information is irrelevant. Those words ring true when it comes to this chapter on information gathering. Even the slightest detail can lead to a successful social engineering breach.
My good friend and mentor, Mati Aharoni, who has been a professional pentester for more than a decade, tells a story that really drives this point home. He was tasked with gaining access to a company that had an almost nonexistent footprint on the Web. Because the company offered very few avenues to hack into, gaining this access would prove to be very challenging.
Mati began scouring the Internet for any details that could lead to a path in. In one of his searches he found a high-ranking company official who used his corporate email on a forum about stamp collecting and who expressed an interest in stamps from the 1950s. Mati quickly registered a URL, something like www.stampcollection.com, and then found a bunch of old-looking 1950 stamp pictures on Google. Creating a quick website to show his “stamp collection,” he then crafted an email to the company official:
Dear Sir,
I saw on www.forum.com you are interested in stamps from the 1950s. Recently my grandfather passed away and left me with a stamp collection that I would like to sell. I have a website set up; if you would like to see it please visit www.stampcollection.com.
Thanks,
Mati
Before he sent the email to the target, he wanted to ensure there would be maximum impact. He took the office number from the forum post and placed a phone call to the man. “Good morning, sir, this is Bob. I saw your posting on www.forum.com. My grandfather recently passed and he left me a bunch of stamps from the 1950s and 60s. I took pictures and made a website. If you are interested I can send you the link and you can take a look.”
The target was very eager to see this collection and readily accepted the email. Mati sent the man the email and waited for him to click the link. What Mati did was embed a malicious frame on the website. This frame had code in it that would exploit a vulnerability then known in the popular Internet Explorer browser and give control over the target’s computer to Mati.
The wait was not long: as soon as the man received the email he clicked the link and the company’s perimeter was compromised.
A tiny piece of information—the corporate email this man used to look for stamps—is what led to this compromise. No piece of information is irrelevant. With that knowledge in mind, here are questions that come up with