Kamis, 10 Februari 2011

Tactics of Social Engineering

In Social Engineering there are many many different methods with many different objectives. I will give you a few.




Password finding tactics:

1. Shoulder Surfing - This is an art. The art of watching someone type a password, knowing every key they press, in order, and have them be unaware of you watching. It is very difficult but I would suggest not moving you head (just move eyes) or turn head in the general direction of the typer and then move eyes to watch them type.

2. Dumpster Diving - Sometimes medium-sized companies will discard old servers or HDD's without formatting. Dumpster diving is the act of retrieving those. This can help you get anything from passwords to info on CC's or just general info or whatever.

3. Using the password hint - This isn't too advanced. If there's a password hint, go look at it. Let's say it says "First dog"; then you'd go and ask the person (after a medium long intermission) a couple questions with "What was your first dog's name?" included. Other questions including dogs would help here.
4. Phishing - There are many different types of phishing. Using phisher tools on a free host to find logins of a specific site, sending emails to get passwords, etc etc.

Manipulation Tactics:

1. Befriending - This is an art as well. You have to get someone to trust you enough to give you sensitive information, usually in a short amount of time. There are tutorials here on L-S that can help you with that.

2. Convincing - For this one should first find out if the person being convinced is more emotional or logical. If they're logical, use a rational reason, i.e. if convincing a girl to flash you or something you'd say:

Quote

Why wouldn't you? It'll make me really frickin' happy and it won't even affect you. Why not do something charitable?


If they are more emotional, it can be trickier. Often you must befriend them before you can convince them. But try something along the lines of:

Quote

I've just been so depressed lately... I thought maybe seeing something that makes me happy would help me realize I have an ok life... it was a stupid thought... sorry.


Physical Manipulation:

1. Getting to know what you want to know - Pay attention to body language. That's crucial. Through that you can determine whether they're caving as well as much other useful information.

2. Tailgating/Piggybacking - This is where you follow closely behind a prson of authority in order top get into a secure area. Alternatively, you cansay something like:

Quote

Hey, can you open the door for me? I can't reach my ID with this box in my hands.


This is taking advantage of human kindness. (Ofc you have to be carrying a box. :P)

3. Getting someone to do something (physically) - e.g. a dare or something. I use this to get a quick boner. :D

Anywho, there are many different tactics for this. Here's a couple:

a. "I don't believe you" - Those four simple words could be the difference between getting someone to show you something or not. For example, those words helped me to get a girl to show me that she had her bellybutton pierced.

b. Name calling - Names such as "chicken" or if they are male you could comment on their lack of testicles :P . This goes hand in hand with C. People got me to delete all of my school's files on one server with this tactic once when I was younger. :P

c. Peer pressure - Everyone knows how to do this. No need to explain.

Those are only a couple of methods. But my introduction to SEing Tactics is over. Hope you enjoyed it! :D


Translate Google;

Taktik

Dalam Social Engineering ada banyak metode yang berbeda banyak dengan tujuan yang berbeda. Saya akan memberikan beberapa. : D

Password menemukan taktik:

1. Shoulder Surfing - Ini adalah seni. Seni tipe seseorang menonton password, mengetahui setiap kunci yang mereka tekan, dalam rangka, dan mereka tidak menyadari dari Anda menonton. Hal ini sangat sulit, tapi saya akan menyarankan tidak bergerak Anda kepala (mata hanya memindahkan) atau putar kepala ke arah umum typer dan kemudian pindah mata untuk melihat mereka tipe.

2. Dumpster Diving - Kadang-kadang perusahaan menengah akan membuang server lama atau HDD tanpa format. Dumpster diving adalah tindakan mengambil mereka. Hal ini dapat membantu Anda mendapatkan apa-apa dari password ke info di CC atau sekedar info umum atau apapun.

3. Menggunakan petunjuk sandi - ini tidak terlalu maju. Jika ada petunjuk password, pergi melihatnya. Katakanlah ia mengatakan "anjing Pertama"; maka Anda akan pergi dan minta orang (setelah istirahat panjang menengah) beberapa pertanyaan dengan "Siapa nama anjing pertama Anda?" disertakan. Pertanyaan lain termasuk anjing akan membantu di sini.
4. Phishing - Ada berbagai jenis phishing. Menggunakan alat phisher pada host gratis untuk mencari login sebuah situs tertentu, mengirim email untuk mendapatkan password, dll dll

Manipulasi Taktik:

1. Berteman - Ini adalah seni juga. Anda harus mendapatkan seseorang untuk percaya Anda cukup untuk memberikan Anda informasi sensitif, biasanya dalam waktu singkat. Ada tutorial di sini pada LS yang dapat membantu Anda dengan itu.

2. Meyakinkan - Untuk yang satu ini pertama-tama harus mengetahui apakah orang yang yakin lebih emosional atau logis. Jika mereka logis, gunakan alasan yang rasional, yaitu jika meyakinkan seorang gadis untuk flash Anda atau sesuatu yang akan mengatakan:

Kutipan

Mengapa tidak? Itu akan membuat saya benar-benar frickin 'bahagia dan bahkan tidak akan mempengaruhi Anda. Mengapa tidak melakukan sesuatu amal?


Jika mereka lebih emosional, bisa rumit. Seringkali Anda harus berteman dengan mereka sebelum Anda dapat meyakinkan mereka. Tapi mencoba sesuatu di sepanjang baris:

Kutipan

Saya baru saja begitu tertekan akhir-akhir ini ... Saya pikir mungkin melihat sesuatu yang membuat saya senang akan membantu saya menyadari bahwa saya memiliki kehidupan ok ... itu pikiran bodoh ... Maaf.


Manipulasi Fisik:

1. Mendapatkan untuk mengetahui apa yang Anda ingin tahu - Perhatikan bahasa tubuh. Itu penting. Melalui bahwa Anda dapat menentukan apakah mereka caving serta informasi yang bermanfaat lainnya.

2. Tailgating / membonceng - Ini adalah di mana Anda mengikuti dekat di belakang prson otoritas di atas agar masuk ke dalam area aman. Atau, Anda sesuatu cansay seperti:
Diposting oleh di
Label: ,

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)