So what got you into Social Engineering?

[higHClass]

For myself, it was after reading up on Mitnick and his antics. It really got me because I am already an exceptionally good liar and story teller and have unknowingly done SE in the past. (not for bad)

Yes, strong first post, I know. I am interested in other SE people. I can't hack my way out of a paper box or crack a nut open but I can lie and tell stories like a mother fucker.

[tremor77]

I've used some gray-hat SE techniques for various endeavors, often work related... its amazing the things that you can accomplish by stating your name, title and a company that you represent. I work for a media company and some of the things that I do require taking over a client company's website and revamping it top to bottom... not just design but often setting up new hosting, gaining control of the domain name that some 3rd party purchased on their behalf, getting into their existing hosting account to retrieve files, images, and other data. A typical SE in this regard may go something like this...

After gathering as much information as possible. Company X, Company X CEO Name, website - CompanyX.com and current DNS records from WHOIS, whatever internal documentation from Company X that I've been able to get... I place a called to Webhost Y.

Me: "Hello Webhost Y, this is Tremor from Z Media calling on behalf of Company X. Company X has recently contracted us to redesign WebsiteX.com. I have been authorized to speak on behalf of Company X CEO Name and I have been tasked with gaining access to their hosting account at Webhost Y. You may call Company X at 123-456-7890 to verify our contract agreement. Company X has ended it's relationship with Old 'Design Company B' with whom they seem unable to contact for username and password to the ftp account. I do believe that 'Design Company B' is just some graphic designer operating out of his garage and he is just upset that he lost an account... haha.. you know how that is right?"

Webhost Y Rep: "Totally."

Me: "Anyway, we here at Z Media looked at your services at Webhost Y and find them to be of good quality and fair pricing, at this time we see no reason to change hosting service for Company X."

-That's the hook... You're not going to get what you want if your taking something away.. stroke the ego.

Me: "Anyway... Company X really wants to get off the ground with their new design so we were hoping to get access to the FTP... and Design Company B seems to have gone off the reservation. Additionally, we we're considering upgrading to your platinum hosting plan, so if you could a quote that I could pass by accounting that would be handy."

Webhost Y Rep: "No problem I'll send it right over. For the FTP the username is CompanyX and the password is also CompanyX."

Me: "Oh gee not very secure! We probably ought to fix that... thanks for the help."

Webhost Y Rep: "No problem, if you have any questions in the future you can call my extension directly."

---- And that's been the story atleast a dozen times. Goes pretty much the same acquiring a domain name transfer authorization code... sometimes have to fax a change of e-mail address to the registrar on company letterhead but that's easy enough. And I'm pretty astonished at how easy it was... I know that I am legit when I do this, but I can't help but think how it could be easily done by someone else with malicious intentions.

[0xBEEF1337]

Delete.

[insomaniacal]

Social Engineering started for me when I was a "bad" child at school. Knowing how far to take lies, when and how to kiss ass, and how to present yourself as a certain kind of guy is essential for having a good time at school, while not getting kicked out.

Prank calls and such also helped.

Social Engineering is an extension of that, it's not something I tried learning, it's just something that naturally happened, as it does with everyone to a point.

[Werevamp999]

I went to catholic school for the majority of my schooling years, and I absolutely hated it as I was atheist for 7 of those 8 years. (i got kicked out before my 9th) Anyway, it started there, escalated with the book The Art of Deception (A++ would recommend) and peaked when I -almost- stole someones MasterCard #s. I told her before she gave me them that I was a fake though