124 lines
6.1 KiB
Plaintext
124 lines
6.1 KiB
Plaintext
__ _
|
|
.: .' '. how to social engineer into anything
|
|
/: / \_ or; the line-interruption method
|
|
;: ; ,-'/`:\
|
|
|: | | |() :| an infosec writeup to help protect
|
|
;: ; '-.\_:/ companies from filthy blackhat scum
|
|
\: \ /`
|
|
':_'._.'
|
|
|| fucc steve case
|
|
/__\
|
|
.---. {====}
|
|
.' _,"-,__|:: | warning: this technique has been used
|
|
/ ((O)=;--.:: | to infiltrate various large companies
|
|
; `|: | |:: | resulting in dox and hax!1
|
|
| |: | |:: |
|
|
| |: | |:: | warning 2 hackers: don't friggin do it!
|
|
| |: | |:: |
|
|
| |: | |:: | shouts: syphor, dropcode, egod, the|one
|
|
| |: | |:: | mist and every ><oh>/int scroller from
|
|
| /:'__\ |:: | the ao-daze. it's 2017 & aol hacking is
|
|
| [______]|:: | finally retro and cool. we made it fams.
|
|
| `----` |:: |__
|
|
| _.--|:: | ''--._
|
|
; .' __{====}__ '.
|
|
\ .'_.-'._ `""` _.'-._ '.
|
|
'--'/` `''''` `\ '._ written by big pad tha don
|
|
jgs '._ _.'
|
|
`""--......--""`
|
|
|
|
###how it's done###
|
|
i'll use a hypothetical aol attack to explain the process, but this can be reworked for pretty much anything.
|
|
|
|
first, you'll need an accomplice or the ability to pull off two very distinct voices.
|
|
second, you'll need to make an account on the target service with the name and address information filled out
|
|
with things like "THIS IS A TEST ACCOUNT", "TEST PURPOSES ONLY" etc.
|
|
|
|
friend = person #1, the oblivous customer
|
|
se = person #2, the social engineer
|
|
jeff = phone rep
|
|
|
|
> pregame
|
|
jeff: thank you for calling america online's new registrations department, my name is #jeff# how many i help you?
|
|
friend: hello i'm tony and i need internet. now you guys have the email and the web, right?
|
|
jeff: we certainly do! with america online you can blahblahblah
|
|
*let this exchange go on for about a full minute*
|
|
se: #beep boop# (use two rapid touch tones)
|
|
se: hello, i'm sorry to interrupt this phone call. jeff how ya doin today?
|
|
jeff: i'm fine..
|
|
se: great, [name of friend] do you mind if i place you on hold for a minute or two?
|
|
friend: n.. no that's fine
|
|
se: great thanks. #beep boop#
|
|
se: ok i've placed the caller on hold, jeff how ya doin today?
|
|
jeff: i'm fine..
|
|
se: great. well i'm chad and i've been monitoring your activity this evening and had a couple of things i wanted
|
|
to run by you. firstly, have you been seated at your terminal all afternoon?
|
|
jeff: yes
|
|
se: so nobody else has had access to your workstation?
|
|
jeff: yes
|
|
se: ok, on my end it looks like you're mistyping credit card information for new members. i only see a couple of
|
|
instances but it's something we do need to address, as it results in errors in our billing processing systems.
|
|
jeff: no i never mistyped anything today
|
|
se: hmm, ok. our data retrieval system might be misinterpreting something... ok i'm going to have you pull up
|
|
a test account. navigate to your pegareach quick search screen and let me know when you're there.
|
|
jeff: ok i'm there
|
|
se: great. ok let me pull up my data retreival software. give me a moment....
|
|
se: *taps around on a keyboard for about 10 seconds* ok ready?
|
|
jeff: ready
|
|
se: jeff go ahead and look up the screen name "PhoneTest22"
|
|
|
|
> when jeff looks up "PhoneTest22" he'll feel immediately at ease for two reasons
|
|
1. you interrupted his phone call with a customer like some leet high level supervisor
|
|
2. you created the "PhoneTest22" account and all of the name/address fields say things like "THIS IS A TEST ACCOUNT"
|
|
|
|
> attack scenario #1: let's condition jeff into resetting account passwords
|
|
jeff: ok i've pulled it up
|
|
se: great, now go ahead and reset the password on the account to aoltest1
|
|
jeff: ok done
|
|
se: hmm, not seeing anything in my data retrieval software. some packet errors. let's try again.
|
|
navigate back to the search screen and let me know when you're there
|
|
jeff: i'm there
|
|
se: great. go ahead and pull up the scren name "target"
|
|
jeff: ok done
|
|
se: great, now go ahead and reset the password on the account to aoltest1
|
|
|
|
> at this point you can either say "ok, looks like your mac address was misissued. i'll have noc address that. thanks"
|
|
or you can just have him sit there and reset tons of passwords on multiple accounts all night until he asks about
|
|
overtime.
|
|
|
|
> other attack scenarios
|
|
- once you've earned the phone rep's confidence you can do various things such as:
|
|
1. ask him to press "prnt scrn" and copy and paste a screenshot of their internal software into new email addressed to you.
|
|
this is useful in followup calls because you'll know more about their internal systems and how to speak the lingo.
|
|
2. have him install patch.exe because your darn data retrieval system is on the fritz
|
|
3. read off sensitive information on target accounts
|
|
|
|
.........
|
|
.'------.' |
|
|
| .-----. | |
|
|
| |owned| | |
|
|
__| | :o | | |;. _______________
|
|
/ |*`-----'.|.' `; //
|
|
/ `---------' .;' //
|
|
/| / .''''////////;' //
|
|
|=| .../ ######### /;/ //|
|
|
|/ / / ######### // //||
|
|
/ `-----------' // ||
|
|
/________________________________//| ||
|
|
`--------------------------------' | ||
|
|
: | || | || |__LL__|| || | ||
|
|
: | || | || | || `""'
|
|
n | || `""' | ||
|
|
M | || | ||
|
|
| || | ||
|
|
`""' `""'
|
|
|
|
###backstory###
|
|
this was conceptualized in 2003/2004 by yours truly and used relentlessly on various utilities, carriers and isps.
|
|
i'm convinced that variations of this technique would still work present day on virtually any large tech/communications
|
|
company with enough phone jockeys. isps, registrars, banks, mobile carriers, etc. employees need to stay vigilant
|
|
in the face of unorthodox social engineering vectors.
|
|
|
|
###fun fact###
|
|
mark zuckerberg started out as an aol/aim hacker. one of us, one of us, gooble gobble and whathaveyou.
|