Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Complete Control- My story and advice


Complete Control- My story and advice

By ghostghost | 6395 Reads |
0     0

I've recently had some great fun experimenting with Social Engineering. You see, I'm a noobie to hacking, though I've had very much experience in another form of Social Engineering in another field. I'll let you in on my recent uses of Social Engineering (SE from now on) and tell you how you can use them in your particular situation(s).

There is a member here on HBH by the name of Suteeki. He and I are friends and we started hacking at about the same time, though he joined HBH some time before I did. When I first started, I thought I'd be cool and try to hack his email. This was no big deal- here's now it went:

When we would talk (before we started hacking), I would always talk about one person in particular when the time was right. I made this person sound amazing and I always talked about the things this person had accomplished. I did this for one reason- to get it embedded into Suteeki's mind. Originally, I was going to use the information in another manner, but I did not end up doing so. When we started hacking, I looked at his secret question on his hotmail, "Your favorite historical person". Not really a question, but you get it. The person I had embedded into his mind was dead, which made his secret question almost too easy to guess- "Ed Marlo". I now was taken to a screen that let me choose a new password for Suteeki. Next, I targeted Suteeki's myspace account. I used the "lost password" feature yet again to send a new password to his email. Since I had changed the password on his email, I had all the time in the world to check it, retrieve the password, and then use his myspace account in any way I pleased.

So we see that the mere glorifying of one subject can embed it into someone else's mind. You can use this in other ways too. If the person is a basketball player, talk about basketball. Do a little research to find a player with amazing statistics. Glorify this player when talking to your target, and eventually the target will give in and use that as their secret question. You MAY have to influence them by saying something such as, "Man, I heard that people are more into hacking than ever. I think you should change your secret question.". This seems blatantly obvious to you, yes, but because you have all the inside information you see it as obvious. The target does not- especially if the target is a layman (person not in the know); non-hacker.

Next, I let Suteeki know that I had hacked his email and myspace as we are friends and I shouldn't do things like that without telling him. It was taken as a mild joke and must not have been thought about much. Now he changed his passwords- a smart move. I put inserted another fall-back tool in his email account in case I wanted his password again- no matter what the password was (still works too ;) ). Now he began to have a problem with his HBH account and I decided to fix it for him. I ASKED him what his password was. That's right. I straight up asked him what his password was "so that I could fix it". I had already gained rapport with him because he saw me as a semi-decent hacker (though I wasn't), so he trusted me I guess. By the way, I asked him just today (May 9, 2006) if he had ever given me his password and he said no. He DOESN'T remember GIVING me his password. Now I could login to his HBH, email, myspace, ANYTHING I wanted because he had changed EVERYTHING. I hacked into his HBH account just to see if he had changed anything and he had not. He then changed his password from a 14 number and letter password to a 17 number and letter password. CAKE. I hacked his email (using my "backdoor") and used, yet again, the "forgot password" feature. A new password was sent to his email. I found it, got the password, and deleted the email. I then told him I had hacked his email. If I hadn't told him then he wouldn't have been able to log on to it and check his email. I now had access to his HBH account yet again. I got ahold of him on AIM and told him that I hacked his HBH account and that his 14 character password was more secure than his 17 character one. I thought he changed it back- it turns out that he just now changed it to another 17 character password. I then convinced him through constant blabbering about my "programs" that his 17 one was terribly unsecure and that the 14 one was better.

Let's look at what I just did. I told him that I hacked his accounts, which gained me both trust (I came clean) and rapport. He now thinks I know my way around an account on the internet (though I do not). Next, I KNEW he would change the password, and I had one of two options- use my "backdoor" to change his email password and then ask him what his password WAS when he was able to log on so that I could use the "forgot password" feature on HBH to change his password yet again was the first. Luckily I didn't have to do that because a problem occurred on its own. I asked him what his password was so I could help him and he told me. Then I had access to everything. I told him again and also hacked his HBH account to prove it. He changed his password AGAIN and I'm somewhat screwed now. I could just keep messing with his account through hacking his email with my "backdoor" and keep changing his password, but I don't want to go through that hassle. I also want to leave no trace of what I have done. So in talking about my "programs", he thinks that I am using even stronger methods to check his passwords. The truth- I have NOTHING that could even be considered useful for cracking anything but hashes. Remember- in SE we are constantly playing the role of someone we aren't. In telling him that I am using these "programs" he thinks that I am being actually capable of using programs that have a great power like this. I come across as someone who knows everything he needs to know at the touch of a button when I talk about the things I supposedly do. Why not play yourself up? You've got to be modest sometimes so as to not overdo your personality. I'm sitting here TELLING him what I'm doing and he keeps giving me the information I need.

Now, keep in mind that Suteeki has known of this SE work. I just recently told him that I was using it, though he still has no clue how I've been using it. If he reads this, he is just now learning everything I've done- as are you. I hope you have picked up some useful things about SE. Here's a summary:

You are supposed to be pretending to be someone you're not. You should always try to adapt an actual character. How does your character react to stressful situations? Is his vocabulary big or small? Does he like to help people or is he more of a loner? Create another full personality and you are suddenly another person. You must decide all of this and it makes for a much more convincing character.

Edit Suteeki apparently has grown wise to my SE just recently (I told him- duh.) and he did not accept my advice to change it back to the 14 character password. He TOLD me he changed it, but I know that he did not because it is not working for me (double checking my input for correctness). You will encounter this from time to time when dealing with people who are suspicious of you. Now I could've easily avoided his suspicion by not telling him how I was hacking his account, or even that I was doing it at all. You see, I'm just playing a game- this is nothing important to me, which is why I let him in on the secret. I am now changing his password via the "forgot passoword" feature and using his email. I'll change it to the 14 character password.**

Thank you. Comments and ratings are appreciated.

Comments
AldarHawk's avatar
AldarHawk 18 years ago

Well Written…A little long winded. Suteeki…all I can do is shake my head. As Kevin Mitnick states…The weakest link to computer security is the human factor. :D

ghost's avatar
ghost 18 years ago

Hmm, not really 'hacking' is it, or an impressive scam. Good article none the less.

ghost's avatar
ghost 18 years ago

Nice read and well thought out! As AldarHawk stated: well written.

Look forward to more from ya!

ghost's avatar
ghost 18 years ago

sweet.

bl4ckc4t's avatar
bl4ckc4t 18 years ago

I thought that this was funny, you were able to hack him and I knew somewhat how you did it.

These two are a riot, and theres not many people I think are too funny when they do this. Lesson learned- Dont ALWAYS do what people tell you, if they say they hacked your accounts, make sure they prove it. Bl4ckC4t

ghost's avatar
ghost 18 years ago

Good article, much enjoyed it and it reminded me of my SE endevours. And I could well guess what your little "backdoor" was as I am sure many can. Not that hard.

ghost's avatar
ghost 18 years ago

Thanks for the compliments… Who voted it as poor? hehe. I don't care- just wondering. I know it's long-winded, but i figured I'd try to include everything about it so as to be honest. I'll leave out the unnecessary things in my next article on SE. It'll be another endeavor, but also will look into why each thing worked and how I knew what to use- kind of like this one.

SySTeM's avatar
SySTeM 18 years ago

Nice article :)

ghost's avatar
ghost 18 years ago

hehe, nice article!!

ghost's avatar
ghost 18 years ago

Sorry but didn't reall like it :(

its all well and good SEing ur friend and all but have you actually tried this in a propper hacking situation i.e. getting say a company admin to fax detailed info on there systems???

BUT Mitnick was right as always people are dumb not computers!

ghost's avatar
ghost 17 years ago

Sorry to be rude but, what happened to him?

ghost's avatar
ghost 17 years ago

Funny, recently had a similar experience but it was not a friend of mine. Now I'm stuck and don't know the answer to the secret question. What was your "backdoor"? Any suggestions?

ghost's avatar
ghost 15 years ago

Very nice article. Commenting a little late perhaps. :P But I decided to read some articles and this one was very interesting.

ghost's avatar
ghost 15 years ago

cool story bro

ghost's avatar
ghost 15 years ago

cool story bro