Good Social Engineering Tricks

Social engineering is the art of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim.

Good Social Engineering Tricks

Post by thedotmaster on Mon Jul 20, 2009 8:12 am
([msg=27024]see Good Social Engineering Tricks[/msg])

Me and some friends are into urban exploration and the other day we were hanging round this industrial estate near the River Mersey, North West UK (I'm on the Wirral side, if anyone knows the area).
We first approached a random industrial yard/warehouse place with a large SLR camera around my neck. Some builders stopped me and my friend and we asked if it'd be okay to look around, to do some photography for our art project on industrial settings (bullsh*t of course). He said he'd have to ask the boss, so we made excuses "ah it's alright mate", but then asked if there was anywhere similar nearby. He mentioned a shutdown oil refinery (at which point we were thinking "alright!") nearby so we went to check it out.
We approached it and as we were getting near a large barrier came down and a security guard came to the door of his little hut thing. We explained our 'situation' but he said he couldn't let us in due to health and safety. Oh well. It was a nice try.
We then went on to Tesco, where we messed around with the laptops until we found the admin account. The password suggestion was "store number".
So we went and approached an assistant and asked them if they had a copy of the store number around as we were applying for a job and the online form required the store ID. She kindly wrote it down for us on a piece of paper. We kindly left good-ol'-4chan up on those laptops.
Whilst the day wasn't overly successful, it was my first attempt at social engineering and the camera idea will surely work at some point. Worth a try anyway.

Anyone else got any interesting social engineering stories, tricks or tips?
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: Good Social Engineering Tricks

Post by tgoe on Mon Jul 20, 2009 11:53 pm
([msg=27084]see Re: Good Social Engineering Tricks[/msg])

Years ago I wrote a bot for Virtual Places (vpchat.com) when it was affiliated with the (then) major portal Excite.com

Excite had a number of secret questions for "remembering" an account password... one of which was "What is your pet's name?". So the bot sat in the VP "pets" chatroom cheerily asking for pet names at random times and recording username/petname combinations... which turned out to be just as good as username/password combinations on Excite 8-)

...maybe not social engeering per se, but I think that any system that still relies on secret questions/answers is susceptible to something like it.
User avatar
tgoe
Contributor
Contributor
 
Posts: 650
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Good Social Engineering Tricks

Post by TheMindRapist on Tue Jul 21, 2009 12:11 am
([msg=27087]see Re: Good Social Engineering Tricks[/msg])

Good story, would read again.
10/10
Image
User avatar
TheMindRapist
Contributor
Contributor
 
Posts: 585
Joined: Mon Apr 14, 2008 4:57 pm
Blog: View Blog (0)


Re: Good Social Engineering Tricks

Post by godofcereal on Tue Jul 21, 2009 5:40 am
([msg=27111]see Re: Good Social Engineering Tricks[/msg])

Of all the sites you pick 4chan, imagine how many lives you have destroid... 10/10
Im off, last year of school and all, I had something longer but char limit fucked that up. So yeah, had a good run here. Thanks for the memories. Thanks to the staff and users.

Best regards, your posting whore,
godofcereal

p.s. Defience, you the man ;)
User avatar
godofcereal
Addict
Addict
 
Posts: 1068
Joined: Wed Aug 20, 2008 6:11 pm
Location: ireland
Blog: View Blog (0)


Re: Good Social Engineering Tricks

Post by thedotmaster on Tue Jul 21, 2009 8:54 am
([msg=27122]see Re: Good Social Engineering Tricks[/msg])

godofcereal wrote:Of all the sites you pick 4chan, imagine how many lives you have destroid... 10/10


Their fault. They should have a filtering system, or even block their access to the internet.
Plus there are worse Chans I could have stuck them on (though that also probably would have ended up with me being arrested).

Oh and er, I don't condone any of that kinda thing.. er.. yeah.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: Good Social Engineering Tricks

Post by godofcereal on Tue Jul 21, 2009 5:18 pm
([msg=27170]see Re: Good Social Engineering Tricks[/msg])

thedotmaster wrote:
Their fault. They should have a filtering system, or even block their access to the internet.


Would you really expect a store to do that? They try to give the people a full experience of it, then you come along and have some fun playing with them ;)
Im off, last year of school and all, I had something longer but char limit fucked that up. So yeah, had a good run here. Thanks for the memories. Thanks to the staff and users.

Best regards, your posting whore,
godofcereal

p.s. Defience, you the man ;)
User avatar
godofcereal
Addict
Addict
 
Posts: 1068
Joined: Wed Aug 20, 2008 6:11 pm
Location: ireland
Blog: View Blog (0)


Re: Good Social Engineering Tricks

Post by thedotmaster on Tue Jul 21, 2009 7:48 pm
([msg=27184]see Re: Good Social Engineering Tricks[/msg])

We weren't meant to have access to the computers themselves, there was meant to be a slideshow thing playing. We turned it off then on again :)
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: Good Social Engineering Tricks

Post by boza111 on Sun Nov 29, 2009 3:39 pm
([msg=30864]see Re: Good Social Engineering Tricks[/msg])

hey thanks interesting read! haha nice one at getting the wifi pass
boza111
New User
New User
 
Posts: 3
Joined: Sun Nov 29, 2009 2:41 pm
Blog: View Blog (0)


Re: Good Social Engineering Tricks

Post by tarantulas on Sun Jan 10, 2010 1:03 pm
([msg=33147]see Re: Good Social Engineering Tricks[/msg])

neat. makes me wish i lived somewhere remotely "urban"
User avatar
tarantulas
New User
New User
 
Posts: 22
Joined: Sun Aug 23, 2009 9:09 pm
Blog: View Blog (0)


Re: Good Social Engineering Tricks

Post by insomaniacal on Sun Jan 10, 2010 1:40 pm
([msg=33152]see Re: Good Social Engineering Tricks[/msg])

That story sounds extremely similar to one that I remember reading in some old Text file that was about social engineering... The bit about finding old factories and claiming to be a photographer at least. It might even have been on Totse...

Anyway, good job at getting the password. Shame on the store for setting such a lame password, and then even giving the hint. I haven't done any things in stores for awhile... should really get on it. I mean, we all know walmart deserves it xD
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Next

Return to Social Engineering

Who is online

Users browsing this forum: No registered users and 0 guests

cron