Skip to content

[Review] Social Engineering: The Art of Human Hacking

I have been reading the “Social Engineering: The Art of Human Hacking” twice lately, the first time to have an overview of the book, and the second time to improve the techniques I tried to apply after my first

Social Engineering: The Art of Human Hacking

Social Engineering: The Art of Human Hacking

reading.

My first reading was fast, I wanted to know what techniques Christopher Hadnagy (the author) was using. After the first chapter I thought, “This guys knows what he is talking about”.  Chapters by chapters the author described techniques that he used to fool people, ways to ask questions, situations, etc.

The first chapters are  introductory chapters to social engineering techniques, information gathering, etc , however after the two first introductory chapters, the author introduces the reader to elicitation techniques, pretexting techniques, scenarios, which in my opinion where very well defined and covered.

The book then covers, faces expression, sometimes a bit to fast in my opinion, then goes on with Neuro-Linguistic Programming (NLP). NLP was probably the most confusing part for me, however Christopher covered it very well, he introduces the psychological part of Social Engineering, and thinking models. The book also details the power of persuasion as well as  how social engineers should listen to their targets.

In one of the chapters Christopher also covers social engineering tools and software that can be used against targets, in my opinion this chapters wasn’t necessary to the book. I had already used all the tools Christopher mentioned, and I would have definitely preferred one more chapter about persuasion, or “how to question a suspects”.

The end of the books covers the prevention, and how companies could prevent a social engineer to gather data. This chapter covers six steps that should be taught to employees.

After this first reading I was already convinced that the book would be useful, and I began to practice the author’s techniques on random people to improve my skills, I tried to pay attention to micro expressions while walking in the streets or while talking to people, I also tried some of the techniques on my friends, I tried to convince people etc. and it worked pretty well, and that’s how I decided to read the book once again, while keeping in mind that the book had been written by a social engineer.

During my second reading, I noticed that Christopher uses repetitions a lot in the book, a technique that Apple uses to convince people as well (did he wanted to convince us that the its book was awesome ?), another small annoying problem are the non shortened links present in the book when the author refers to its website or to youtube.

My second reading helped me to understand Neuro-Linguistic Programming (NLP) a bit more, and I had now time to read a bit more about NLP beside the book, I could also apply some more techniques, and then refer back to the book to compare my results and improve my trials.

I would say that the second reading was worth it, it helped me to improve the techniques I wasn’t “mastering” as well has having a better understanding of some chapters covered in the book.

To conclude, I would say that I read a few books on how to convince people, and on social engineering but this book is in my opinion the one which covers the best the psychological part of social engineering. I can also say that the examples given in the book did always make sense (which was not the case in all the books I read before). The author also pointed out very well the fact that to be “secure” you should be able to understand the techniques used by social engineers. This book might also help readers to have a better understanding of the people surrounding them, such as friends, family, and even children, since the book clearly points out the importance of “listening”.  Finally I sincerely recommend this book, to penetration testers, social engineers, psychology students and finally to everybody interested in security.

 

Tagged , , ,

C Language Tricks

I have been using C for a couple of years now and I always thought about writing a small post about C tricks I learnt over the years, and here I am. This morning I basically came acros a website showing a few C tricks that I already used and I finally got the inspiration to write my C tricks as well.

 
The first tricks I have been using sometimes is the following :

This stores the hexadecimal values of ABCD into I which should set the values to 0x41424344 (A = 41, B = 42, C = 43, D=44). I used this trick a couple of times for debugging purposes since it is easier to find ABCD or 0x41424344 than another value.

2)  The next C trick I have is the following :

In this short example, the xor function is used

 

XOR

0 | 0 = 0

0 | 1 = 1

1 | 0 = 1

1 | 1 =0

Applied to our values it gives us the following :

 

As shown we inverted the values of ‘a’ and ‘b’ without using a third variable.

3) The third trick is about structures :

As shown, the variables of the structure have been initialized at compile time and not first at 0. You can also use

which will initialize all the elements to 1;

That’s all I got/remember at the moment, if I come across some other cool tricks (that I used) I’ll just update the post.

Tagged , ,

Basic Shellcode Analysis

Analyzing a shellcode is always instructive, it can give the penetration tester hints about what is used in it, or the penetration tester can learn about the techniques used, but he might also prevent himself to use destructive shellcodes.

After a few searches on the Internet I found a pastebin page to illustrate my example.

The following page (here) claims that there is a 0 day exploit for openSSH 5.7 0day exploit. The page do not give any instructions, and displays a basic C code to compile with GCC on a linux machine. Below you can see the code :

The exploit seems to be fine, and I guess a lot of people tried that exploit on their own machine, without looking inside the exploit.  Before executing that exploit, this is what they should have done, and this is actually what you should always do !

  • Analyse it without executing it

Below you may see how to reverse an exploit with Perl or  Python :

or in Python

And this is the result that you should obtain:

As shown in the previous table the code tries to execute the a “rm -Rf” on our hard drive and delete everything !

That’s why it is important to always reverse the shellcodes you are using before hand !

Tagged , , , ,

SSH known host on OSX

To manage my multiple machines and test computers on my local network I use SSH, and often after reinstalling a test machine I want to connect back by SSH and my Mac just pops me back this message :

I usually find this message quiet annoying, but knows the commands to avoid this problem, but today while speaking with a friend, he told me that he was usually deleting the SSH keys by hand in its “known_hosts” file. As there are some appropriate commands to do this I thought it would be a good idea to post them on my blog, and here they are :

And that’s it, you will now be able to delete the ssh key without having to modify your “known_hosts” file by hand.

 

Tagged , , ,

Installing Gerix on Ubuntu from Backtrack’s repository

GerixWiFiCracker is GUI for Aircrack-ng suite, is designed for pentesting in a realworld with efficent and userfriendly graphic interface.

Note: This small tutorial is based on the repositories from backtrack 5 R1 and ubuntu 11.10 and ubuntu 12.04

The first step is to add those lines to “etc/apt/sources.list”

Once those lines added to the sources.list files you can run the command

And finally to install gerix you can finally run this last command :

And that’s it.

 

PS1: If you encounter any errors with PGP while installing / updating (UBUNTU TLS 12.04) any tool  try the following commands :

 
 

PS2: If you encounter this particular error :

Try the following commands:

At the first question answer by ‘n’ and then answer by ‘Y’ the second and third one.

And that should solve the dependencies problem

Tagged , , , , , , ,

Purge OS X inactive Memory

The memory in OSX is divided in four important categories such as shown below :

 

Those “types” of memory combined together are the full size of your ram, in my case 8Gb. Each type as a specific function in OS X those are described below :

Free:

This is RAM that’s not being used.

Inactive:

This information in memory is not actively being used, but was recently used.

For example, if you’ve been using Mail and then quit it, the RAM that Mail was using is marked as Inactive memory. This Inactive memory is available for use by another application, just like Free memory.  However, if you open Mail before its Inactive memory is used by a different application, Mail will open quicker because its Inactive memory is converted to Active memory, instead of loading Mail from the slower hard disk

 

Wired:

Information in this memory can’t be moved to the hard disk, so it must stay in RAM. The amount of Wired memory depends on the applications you are using.

Active:

This information is currently in memory, and has been recently used.

 

As you can see, the inactive memory is used for fast access to an application, and sometimes if happened that the memory is not released by OSX or not shared.  This can make the mac really slow and buggy. As I got the problem I searched for a solution I found that one :

 

  • If you do not have the developers tools installed, install them.
  • open a shell and type in the following command :
This command will purge the inactive memory and set this memory as free. This command should help you if your free memory decreased to less than a GB and that you inactive memory increased or wasn’t allowed to be used by other softwares.
And That’s it.
Tagged , , , ,

Glossary in LaTeX

As I was Finishing my MSc thesis today I wanted to create a glossary with LaTex, but it was very difficult to find a tutorial or even basic steps to create one, without having to change something, so I decided to create a small “tutorial” on how to create a glossary with LaTeX.

The first step is to include the package :

As you may see, I also added the option [nonumberlist]. When this option is not enabled the glossary contains a list of page numbers where the entry was used. 
The second step is to use the package :

This package will allow you the use of acronyms. Now that the right packages were included, you can insert the following command in the body :

You may  now create the acronyms and entries that you want in your glossary. These entries have to follow this layout :

Finally you can put the following commands where the glossary should be printed

The first command list all the entries in the glossary, while the second prints the glossary out. In your text you may now use it such as following :

and this should appear :

Compile your LaTeX document a first time and then open a shell an type the following command:

Compile your document with LaTeX a second time, and your glossary should appear right there.

 

and that’s it !

 

Below is a basic example of a LaTeX file with glossary :

Have Fun with LaTeX.

Tagged , , ,

“Hacking” Friends Hotmail’s Accounts

There are a few existing ways of hacking an hotmail account, such as brute-force, or the secrete answer/question, but today I(and friends) found another “way” of doing it (that I never heard before)

Long story short :

To make it work, the hacker needs to know the “save” e-mail address, and hope, this address has been deleted.

When you forgot your password it is possible to ask hotmail to “Email me a reset link“, when clicking on this link hotmail  shows the user the e-mail address to which it is going to send the reset link, for example :

my*****@hotmail.com

But in a few cases, this e-mail address might have been already deleted by hotmail (if you didn’t used it anymore, or if the target didn’t used it anymore), to verify that fact, the hacker can simply  return to the following link:

“Can’t access your account” (on the sign-in page)

From there the hacker can tick the  “I forgot my password” radio buttonfollowing the link the hacker will find the page displayed below :
And here comes the trick :

IF the address does not exist anymore, the hacker will receive the following message :


If hotmail returns the following message the trick is to “recreate” this e-mail such as creating a new account, and then restore the password from the account you wanted to get the password back at first.

 

And that’s it, hotmail will not verify that the previous e-mail had been deleted or not, it will simply send you the restore password link.

 

Have fun.

Tagged , , , ,

Encrytpted Folder on Mac OS X

Today a friend of mine told me that  while he was traveling that his laptop was stolen, unfortunately for him, it was his work laptop containing all his data, projects, presentations and a few clients data.  Fortunately, he told me that the laptop was using truecrypt, that all the files contained on the laptop were encrypted and that no one would be able to use the laptop without its consent.

After this small conversation, I began to freak out about my mac being stolen and my projects and personal data being published on the internet so I decided to encrypt my drive, and my fist thought was to use truecrypt or  firevault on my mac, but I wasn’t sure to like the fact that my drive would be totally encrypted and that I would not be able to use a “forensic method” if my drive was crashing (Yup, even with chunks). Therefore I finally decided to create an encrypted folder on my mac.

 

Step By Step:

  • On your desktop create the folder that you want to encrypt ( in my case “Projects”)
  • Open the Application folder and open the Utilities folder
  • Open the Disk Utility application

From an existing folder:

in the Disk Utility application :

  • Goto “file” -> “Disk Image From Folder”
  • Chose the folder you want to encrypt (in my case “Projects”)
  • Chose the encryption (the stronger the best)  AES 256 bit
  • Enter your Pass-phrase  (PLEASE) do not use 5 chars ! *
  • Click on
  • The process of creating you encrypted folder will begin.

From a non Existing Folder:

 

As you may see the folder is an image (MyProjects.img) which means that you can mount and unmount the encrypted image or even copy it to an USB drive.

  • Goto “File” -> “Blank Disk Image”
Encrypted Disk Image

Encrypted Disk Image

  • Choose the Size (I took 8.3 GB)
  • Choose the Encryption (AES 256-bit)
  • Click on Create
  • Enter your pass-phrase

 

Now you will find a encrypted folder on your Desktop at any time, and when you will click on it, it will ask you the pass-phrase to open it.

 

And That’s it.

 

 

*To use secure a password rely on:

  • On the letters you are using ( A-Z, a-z)
  • On the numbers your are using (0-9)
  • On the special chars ( @, /, !, #, etc)
  • BUT ALSO on the length of it

using a password like the following  “ABd2@”   will anyway be less secure than using  “ThisIsMyPasswordAndILikeToWearLargeJeansBecauseMyFavoriteNumberIs42” so please consider using a nice and long and secure password.

 

Tagged , , , , ,

Hidden Wi-Fi Diagnostics Tool In Mac OS X 10.7 Lion

During my search on “How to show the Library Folder on OS X Lion” I found an nice article talking about a hidden Wi-Fi Diagnostic Tool in OS X Lion, and after a few tests, I thought that it was a good idea to publish it on my blog as well.

 

In Mac OS X Lion and Previous versions, a  tool for connections test was existing (e.g.  Utilities -> Network Utilities ) but it was not dedicated to Wi-Fi. However this one is, and is accessible at :

To access it :

  • Open the Terminal
  • Copy, paste the previous Link in the Terminal preceded by “open”

  • Press Enter

You should see  the following window appear on your screen (Open your Wi-Fi):

As shown above, you will have the choice between four options, lets resume them fast :

 

Monitor Performance:

This option will give you a few information about the Wi-Fi connection you are using, and the signal rate etc ( such as shown in the print screen below )

You will the be able to export all the data into a PLIST (XML) file.

 

Record Events :

This will allow you the possibility to monitor all the events appearing on your Wi-Fi. ( This could be useful when you know that a friend is trying to hack your Wi-Fi for fun )

In this case you will be able to export everything as well in a Plist file.

 

Capture raw frames :

This option will allow you to capture data going on the network,  going to and from your computer, or data that could be listened on other networks :

Below You might see the capture Process :

 

To see the data, you will have to click on continue and export the data, finally a ZIP file will be created with a Plist file and a PCAP file that you will be able to open with a tool such as wireshark.

Turn On debug logs :

This option is just a log system about your connection. Most of the information received are kernel calls.

 

Now you will be able to monitor your Wi-Fi connection in the best way.

And that’s it.

 

 

[Source]

Tagged , , , , ,