Social Engineering - Christopher Hadnagy [179]
DoS, i mean.
weird I woner what type of line it is its says it it from co. which I thought was a funny name.. Did you ever get any other systems here? I wonce saw a warez server but that was a long time ago and it is gone now.
Haven't found any other systems. But I would sure like to access all these network computers they have... damn many, it's some kind of university. Hehe, I printed out "hello world" previous today.
Haha did you send it to a printer or to the screen? these people would more then likkely freak out if they saw the mouse start mooving on them in the middle of the day whith tht weird spreadsheet
Haha, they probably woold, but what silly idiots runds a VNC server without a password?! I printed to some of the printers, I hope somebody saw it.
Haha thats is true, i bet som.. well they cant run it with out admin privs right? So it cant be just some user that did it, someone with admin would have to do it or else our backdoors should work on it and they are not going at all. Or do you think some one just changed the config?
Hmm, well, i think you're right, maybe some admin or prankster..
Do you do this work for a living? I keep hearing you can make money with it, and I think if I do this for a while and get to be good I might be able to get a job with it. Is that what you did?
I have earned money on programming, but never on hacking or security stuff. But that's a good idea, people would pay to get their security tested and if we get good enough we could probably earn a lot this way.
Thats what I hope. I bought a book on the ethical hacker and think that they have some good programs in there. I don't know what the age is to take the test, but if I do take it that might be a good start to do this work. And there are some good tools in there like the metasploit. You should take a look at it if you have not yet.
Yeah, thanks, I should check that out :) But I'm getting a little tired now btw, hehe. Can't sit here chatting in bloody notepad all day, hehehehe. So cya later man, cool meeting you, very fun.
Yeah I was scared when I saw the rapid share up on the screen. Cool to meet you and I will e-maiul you and let you know how the program works. Tht is exciting to try that out and see what happens. You stay safe and don't like the bad guys find you!
Hehe, thanks, the same for you btw! :) This was interesting, I think I'll save this notepad log btw, give me a sec,lol...
there, lol, sorry
goodbye
bye
This chat reveals how quickly John had to pretext and become someone else. This is not an easy task, as usually it takes a lot planning, but to secure his client and find out who this intruder was he had to play whatever role the “hacker” was going to put him in.
In the end, John ended up getting his picture, e-mail, and contact info. He reported this malicious hacker to his client and the problem was fixed to not allow such free reign in and out of its systems.
This top-secret case shows just how social engineering used in a professional sense can go a long way toward securing the clients.
Applying the SE Framework to the Top Secret Case Study 2
What I find interesting in this account is how the company wasn’t really a target for the hacker. He was merely scanning the Internet for “low-hanging fruit” and that is exactly what he found. Open machines with full access are dangerous and this account shows just how much damage could have occurred if the pen tester was not sitting there just at the right time.
There is, of course, a lot one can learn about social engineering from this story, too. John did not come into this project with the idea of using his social engineering skills. Instead it was a straight out pentest. Sometimes you are called on to use your skills without being able to plan first.
What might have enabled John to be able to do this without having to go home and have a practice session? Most likely these skills were something that John used daily or that he at least