Social Engineering Pointers From The Inside Perspective by Treephrog Feb. 6/03 Disclaimer: All information contained in this text file is for edu-tainment puposes only. Any and all resemblences to any real persons or acts is strictly coincidental and/or fictional. I do not condone breaking the law, and you cannot hold me or anyone else besides yourself responsible for the consequences if you choose to act upon anything you read here. By reading beyond this point, you agree to this. If not, don't read anymore. Go back to the construct. There. With that said, I'll start with a quote: "Life is short; pray hard." - Treephrog (No apologies to Reebok; deal with it.) Ahh, hell, I'm feeling generous, have another: "Life is about three things; attitude, knowledge and perception." - Treephrog Shouts & Greetz: Cyb0rg/asm (Many Thanks) The Clone (Many Thanks) H410g3n (Inspiration & info) Grease (Mah blood, keepin' me real) The P0pe (what's up?) Untoward (u still there?) The Hack Canada, Nettwerked and All 902's, if there are any besides me... :/ Essential Linkage: http://www.hackcanada.com http://www.nettwerked.net http://www.h410g3n.com http://www3.ns.sympatico.ca/grease/ /Start file Social Engineering takes on a whole new light when seen from the other side, i.e. when you are one of those people who are being engineered. I know this first hand, because I've spent the last few years in one of those positions, and being around others in those positions. So before you say, "Ahhh, shit, I just downloaded/opened yet ANOTHER social engineering how-to!", listen up. Because you probably haven't seen it from the vantage point I'm about to show you. Some simple guidelines Social engineering falls into 2 classes; visible and invisible. I will deal with the invisible first, since it's the easiest of the 2. Invisible Social Engineering This is a caper where you are never seen by the person/people you are interacting with, i.e. over the phone or through e-mail, snail mail, etc. This is the far and away easier of the 2, as there is no physical side to it, only the mental side. Here are some things to keep in the frontal lobe when dealing in this area: - Relax. Not relaxed, go to jail. - Okay, no really, I mean it this time, relax. The first thing that's going to get you busted is tipping off the other party that you are not comfortable with what you're doing or talking about. Not relaxed, go to jail. - Study. Yes, boys and girls, 'fraid all your teachers were right. There's no sub- stitute for homework. You want this scheme to work, be prepared. Prepared to read, watch, learn, and wait. Patience is key. Know as much about your mark as possible. When you think you know enough, you don't. Explore all possible avenues of intell- igence gathering. Only when you are uber-confident in your knowledge can you proceed. No patience, go to jail. - It's 90% likely that the person(s) you're going to be dealing with do not give a shit. About their job. About you. About your questions. About anything. They, like everyone who is underpaid and punches a clock, and just want to go home. It's just another day in paradise for them. You are but a minor annoyance/distraction in their schedule. The key is to treat the situation like you're dealing with the other 10% that do give a shit. Get slack, go to jail. - For arguments' sake, let's assume that you are pulling a caper involving a phone conversation. This is good, because it's common. The first thing you need to do is figure out who's going to answer on the other end. Is it a secretary? Is an op (sysop? voice operator?) of some sort? You need to figure this out for a number of reasons, the primary reason being this: you need to figure out who you need that person to think you are to make them do/say what you want. Don't study, go to jail. DO NOT GO OVERBOARD! This is so important I could have cardiac arrest stressing it, and still not get my point across. It is crucial when you identify yourself that you are only 1 or 2 levels above that person. Why? Any higher, and why would you be calling them? Why would the CEO of ACME Insurance call the front desk secretary to transfer him to the 10th floor boardroom? He wouldn't. But, 'Forgetful Frank' the network admin who's remote admin'ing from home because he's sick might call in and ask for the fax number to the 6th floor managers' office because he needs to get his weekly audit in right now, oh, and by the way, could you give me one of the numbers for the dial-in to the LAN? I left all my paperwork in the cubicle... go overboard, go to jail... ... which raises another good point. - It's always better to ask for 2 or more pieces of information. If you're looking for info, the best way to get it is to ask for it in 2 stages. First ask for 1 or 2 pieces of information that you know the person is definiely allowed to give you. Keep it simple and straightforward, but let them give you the information, don't finish the sentence for them or correct them, let them feed it to you. This is valuable because it subconsciencely makes you trustworthy in the marks' mind. Don't ask me why, I'm not a headshrinker, but once the person gives you a couple of essentially useless pieces of information, then in their mind it's okay to give you more. See the example in the above paragraph. Trust me, I've used this, it works. There's no end to the phun you can have if you're relaxed, prepared, and know what you want. Example: Operator: Hello, Operator. You: Hi there, this is Joe with (Local Telco Name). Did someone change the ANI for the 555 exchange, because the one I've got written down here, 555-6666, isn't working. Operator: No, I have it listed as 555-7777. You: (muttering under your breath like you're writing it down)... 7 ...7 ...7 ...7 great, thanks a lot, and by the way, can you put me through to (777)222-3333? This customer says is his long distance isn't working, he's been trying to get through for 3 or 4 days now. Operator: No problem, one moment please... You: Thank you... Congrats on engineering your first long distance call. Of course, be careful where you call from and what number you call to. *grinz* Now, one last tip before we move on, and this is a biggie: be firm, yet polite. Manners, manners, manners. It will surprise you how much smoother everything will go with a few well placed "thank you"'s... but be firm. Make it sound like you know exactly what you need, you're in the tiniest bit of a rush, and you'd appreciate no hassle. Be rude, go to jail. Visible Social Engineering This is the more difficult of the 2, and may involve some cash flow, but it should be minimal. The scenario is that you want access to a place that normal people can't/aren't allowed to go. The telco room of a very large apartment building, say. Bet you'd just love to spend an hour in there with your digital camera and/or camcorder. Here's how... - Remember the first rule? Relax. - Now learn. Watch your local telco guys in action. Look at what they're wearing. Pay attention, take notes if you must. You're going to have look reasonably close to how they look. Do they wear coveralls or kahkis? Around here, coveralls or blue jeans and a t-shirt means CATV, kahkis means telco. Of course, you should already know this because you watched them get out of the van. I'm not going to go into detail as to how get your hands on the appropriate clothing, other than to say a friend of a friend of a friend tailed one guy back to his home, watched to see when his wife did laundry, and snagged the coveralls off the line. Free coveralls, and lemony fresh to boot. Bonus points. No research, go to jail. - Footwear must be workboots. Non-negotiable. If people see you wearing workboots, they take you a lot more seriously. Once again, I'm not a head-shrinker, don't ask me to explain, but it's true. Seems wearing workboots means you're going to be phucking with some heavy-duty shit that they don't know phuck all about, so it seems prudent to ask less questions and give more answers. Which is what we want. Inappropriate footwear, go to jail. - A tool belt. Once again, mission critical. This is a must have. Populate it with your favourite flavours and colors of screwdrivers, wrenches, a highly visible multi-meter is total bonus points. No props for the act, go to jail. - None of this stuff can look new, including you. For the overalls/jeans/t-shirt, that's not too hard. Roll 'em in the dirt, wash and repeat as necessary. Workboots, well, believe it or not, the best thing I have found is running over them with a car. Don't laugh, it works. The toolbelt is going to be a bastard, I can tell you from experience, those phuckers take FOREVER and a day to break in. Try the car, see if that works. Grow some scruff on your face, make sure you've got some hair out of place. Want to test it all out? Ask a friend to meet you in a semi-busy place, wear your outfit but don't tell him, and see how long it takes him to pick you out. The longer, unless your bud has great peeps, the better your outfit is. If your outfit doesn't look like you've worn it everyday for the past year, go to jail. - ID tags and such can be a real pain in the ass. Either be prepared to make some really convincing home-made ones,or be prepared to have a really good cover story. Either way, in our secenario of the large apartment building, it's probably a non-issue, but be ready to deal with it anyway. No ID or no cover story, go to jail. - A cell phone would be almost mandatory. Doesn't even have to be activated, just make noise when you press the buttons. This comes into play later. So, you're all dressed up like your average, everyday telco guy. What now? Stroll into the building like nobody's business. Check out the intercom. Find the superintendant on the panel. For the love of God, make sure he doesn't KNOW you! Buzz him, remember he may be watching on you on closed circuit. Conversation follows: Super: Hells Gates Apartments, Frank speaking. (If he's a total knob, you get, "Hello?") You: Hi there, it's Mike from (local telco). We've got a trouble call on the street feed in the main telco room, and a couple of tenents with no incoming phone service. Could you meet me in the lobby and let me in the telco room?" *Conversation goes one of two ways here. 1. Super: Sure, hang on. You: Thanks... (Buzzes door to let you in, or hangs up and lets you in when he gets to the lobby.) OR 2. Super: You guys have keys, just let yourself in and do what you gotta do. You: We do have keys, but I don't have them, this is a trouble call and the keys are on another truck. They were supposed to call ahead and let know. (If you managed to get a real prick) Super: No one called me. You: They must not have called yet. Look, can you let me in? You've got tenents with phone problems, and I've got to get it fixed in case of an emergency. Super: (grumbling) Okay, hang on... You: Thanks... Now, when he gets to the lobby, have your shovel ready. You were up a pole on the other side of own, and you got the call, no paperwork for the job, not even sure what you're looking for, FIRST TIME IN THIS BUILDING, hope it's something simple, has he had any tenents complain about phone problems, etc. blah, yadda, blah. The main point is to let him know in a subtle way that you've never been in this building before. When he first comes down to the lobby, after he's started gabbing a bit, he probably start heading for the telco room. Follow him, walk and talk. Supers are busy people (or tend to think they are), so he'll want to get this overwith quickly. When you get inside the telco room, become all business. Inspect this, fiddle with that, mumble to yourself a lot, trace wires from one place to another. He'll probably just let you in and say something to the effect of, "Lock it up when you're done," or, "Let me know when you're done so I can lock it up." Then he'll rush off to plunge a toilet or something. If he looks like he's sticking around, pull out the cell phone. As you're pulling it out, and making a big deal of dialing it, tell him the job could take 10 minutes or 2 hours, you're going to have to phone this one in. That will probably make him run for the hills. If he's an uber-knob, and is still hanging around, your one sided phone conversation will go like this: You: Hello, central office? Can you put me through to provsioning? Thanks. (4 second pause) Hello, provisioning? This is Mike and I'm at (address) on a trouble ticket. Got it? Great. How many pairs coming into this building? 750? Okay, where do you want me to start the count? Pair 62? Okay, hang on... At this point go to the biggest bundle of telco wires you can find, and make a big show off counting them. If this doesn't make him leave, congratulations, you've found a certified crazy for a super. Pretend to get cut off, and tell him you have to call them back from outside, and bail... Anywho, I'm confident he'll leave well before any of this stuff takes place, so you're in the joint, you've got the place to yourself, have phun, explore, and tell us all about it. By the way, relax. Tha 'Phr0g