009, programy na windowsa, hack komputer, Anarchist Cookbook 2004, Additions

009

009, programy na windowsa, hack komputer, Anarchist Cookbook 2004, Additions

[ Pobierz całość w formacie PDF ]
THE COMPLETE SOCIAL ENGINEERING FAQ!"There's a sucker born every minute." PT Barnum"Don't touch me, sucka." Mr. TBy bernz (official sponsor of the 1996 Croatian Olympic Men's Synchronized Swimming Team)with shoutouts to: The Genocide2600, Silicon Toad and your big fat mama.DISCLAIMER!!!!! THIS INFORMATION IS HERE FOR THE SOLE PURPOSE OFENLIGHTENMENT! IF YOU USE IT AND GET CAUGHT, NO ONE IS TO BLAME BUTYOUR OWN IDIOTIC ASS!!!SECTION I: INTRO1.1 What is social engineering?1.2 Why is there a FAQ about it?1.3 Who cares?1.4 Basic intro and other shit.SECTION II: PHONE SOCIAL ENGINEERING2.1 Basics2.2 Equipment2.3 Phreak stuff2.4 TechniqueSECTION III: SNAIL MAIL3.1 Is Snail Mail acutally usefull for something?3.2 Equipment3.3 TechniqueSECTION IV: INTERNET4.1 Isn't this just hacking?SECTION V: LIVE, FROM NEW YORK...5.1 In person?5.2 Equipment5.3 I'm wearing a suit, now what?SECTION VI: PUTTING IT TOGETHERA sample problem1.1 What is social engineering?The hacker's jargon dictionary says this:Social Engineering: n. Term used among crackers and samurai for crackingtechniques that rely on weaknesses in wetware rather than software; the aimis to trick people into revealing passwords or other information thatcompromises a target system's security. Classic scams include phoning up amark who has the required information and posing as a field service tech or afellow employee with an urgent access problem.This is true. Social engineering, from a narrow point of view, isbasically phone scams which pit your knowledge and wits against another human.This technique is used for a lot of things, such as gaining passwords,keycards and basic information on a system or organization.1.2 Why is there a FAQ about it?Good question. I'm glad I asked. I made this for a few reasons. Thefirst being that Social Engineering is rarely discussed. People discusscracking and phreaking a lot, but the forum for social engineering ideas isstagnant at best. Hopefully this will help generate more discussion. I alsofind that social engineering specialists get little respect, this will showignorant hackers what we go through to get passwords. The last reason ishonestly for a bit of Neophyte training. Just another DOC for them to read soI don't get bogged with email.1.3 Who Cares?To Neophytes: You should, you little fuck. If you think the world ofcomputers and security opens up to you through a keyboard and your redbox thenyou are so fucking dead wrong. Good. Go to your school, change your grades andbe a "badass" hacker. Hacking, like real life, exists in more than just yoursystem. You can't use proggies to solve everything. I don't mean to soundupset, but jesus, have a bit of innovation and a sense of adventure.To Experienced Hackers: Just thought it would help a bit.1.4 Basic intro and shit for this document.This FAQ will address phone techniques, mail techniques, internettechniques and live techniques. I will discuss Equipment and will put somescripts of actual conversations from social engineering. There are times Imight discuss things that cross the line into phreaking or traditionalhacking. Don't send me email and say that my terms aren't correct andblahblahblah isn't social engineering. I use them for convenience and lack ofbetter methods of explanation (eg I might say "dumpster diving is a form ofsocial engineering") Don't get technical.SECTION II: PHONES2.1 BasicsThis is probably the most common social engineering technique. It'squick, painless and the lazy person can do it. No movement, other than fingersis necessary. Just call the person and there you go. Of course it gets morecomplicated than that.2.2 What Equipment is necessary for this?The most important peice of hardware is your wetware. You have to have adamn quick mind. As far as physical Equipment goes, a phone is necessary. Donot have call waiting as this will make you sound less believeable. There isno real reason why this does but getting beeped in the middle of a scam justthrows off the rhythym. The phone should be good quality and try to avoidcordless, unless you never get static on them. Some phones have these greatbuttons that make office noise in the background.Caller ID units are helpful if you pull off a scam using callback. Youdon't want to be expecting your girlfriend and pick up the phone and say, "Iwanna fuck you" only to find out it was an IBM operator confirming youridentity. Operators don't want to have sex with you and so your scam isfucked. Besides, call ID units are just cool because you can say, "Hello,<blank>" when someone calls. The Radio Slut carries these pretty cheap.Something I use is a voice changer. It makes my voice sound deeper thanJames Earl Jones or as high as a woman. This is great if you can't change yourpitch very well and you don't want to sound like a kid (rarely helpful). Beingable to change gender can also be very helpful (see technique below). I gotone for a gift from Sharper Image. This means that brand will cost quite a bitof cash, but it's very good quality. If anyone knows of other brand of voice changers, please inform me.2.3 Phreaking and Social engineering?Social Engineering and phreaking cross lines quite a lot. The mostobvious reasons are because phreaks need to access Ma Bell in other ways butcomputers. They use con games to draw info out of operators.Redboxing, greenboxing and other phreaking techniques can be used toavoid the phone bills that come with spending WAAAAYYY too much time on thephone trying to scam a password. Through the internet, telnetting tocalifornia is free. Through ma bell, it's pricey. I say making phone callsfrom payphones is fine, but beware of background noise. Sounding like you'reat a payphone can make you sound pretty unprofessional. Find a secluded phonebooth to use.2.4 How do I pull off a social engineering with a phone?First thing is find your mark. Let's say you want to hit your school.Call the acedemic computer center (or its equivelent). Assuming you alreadyhave an account, tell them you can't access your account. At this point theymight do one of two things. If they are stupid, which you hope they are, theywill give you a new password. Under that precept, they'll do that for mostpeople. Simply finger someone's account, specifically a faculty member. Atthis point, use your voice changer when you call and imitate that teacher thebest you can. People sound different over the phone, so you'll have a bit ofhelp.Try to make the person you're imitating a female (unless you are a female). Most of theguys running these things will give anything to a good sounding woman because the majority ofthe guys running minicomputers are social messes. Act like a woman (using voice changer) andyou'll have anything you want from them.Most of the time the people working an area will ask for some sort ofverification for your identity, often a social security number. You shouldfind out as much information about a mark as you can (see mail and livetechniques) before you even think about getting on the phone. If you say youare someone you aren't and then they ask you for verification you don't have,they will be suspicious and it will be infinitely more difficult to take thatsystem.Once again for idiots: DO NOT TRY TO SOCIAL ENGINEER WITHOUT SUFFICIENTINFORMATION ON YOUR MARK!Once people believe you are someone, get as much as you can about thesystem. Ask for your password, ask for telnet numbers, etc. Do not ask for toomuch as it will draw suspicion.You must sound like a legitimate person. Watch your mark. Learn to speaklike him/her. Does that person use contractions? Does that person say "like" alot? Accent? Lisp?The best way for observation of speech is to call the person as atelemarketer or telephone sweepstakes person. Even if they just tell you theycan't talk to you, you can learn a quite a bit from the way they speak. Ifthey actually want to speak to you, you can use that oppurtunity to gleaninformation on them. Tell them they won something and you need their addressand social security number and other basic info.WARNING: ABUSING SOMEONE'S SOCIAL SECURITY NUMBER IS ILLEAGAL!!!DON'T SAY YOU WEREN'T WARNED!!!SECTION III: SNAIL MAIL3.1 Is snail mail really useful?Yes. It actually is. Snail mail is not tapped. Snail mail is cheap. Snail mail is readily available.But how can you use it in social engineering. As I said above, it's difficult to find systems that justlet you call with no verification. They do exist but they are rare. So therefore you need info onyour mark and the mark's system. You can try the telemarketing scam, but that isn't alwayssuccesful, as people do not trust telemarketers. For some reason, though, people trust the writtenword. Morons. People will respond to sweepstakes forms with enthusiasm and will give youwhatever info you want on it. That's why snail mail is so great.3.2 What do I need?Obviously you need mail "equpiment" which includes stamps and envelopes. But subtlethings are required as well. You're going to want to have return address stickers that include"your company's" logo and name. This can be procured at places like Staples, Office Max andother stores for a realitively cheap price.The most important part to mail social engineering is a layout program. WordPerfect isokay, but I prefer QuarkXpress or PageMaker. These programs are not cheap, but can be used forplenty of other applications and are well worth their price. IF YOU GET IT PIRATED, I DON'TADVOCATE THAT ACTION. Wit... [ Pobierz całość w formacie PDF ]

Podobne

: Strona Główna

: 00 index, Classic - Komputery lat '80, Classic 8 bit, Amstrad, gry, adventur, text

: Ĺ˝iĹźek Slavoj - Melancholia i akt etyczny, teksty

: Ćwiczenia rozwijajÂące wyobraÄ˝nię, fiszki i cwiczenia (Poukladane alfabetycznie) OK 2000

: Żelazny rycerz - Ironclad (2011) [PL], Film, Napisy

: Żydzi chcą przejąć władzę nad światem, Antypolonizm, Żydzi a państwo polskie

: Życie na podsłuchu-Das Leben der Anderen-The Lives of Others.2006.DVDRip.XviD.Napisy PL.CD 2, Pliki Mietushek