SE

Search for:


Archive for September, 2009

A Discussion with the creator of the Social Engineers Toolkit

Wednesday, September 30th, 2009

So last night we hosted an awesome session with Dave “Rel1K” Kennedy and many who had questions. What follows is the transcripts for that conversation.

Enjoy and keep checking in because we will be hosting more sessions like this.

loganWHD: so tell us the story of how SET was created
ReL1K: Well, long story short when loganWHD came to me and told me about social-engineering.org and what he was going to do, I thought it was a great idea…wanted to contribute where I could..
ReL1K: Thought of a way to help augment social-engineering and client-side attacks in a way that 1. would take down the internet (just kidding), and 2. be usable by people that really need it..
ReL1K: To be perfectly honest when I do social-engineer attacks it takes FOREVER to setup different attack vectors
ReL1K: 20+ hours right?
ReL1K: anywhere from coding the website
ReL1K: to getting the payload delivering properly
ReL1K: to setting up email phishing
ReL1K: just takes a long time, things don’t work right
ReL1K: so wrote SET to automate it, take the crummy parts out of a social-engineering attack and make it more fun
ReL1K: plus while drinking it led to a lot of fun times
Xpl0it: icon smile A Discussion with the creator of the Social Engineers Toolkit
loganWHD: love it
loganWHD: and
loganWHD: it has been one of the heavy hitters of the site
ReL1K: so that was it…loganWHD was my inspiration i actually had some ascii pr0n in the image of chris, but that was cut out in the introductions of the SET tool in 0.1alpha…
loganWHD: UGH
loganWHD: @clean
SE_Bot: loganWHD: “clean” is (#1) we try to keep it clean, fun and all about SOCIAL ENGINEERING, or (#2) This is a family-friendly channel and discussions here reflect on our business. Please use appropriate language and discussion topics.
ReL1K: I SAID pr0n!!!
loganWHD: ugh
Xpl0it: geezz…
Xpl0it: not a good thought
ReL1K: on a serious note, it was a blast writing….
loganWHD: so on to better things
ReL1K: and was a blast that loganWHD tested it out for me
loganWHD: it was awesome
ReL1K: without him couldn’t have written it…or had it working
loganWHD: still is
loganWHD: sometimes i pwn my sons computer just for fun
loganWHD: “hey boy open this pdf”
ReL1K: hehe
Xpl0it: lol
loganWHD: shells are fun
ReL1K: nothing like getting a meterpreter shell on your sons computer..
ReL1K: i tried that but my sons 16 months old
ReL1K: doesn’t understand yet..
davehardy20: I pwn ed my managers pc with SET
Xpl0it: hehehe
loganWHD: HAHAH
loganWHD: nice
loganWHD: so now
loganWHD: questions
ReL1K: haha
loganWHD: there were a few sent in or discussed about SET
ReL1K: roger
ffxp: I have a quick one after rAWjAW
davehardy20: my manager is the IT Manager, he really should know better
davehardy20: so I wanna know everything about SET cause its gonna change the way things are done around my office
ReL1K: absolutely
ReL1K: fire away
ffxp wondering why I’m trying to be polite
ffxp: icon smile A Discussion with the creator of the Social Engineers Toolkit
ReL1K: ffxp you can go too icon smile A Discussion with the creator of the Social Engineers Toolkit
davehardy20: I was wondering if we can make custom websites for the java app attack part of SET?
ffxp: for me it’s kind of rare to have the same box initiating the emails or whatever
rAWjAW: oh ReL1K… I saw in the newsletter you are talking about the ARP / inject bad things stuff… When you have them go to your site, are you spoofing the DNS resolution, or will it say “172.16.3.99″ in the browser… And also, with the wget, aren’t you in a race condition with the computer (even though you are arping it) to get the page and add the payload?
ffxp: as the box getting the shells or doing anyalitics
rAWjAW: (did that all go through)?
ffxp: so I normally have a php box internal or external to handle the metrics / reptoring stuff
ffxp: any thoughts about hooking into “collector” scripts or frameworks like beef?
STS301: don’t we have meeting now?
ReL1K: alright to answer rAwjAW first: right now its only doing it based off of IP, haven’t thought about the DNS route but is absolutely plausible, will add to the TODO list, I like the idea. The second question, we can delay the client as long as we want before receiving connections to the webserver, timeouts are always a worry but shouldn’t be a huge issue, there will be two implementations of…
ReL1K: …the wget functionality, one when they are browsing websites, and another to stage ahead of time
loganWHD: i love that idea
loganWHD: wget
ReL1K: to rip a sites front level page takes roughly 4-6 seconds depending on bandwidth, should be easy to rip and pop the site up without a real notice of performance toward the website
loganWHD: made me giddy
ReL1K: and based on python, the basehttpserver is highly optimized and multi-threaded, shouldn’t notice to much lag rendering
loganWHD: pop a box
rAWjAW: sounds good icon smile A Discussion with the creator of the Social Engineers Toolkit
ReL1K: to answer ffxps: totally understand, do you want me to add a field to just create a listener automatically for you on a seperate machine? like menu 1-4 = X menu 5 = setup a metasploit listener?
ReL1K: because currently you can setup a remote host automatically through the payloads
ffxp: not sure what the best way is, just wanted to get an idea where your head was at regarding this
ReL1K: davehard20: the new functionality with the wget should absolve that, i can add an option to point to a folder that can be imported to a custom website, thats super easy
ReL1K: ffxp: typically if your using two separate machines, one for emails the other for a listener, you can create the payload, shoot out the emails, but making sure the remote host is set for your other server, SET gives you the option to not create a listener
davehardy20: that sounds like great solution add a pointer
ffxp: ok
ReL1K: ffxp: can easily add in a method to just create a listener
ReL1K: give me 3 minutes
ffxp: its mainly that I get analytics rather than pop shells
ffxp: icon smile A Discussion with the creator of the Social Engineers Toolkit
ffxp: or rather icon sad A Discussion with the creator of the Social Engineers Toolkit
Xpl0it: lol
Xpl0it: get your smiley faces straight
Xpl0it: icon wink A Discussion with the creator of the Social Engineers Toolkit
ffxp: maybe I can add in some php/py/asp code to listen for some standard analytic payloads
ffxp: that would go along with the kit
ffxp: brb…got to put kids to bed
ffxp: errr…pwn them via SET
ReL1K: there we go
ReL1K: just added a number 5 on SET for create a payload and listener
ReL1K: you can use that to create the payload you want, and just setup the listener on the other machine
ReL1K: just comitted the changes
ReL1K: should make it a little bit easier at least
ReL1K: ffxp, i can add a simple addition
loganWHD updates
loganWHD: SWEEET
ReL1K: use the windows/upexec/reverse_tcp
ReL1K: so you can specify your own executable
ReL1K: could be something trivial
ReL1K: for statistics
ReL1K: instead of a shell
ffxp: mmmm
ReL1K: what do you use it for?
ffxp: to show how easy users can be tricked …then report on the depth of their stupidity
ffxp: thats the analytics part
ffxp: and sometimes report on how ineffective end point controls can be
Xpl0it: nice
ReL1K: are you looking for more of like a report of how many people connected?
ReL1K: or something thats not harmful
ReL1K: at all
ffxp: exactly the kind of stuff I’m doing now with php
ffxp: right
ffxp: I’m trying to find the code now
ffxp: stupid simple
ReL1K: how about
ffxp: just writes to a file
ReL1K: this is for the email attack only right?
ffxp: yes
ReL1K: you don’t want it to connect back to you?
ffxp: correct
ReL1K: just create a file?
ReL1K: oh
ReL1K: SUPER easy
davehardy20: I’d be interested in a report on how many people connected
ffxp: gather info
ReL1K: that would be windows/exec
davehardy20: this would prove how thick some users are
ReL1K: execute ipconfig :: “moo.txt & net view :: moo.txt & gpresult :: moo.txt & net user :: moo.txt”
rAWjAW: Another question… Right now it is just adobe pdf files, are there plans for other as well? (or a way to select one)
ffxp: cool
ReL1K: that work?
ReL1K: rAWjAW: plans for adding word and excel right now, what other formats were you interested in?
ffxp: well..I’ just use javascript/java to fingerprint the browser
rAWjAW: word and excel were the ones i was thinking of
ffxp: then track if they click links
ffxp: then see if they download a non-weaponized exe/pdf/doc
Xpl0it: ReL1K: what about adding PowerPoint?
ffxp: thats where the windows/exec thing would be cool
ReL1K: Xpl0it: shouldn’t be to much harder..
Xpl0it: k
ReL1K: ffxp: i gotchya
ReL1K: i haven’t looked at ppt yet
Xpl0it: k
Xpl0it: just thinking about what stuff people usually e-mail
ffxp: thx man
ReL1K: no problemo
ReL1K: will add
ReL1K: anything else guys?
ReL1K: betting ill have the wget portions done in 2 weeks
loganWHD: ReL1K, thank you
ReL1K: dns spoofing is easy
ReL1K: probably tomorrow
loganWHD: thank you making the tool
loganWHD: and thank you for your time tonight
ReL1K: hehe tis fun
Xpl0it: yeah great GREAT stuff
ReL1K: love this stuff icon wink A Discussion with the creator of the Social Engineers Toolkit
_Elwood_: looking forward to that wget stuff. Great stuff!
rAWjAW: yes yes, thank you very much for SET ReL1K
rAWjAW: oh
ReL1K: _Elwood_ i love you buddy!
ReL1K: hehe thanks rAWjAW icon smile A Discussion with the creator of the Social Engineers Toolkit
loganWHD: and from the downloads on the site… i know alot fo ppl thank you
loganWHD: haha
Xpl0it: lol
rAWjAW: I know these aren’t typically e-mailed but what about an exe embedded in a .chm file
rAWjAW: I have a writeup somewhere on how to do it
ReL1K: send it away, can always add the option
rAWjAW: Sure thing
ReL1K: alright guys much appreciated
loganWHD: l8r bro
ReL1K: “<3″ loganwhd

Posted in General Social Engineer Blog | Comments Off

The Truth About Eye Contact and Detecting Deception

Monday, September 28th, 2009

For years studies have come out that link the fact that people from all cultures across the globe link the lack of eye contact with their belief the person is lying. Is this true? How can we tell?

Much research has been done in this fact. Dr. Paul Ekman and Dr. David Matsumoto have devoted their lives to researching ways to detect deception and tell if someone is lying. Recently Dr. Matsumoto wrote a blog post that included much research from social psychologist and micro-expressions expert Dr. Mark Frank. His blog post states that many videos, articles, and newscasts suggest that a person’s eye contact and/or eye gaze often times has a hidden meaning: Looking up to the right means someone is making up something. Looking up to the left means they’re remembering something. If someone isn’t looking at you, they’re lying.

So where do these doctors feel that this wrong view comes from? Dr. Matsumoto writes, “There is no simple answer to this complex question, but Dr. Frank alludes that it may be associated with children’s behavior when they lie. He states that eye contact is probably a good clue to deception with younger children – possibly due to the emotion of guilt – but that as they grow older, children learn socially that they have to maintain eye contact in order to lie successfully.”

So what is a better gauge to tell if someone is lying?  It is a good idea to first get a read on the person you are speaking to… do they look at you during normal speech? Or do they look away?  Are they nervous talkers or confident?  Knowing how they talk in normal speech will help you to see if that pattern changes when you get into “uncomfortable territory”.  If a persons pattern changes when you start asking them questions that might be hard to answer, that MAY be an indication they are lying.

New studies concluded that eye contact is not an indication of lying or truth telling.  In 2008, Dr. Stephen Porter’s of Dalhousie University published a study called “Lying? The Face Betrays Deceiver’s True Emotions, But In Unexpected Ways”.

Porter concluded that it is indeed the face that gives liars away, but not in the stereotypical ways we believe. To him “it’s not the shifty eyes or sweaty brow or an elongated nose (à la Pinocchio) the lie detector should look for. Instead, other elements of a liar’s face will give them away – ‘cracking’ briefly and allowing displays of true emotion to leak on to the face”.

Again another notch in the micro-expression door post.  Learning how to read people’s micro and macro expressions can aid in detecting deception. 

Humintell has announced they are offering training about this topic very soon.  More on that topic soon.

** parts of this blog have been reprinted from Dr. David Matsumoto’s blog with the permission of www.humintell.com and Dr. Matsumoto.

Posted in Tactics | No Comments »

How To Become A Social Engineer – Information Gathering

Wednesday, September 23rd, 2009

Over the last few days after our launch we have had quite a few emails and visitors to our irc channel with people asking questions about the site, the framework and serious questions about social engineering itself.  One intriguing question is, “How Does One Become a Social Engineer?”  It may be the opinion of some that “Social Engineering is just believing in your lie” or “SE is a matter of who is the best liar” and even “Social Engineering is a matter of just making up a believable story.”  Some believe that social engineering is no more than smoke and mirrors and con’ing people, which is usually the case with companies who are trying to sell you security products.

While all of these things may be factors, we feel they are not the whole story.  We thought we would reach out and try to dispel some of these myths by writing a small series of articles about this question. The series will be called “How To Become a Social Engineer” and will be broken down into the many aspect one will need to master to even consider this.  In this first of the series we will cover the most important aspect of social engineering.

First off,  we should mention that famous social engineers such as Mitnick, the Badir Brothers, Frank Abagnale at times possess a skill or personality that seems inherent and use that skill for social engineering. While the things we will outline may never turn you into one of the famous social engineers, they sure can enhance your abilities.

When we think about the skills that a great social engineer will possess like pretexting, elicitation, information gathering skills, interrogation skills, influence skills, manipulation skills and then throw in there some possible physical security skills… well it can be quite overwhelming. While it is true, that certain personality types can learn certain aspects of social engineering easier, we believe it is not too hard to at least begin a program where with effort and time you can achieve a level of success.

So what steps can one take to try and enhance their social engineering skills? To properly identify this lets break down what a social engineering attack consists of.

Probably the biggest piece that that puzzle is….information. Information is single-handedly the most important aspect of social engineering. Information helps us prepare, plan and execute. Lacking information is certainly to equal to failure. The Information Gathering section of The Social Engineering Framework puts into great detail this vital part of social engineering, but let’s break it down to some simpler steps.
Research and Tools

I.                 Research
Knowing how to do research and where to look are vital aspects of information gathering. This means practicing everything from getting your google-fu on to how to ask good questions.

Imagine you want to do research on (insert company name here), what is the first logical step? Browse to their website. Don’t just meagerly peruse the site, but read it.  Get what they do, how they do it. What are the names of any staff mentioned there? Any special events listed? Are there pages that link to awards or articles they have written or achieved? Any, even seemingly insignificant, piece of information can be important down the road.

Probably before you even got to this point you want to have a file started on them.  In this file you are organizing and cataloging this information in a fashion that will make it easy for your to use later on.

After you are done thoroughly scraping the site maybe you move on to other forms of information gathering.  Can you call them and ask targeted questions that will give you more information?  Can you talk to a competitor about them and find out information?  Can you work up a personal conversation with an employee and gather more information?  All of these avenues will require some pre-thought and a definite pre-plan as to your goals. You cannot approach an employee and throw a barrage of questions at them till they answer. Instead the conversation may take on a very simplistic and friendly nature with the goal of just finding out one or two small pieces of information.  When this was done to an AOL representative it lead to the hacking of over 200 accounts, just by getting and giving very friendly information.

Just what type of information you are seeking is dependent on your goal with the company.  In a normal penetration test you are trying to see if information could lead to a security breach.  Of course, it would be nice if in the first few minutes the target gave up all their passwords and user names, but that most likely will not happen. So our goal is find out information about their company structure? Who is on vacation? Anyone seem unhappy with their job? What are their policies on USB keys? External CD’s? What type of security do they use physically? These are some of the target items we may wish to acquire… or we may wish to simply find out what is the standard email layout? Name of the CFO? How many servers they have?

All of these tidbits of information can lead us to a path of total ownage. Learning how to do effective research can be a key to success and being good at it can certainly assist you in becoming a true social engineer.

This is really only half (maybe 1/3) the battle. We need to discuss tools you can you use to gather this data and then probably the most important part… what do you do with it all?

Tune in next time when we discuss tools for information gathering.

Have any input on this post or ideas for future posts email us at contribute -@- social-engineer.org

Tags: , , ,
Posted in How-Tos | No Comments »

Meet the Team at Social-Engineer.org

Monday, September 21st, 2009

There has been a lot of buzz on the Net about social-engineer.org and the emails into us have been amazing.  We would like to take the time to thank all of you for your support.
Quite a few of our visitors have asked about the team and how we are structured. So I figured we would take a few moments to go over all the help we have had.

First we would love to thank our web developer.  We have had many comments on the quality of the site and the artwork.  All of this was done by our Web Dev Guru – Tom “DigiP”.  Check out his work on his site www.digip.info

As you probably noticed from The Team page we are broken down into three different categories..

The Dev Team is the small group of us who came up with this idea and started working on it even before social-engineer.org was a reality.

www.social-engineer.org is Chris “loganWHD” Hadnagy’s dream and vision. The idea for this site came from a desire to help educate people on social engineering and lots of research.

We would like to thank Mati “muts” Aharoni for his help in the website organization, technical issues and overall support.  With out your guidance and help this project would still be just an idea….

Jim “Elwood” O’Gorman too, without his editing skills and support, as well as his help in writing, the podcast and channel management…. it would have been near impossible to make this ever come to life.

Next you would notice our “Core Team“… these are the group of people that have helped manage the project and took lead roles in certain areas of the creation of the site.

We want to really thank Paul “rAWjAW” Hand, or as we call him DA GATEKEEPER. Paul spent countless hours perfecting the Framework layout and helping with the overall site layout. Paul’s help was extreme and we all owe him a huge thanks for what he has done.

Scott “phat32” Hazel has contributed lots of time helping manage the IRC channel as well as writing numerous articles in the framework.

Dave “Rel1K” Kennedy is the creator of Social Engineer Toolkit. What an amazing tool that is. So many messages and emails have come in about how awesome this tool is. We couldn’t agree more. When we went to Dave and we were just chatting about having a tool that could do…A…B…C… next thing you know he pumped out this amazing creation. THANK YOU. All i can say is “it’s ok… it’s ok…”

Matt “remnant” Churchill has devoted his expertise as ex-law enforcement and present security specialist to help bring an professional element to the framework. He has also helped us organize the podcast and the soon-to-be announced reviews of courses, books and articles that we have collected.

Next you notice our EVER growing list of contributors. This group of hard working folks have devoted their talents and time to making the framework what it is is and what it will become.

Brad “theNURSE” Smith is our resident hardcore writer. This NLP, SE expert comes to us with a unique twist… as a medical professional and a security professional his insight has helped him write some of the best pieces in the framework.

Chris Nickerson has brought his years of social engineering and intelligence experience to the fore and not only wrote a few awesome articles for the framework, but shared his experiences and thinking to help social-engineer.org come to life.

Mike Murray has also brought his years of experience to the framework in helping review material and enhance material that is there.

Andrew “Mohawk” MacPherson is our resident Paterva rep. He has not only help create a special edition of Maltego Mesh for social-engineer.org as well as devoting some good articles for the framework.

H.D. Moore has of course helped us with providing support on the MSF as well as his support in the creation and building of the site.

Frank, DR_IDE, Graziano is one of the first people to start contributing articles for the framework. He has worked hard to research and provide excellent information to help us build a solid framework.

Chris “Xpl0it” Schweigert also came to us early and has been with us for a while contributing articles and research. His writing has truly enhanced the framework for the better.

Jim “Wraith” Wasson brings his blend of military experience and his desire to help in his writing and research to help build the framework.

Julie “Dragonbabe” Bush has just came to us recently and been helping us in research and writing projects for the framework.

Glafkos, “nowayout” Charalambous is also a relatively new contributor but has really provided some great insight and research to enhance certain parts of the framework.

Adam “Major Malfunction” Laurie has supported the creation of social-engineer.org and will continue to support us with some new and exciting things down the road.

We hope that this list shows you that social-engineer.org is not the creation of just one person, but a true community effort. It will continue to grow and be enhanced through the same methods… community effort. We cannot thank you all enough for the support.

If you want to be part of the list of contributors to www.social-engineer.org do not feel you must be a professional social engineer. Many different types of people have become part of this amazing project. Feel free to contact us at contribute -@- social-engineer.org to offer your assistance.

fhe8gtiack

Posted in Social Engineering | No Comments »

Social Engineering Framework Launch

Saturday, September 19th, 2009

Just wanted to drop a note to say that www.social-engineer.org was launched today. The site is housing a complete social engineers framework as well as video’s, how-to’s and even some new tools for social engineers. One tool that was made for social-engineer.org is SET (Social Engineers Toolkit), it is an amazing tool that ties in with Metasploit to make the job a lot easier. Our team of contributors from psychologists, law enforcement, military, penetration testers and social engineers

Posted in Social Engineering | 1 Comment »

« Older Entries



SE Polls

SE CTF

Brad Smith