Social Engineering - Christopher Hadnagy [19]
Gathering Information
Gathering information is like building a house. If you try to start with the roof your house will surely be a failure. A good house will be built using a solid foundation and from there it will be built literally from the ground up. As you gather information you may be overwhelmed with how to organize and then use this data, so starting a file or an information gathering service to gather this data in is a good idea.
Many tools exist to assist in collecting and then using this data. For penetration tests and social engineering audits I use a Linux distribution called BackTrack that is specifically designed for this purpose. BackTrack is like most Linux distributions in that it is free and open source. Perhaps its greatest asset is that it contains more than 300 tools designed to assist in security auditing.
All of the tools within BackTrack are also open source and free. Especially attractive is the high quality of BackTrack’s tools, many of which rival and even surpass tools you would pay an arm and a leg for. Two BackTrack tools that are particularly useful for information gathering and storing are called Dradis and BasKet. The following sections take a quick look at each.
Using BasKet
BasKet is similar in functionality to Notepad, but more like Notepad on steroids. It is presently maintained by Kelvie Wong and can be found for free either in BackTrack or at http://basket.kde.org/. The website has full instructions for how to install BasKet. Once installed BasKet is easy to use and the interface is not difficult to understand.
As seen in Figure 2-1, the interface is easy to figure out. Adding a new “Basket” to hold data is as simple as right clicking on the left side of the screen and selecting New Basket.
Once new Baskets are added the sky is the limit. You can copy and paste data, place screen shots in the Basket, or even tie in OpenOffice or other types of charts, graphs, and other utilities.
Figure 2-1: BasKet allows for easy organization of the data found during information gathering.
Adding a screenshot can be done in a few ways. The easiest is to copy the image then right mouse click on the new Basket and click Paste. As shown in Figure 2-1, adding images is simple but also shows the image right away. Notes can be typed or pasted around the images by simply clicking in the Basket and starting to type.
In a normal security audit, what makes BasKet attractive is the way it catalogs data and shows it on the screen. I usually add a different Basket for each type of data such as Whois, social media, and so on. After that, I will do some recon using Google Maps or Google Earth to capture some images of the client’s building or facility, which I can store in BasKet as well. When the audit is complete, being able to pull up and utilize this information quickly is very easy. Figure 2-2 illustrates a nearly complete BasKet that contains a lot of useful information and tabs.
As shown in Figure 2-2, BasKet is easy to store the information in an easy-to-read format. I try to include as much information as possible because no information is too small to store. The information I include is items from the client’s website, WhoIs information, social media sites, images, employee contact info, resumes found, forums, hobbies, and anything else I find linked to the company.
Figure 2-2: A nearly completed BasKet with lots of useful information.
When I am done, I simply click on the menu called Basket then Export and export the whole BasKet as an HTML page. This is great for reporting or sharing this data.
For a social engineer, collecting data, as will be discussed in detail later, is the crux of every gig, but if you cannot recall and utilize the data quickly, it becomes useless. A tool like BasKet makes retaining and utilizing data easy. If you give BasKet a try and use it once, you will be hooked.
Using Dradis
Although