August 7, 2012 at 11:03 am #7765Jamie.RParticipant
I wanted to share some tools and tricks that I use when doing Social Engineering. The best part of Social Engineering is you can practice it anywhere just by talking to people and trying to get information from them.
Tools in my arsenal:
The first thing you need is bags of confidence as you are trying to sell yourself, this is where practicing comes into play. I gained a lot of this from working in sales and selling to customers, trying to make them part with cash and buy more stuff. The company I used to work for also showed me how to manipulate people and overcome objections.
You have to be quick witted too and think fast off your feet. Never try to sell yourself as someone who has certain skills when you don’t. You may be in a situation where you need to think fast to get out of it. For example you get stopped by a security guard. What are you gonna say to him ? Are you just going to give up? What story will be good enough so he lets you go on your way?
The first tool that you should always have is a mobile phone this is one of the best tools ever in Social Engineering. The good thing about us humans is that we are either really nice people or not confident enough to interrupt someone on the phone, as that would just be so rude. Speaking on the phone whilst walking into a building or hanging outside a RFID door on the phone waiting for a kind soul to hold the door open for us is just so easy. This pretty much works all of the time and it is really effective.
I tend to carry lock picks with me at all times but I very rarely used them, but the one time I might need them it’s better to have them than not.
A good business card will sell you like nothing else it’s easy to get cheap business cards printed these days and they are a great way to backup any story you are trying to sell. Another good tip is if you can get a business card for someone who works at the company you are doing the Social Engineering attack against you might be able to go to another location and sell yourself as being that person who works for the company.
SET Social Engineering toolkit is a great tool that works well with the teensy device. Depending on your scope you can always use this to drop USB around the company and there a good chance that someone will plug it in and run the exploit on the USB.
If you are doing a Social Engineering attack and you know they use RFID doors you can buy a RDIF card off of Ebay even though it won’t work but when people see it, you can just say your card has been playing up and you need to get it sorted. Most people will see the card and just let you in.
These are just a few hints and tips when doing Social Engineering.
Fill free to add tools as you see fit….
August 20, 2012 at 2:52 am #48632beastmode19888Participant
Jamie these are all great ways to get SE off the ground. The phone is the number 1 thing that you would always need no matter what but will do you no good if you cant talk lol. SET is what I deal with most of the time. I just did a video on youtube about using SET in Web GUI.
Check it out and If you don’t want to click my link ;D I understand just go to youtube and type in beastmode19888 in the search.
Hope you like and please Subscribe
August 24, 2012 at 6:01 am #48633cyber.spiritParticipant
i always find best resources about se here but i think set is the best tool for it as long as it finds metasploit lol
October 7, 2012 at 10:06 pm #48634Mr UndoubtableParticipant
This is crazy good. Something’s that sound very useful yet I didn’t think of them.
I don’t really go all out this far when SE-ing but it’s useful to know.
October 8, 2012 at 8:08 am #48635Jamie.RParticipant
Glad it was helpful 😛
You must be logged in to reply to this topic.