1.Lets start with "What We Can Get?"
You maybe asking what can we benefit off of from SE? Well, you can get almost anything you wish if your as skilled to do so. From anything to passwords to even credit card numbers! I myself have used SE to socialize Bad_Brains password! His password is:
Code: Select all
EbrizzleIsLeet#1
2.Now, "Building the Trust"
Before asking for an users password, you must build up the trust. After you build up the trust, then you can exploit the user. Simple questions about there daily life and trying to actually get to "know" and "understand" the user is easy towards building the trust. You need to put your postion into a high ranked person if you wish to exploit a company. Thats where part two comes in.
3. "SEARCH"
Simple, yet life saving words:"GOOGLE! GOOGLE! GOOGLE!"
You must do research before any SE attack! Some companys are prepared for SE attacks so be prepared!
4."Questions"
Now you will try to ask those questions to get the information you want. Try to make them indirect rather then direct. And make up a good execuse for why you would need the information, such as begin a suvery.
"SE by example."
This is how I obtain a users password.
Of course that example above was preformed on a friend, and worded differnetly, it worked perfectly.Hey, I have been recieveing some werid packets while using my Airsnort on my Linux console. It gave me some password hashed packets that I believe came from your computer. If so, I need the character length of your password and the first and last letter of your password. If I get this info, I can match it up and warn the company about this "bug" that which it captures such high information.
To get IPs this one always works:
OrHello there, well, I need a favor from you, I got this new server and its been picking up werid IPs and logging them into a log file. This can mean either I am getting hacked, or it picks up my IMs. I need you go onto www.whatismyip.com and tell me whats your IP so I can match them up and make sure my server isnt in danger.
Now, the example above is another thing. You can trick a user into downloading a "patch" or so, and it is actually a keylogger you compiled your self! Be creative!Hey, I tried to send you somthing but it gave me an error saying this persons port been blocked. So I read up on this and I found out you may have a new type of virus! It blocks all incoming and outgoing connections towards certain ports. It also slows down your computer! You gotta go onto www.nmap-online.com and tell me what the results are so I can see if your infected and give you this software I found that will fix this.
Now you are ready to go SE Bad_Brain on the IRC! I would recommend reading the book made by my most fav orite person and hacker , Kevin Mitnick (Besides Bad_Brain of course!) The Art of Deception, the book specializes on actual SE attacks.
P.S. Bad_Brain, please dont delete my accout for telling everyone your password.
Please post any comments or ideas, and any SE attack examples you have done.