Search the Community

The website cloner is not working for external viewers to my IP, it works from the host computer but no other one, I am quite new to this and would like a detailed responce on how I make it work for external clients visiting the IP. ~Thankyou

I'm looking into doing this course https://www.social-engineer.com/certified-training/ I'd appreciate your views on doing a social engineering course, has anyone done this one or a similar one and is it worthwhile?

I thought this might be a good topic for discussion. I had wondered how hard it would be add a bunch of people I didn't know to facebook or LinkedIn. I had noticed when I signed up for some social media sites that there is an option to import contacts from your email contact list. While it's illegal to send spam emails I don't think it's illegal to use the email addresses to add friends on facebook. So basically if you wanted to find a bunch of people from a company or a school on LinkedIn or facebook you could pretty much use a method like this in social engineering or phishing on social media. Once again I'm not totally sure on the legality of doing this but I figure it is worth a discussion. Steps: Get the email list I figured a guy could pretty much hit up pastebin and create an email list for any organization he wanted to target. Grep out the email address and sort them for uniqueness. Also sort out domain names or domain extenssions you don't want like .gov or .mil addresses. You probably wouldn't want to accidentally spam or phish them. Split the lists into sections smaller than the maximum allowed limit. I think gmail it's 3000 or 5000. Forgot it. split them into 2500 line text files. Then convert the text file into CSV with a program kinda like this. I wrote this pretty hastily. Just opens up a file and writes a csv header with the correct fomat for gmail. Make sure to get the number of commas right. You can do this with Yahoo! and other free email services. There are some security measures against it. Then import the email list into your contacts as a CSV. Then add friends on social media sites from your contact list. That simple. Here's a link to the blog post I wrote about it. http://codeexamplescplusplus.blogspot.com/2016/10/csv-maker-c.html Here's some hasty C++ for the CSV maker. My code is shit just to let you know in advance. //application to sort email addresses and put them into a CSV for use with gmail. #include <string> #include <sstream> #include <iostream> #include <cctype> #include <fstream> #include <iomanip> using namespace std; int main (int argc, char* argv[]) { //build command line statement from string variables {ofstream myfile; myfile.open ("/root/Desktop/emails.csv"); { string line; ifstream infile ("/root/file.txt"); //input the layout information for CSV file myfile << "Name,Given Name,Additional Name,Family Name,Yomi Name,Given Name Yomi,Additional Name Yomi,Family Name Yomi,Name Prefix,Name Suffix,Initials,Nickname,Short Name,Maiden Name,Birthday,Gender,Location,Billing Information,Directory Server,Mileage,Occupation,Hobby,Sensitivity,Priority,Subject,Notes,Group Membership,E-mail 1 - Type,E-mail 1 - Value,E-mail 2 - Type,E-mail 2 - Value" << endl; if (infile.is_open()) { while ( getline (infile,line) ) //output conacts to contact list. Comas delimit contact information fields. myfile << ",,,,,,,,,,,,,,,,,,,,,,,,,,,* ," << line << ",," << endl; infile.close(); myfile.close(); } else cout << "Unable to open file" << endl; } } return 0; }

Had an interesting assignment yesterday. Together with the Chairman of Danish Council for Digital Security, and a fabulous TV crew from Warner Brothers / Dplay / Kanal 5 we demonstrated how easy it is to intercept WIFI traffic, and committing social engineering attacks in a crowded café in the middle of Copenhagen, with great success I might add. The whole session will be broadcasted this fall on the danish TV channel Kanal 5. It might be so that the Pineapple Nano and Rubber Ducky was two of the tools we used, so you may see a boost in incoming orders from Denmark in a couple of months ;)

I've been exploring some client side attacks lately. What are some good references on client side exploitation? Stuff I've been reading up on lately: Social Engineering Toolkit, Metasploit payloads, Stegosploit. exploit kits, phishing. Always looking for more dirty tricks. If you know of a good client side sucker punch. Books, websites etc.

I prepared this payload for a kind of a social engineering test. It basically changes the idle text of the SIP phone to whatever you want. The payload may not work in the older firmware versions of 1140e. //idle text has a limit of 24 chars max. REM This payload changes the idle screen text REM of the Nortel/Avaya 1140E SIP phone DELAY 1000 ESC DELAY 150 CTRL F4 DELAY 150 CTRL F4 DELAY 150 CTRL F2 DELAY 200 STRING 1 DELAY 200 STRING 2 DELAY 200 BACKSPACE REPEAT 24 DELAY 300 REM Some delay between words. Phone isn't as fast as rubber ducky STRING You DELAY 100 STRING are DELAY 100 STRING in DELAY 100 STRING trouble DELAY 250 CTRL F1 DELAY 150 ESC I believe similar payloads can be written for the Cisco phones.

Hey-row to HAK5 this sunny, hot, Michigan day. I got an email (OH NO, AN EMAIL?!) stating that I was the winner of a brand new iPhone. Click this link to CLAIM MY PRIZE... and I delete before it is opened. Now, I know all of you (being on this forum) should know that this is a S.E. trick that is in wide use. We all have gotten over the fact that the internet is not this glorious, clean, and SAFE environment. So, I thought to myself, why not pick apart what makes a GREAT SOCIAL ENGINEER? Consider if you will (FOR EDUCATIONAL PURPOSES ONLY), you completely wipe out any human compassion and, well, frankly just not give a good damn about anybody. I think that is the first step to making a great Social Engineer. You must look at nothing with an emotional capacity. That eliminates a good portion of us Technolusters'. I like helping people, and I was raised not to steal and to be kind. BUT, we all know that there are people out there that have this mentality of "GIMME GIMME GIMME", I think once that stigma is aligned right; it is time to look into Social Engineering. What else does one need to become a callous, heartless, Social Engineer?