Social Engineering - Christopher Hadnagy [177]
John was documenting the find with the VNC session open, when suddenly in the background the mouse started moving across the screen. This was a huge red flag, because with this client at this time of the day, no user would be connected and using the system for a legitimate purpose.
What could be happening? He noticed that instead of acting like an admin or normal user, this person appeared to be not very knowledgeable about the system. He suspected there was an unwanted intruder in the network. He didn’t want to scare the intruder away but he wanted to know whether he was an admin or another hacker who found his way into the very same system.
Quickly the target went from being the company he was hired to pentest to a rogue hacker inside the organization.
The Story
John decided quickly that he would have to social engineer this hacker and get as much information as possible to help safeguard his client. He didn’t really have time to think through every step and plan out properly. He didn’t have time to do the appropriate information gathering.
He takes a big risk and opens Notepad. Quickly he develops the pretext that he is a “n00b” hacker, a newbie, someone unskilled, and he found this box open and is hacking it, like this guy. He was able to obtain some screenshots of the conversation. Take a look and notice how the pentester had to social engineer the hacker, as shown in Figure 8-1. John starts the conversation and every other line is the hacker.
Figure 8-1: An actual screen shot of the event.
Following is the verbatim transcript of the conversation that took place. It is long, and all typos and jargon appear in the original, but the transcript shows exactly what transpired in this hack. John speaks first.
whats up?
hehe, just looking around
yeah, me too. Anything good?
you're a "hacker" too? U was just looking for unsecured VNC servers
U=I
I was looking forsomething easy. this was easy. ;) You see anything else on this network? This is the only one I got.
Didn't find anything else of interest here, most is secured pretty good. Yeah, easy to gain access, but I want admin priviliges... :D
Yeah, would be easy from here. Just a priv elev. I am interested inwhat else is here. What is this spreedsheet that is always up?
I have no idea, it was heere when I logged in, I havn't been around much. Found this computer 2 hours ago maybe. What about you?
I had it for about a week. Off and on. Just did not do anything with it. Sort of lazy. What was your test file from rapid share?I just dumped strings on it and don't reconize anything.
Cool. Well, the file was just a test i made, was trying to see if I could get a server (trojan) running. But the firewall didn't allow it.
lol. I had the same problem. I did metasplit shell and no-go. Thats why I kept using this. You in the us? or out of country? I know some people in denmark.
I'm from Norway actually, hehe, I have relatives in Denmark.
You hang in any boards? like I used to like some but they have been going away
I mostly hang in some programming boards, but not much else. Have you been into hacking for a long time or what? What's your age btw? I'm 22.
I have been on this for like fun for around a year or so. Still in school. 16. Just something to do. You ever go to evilzone?
Haven't been there. I too mostly do this for fun, just trying to see what I can do, test my skills. I wrote the "VNC finder" myself btw, I have found a lot of servers, but this is the only one where I could actually have some fun
Wow. What did you write it in? Can I dl it? Do you have a handle?
It's written in a language called PureBasic, but it's kinda not ready for release yet, it's only for my own use. But maybe I can share it anyway, I could upload the code somewhere and let you compile it. That is if you can find some PureBasic compiler on some warez site :P
Thats cool. you can put it in that pastebin site from irc. That lets you anon post I have not done purebasic before. just python and perl
Let me see, I'll look for that pastebin site