Ü ÜÛßÛÜ ÜÛÛÜ ßßßÛÜ Released: 8/4/96 by Luthor ÞÝÜÛÛ Û ß Û ÞÛÝ ß Type: Information on Social Engineering ÞÝßÛÜ Û Û ÞÛÝ - Rebels of Telecommunications - ÛÛÝÛÛÝÛÛÜÛÛ ÞÛÝ - Returns - ß Ûß ßßß ß - To the H/P/A Scene - -] Table Of Contents [- 1.................................................Greets 2.................................................Disclaimer 3.................................................Introduction 4.................................................The Stuff 5.................................................The Adds Greets: Greats go out to the following people: Red Dog: Cause he's so cool (: Karma Sutra: Keep UNT where it belongs, At the top! Ledger: Hope ya like this! Thrash: God Damn Line Noise!!! All The people In #UNT and #9x ravers, techno artists. Disclaimer: I (Luthor) Nor ROT are resposible for this text file. I am writing it for your informational purposes only and for reading pleasures. The content of this file contains NO false information. It could be used by people to gain information which could benefit in illeagle purposes. But it is intended for your reading pleasure only. If you decide to take it further by committing illeagle acts, I (luhtor) nor ROT will be resposible. Once you get this file and read, it is your resposibity to not get yourself arrested, etc. Introduction: Hello there. This text in which you are reading now is about Social Engineering. A great skill to learn. It can be used in many ways. Well first of all...What exactly is social engineering? Well it is the use of your social skills to obtain/get what you want. No I am not talking about using this to get money from your parents. I am talking about calling up some place (Ie. A company) and get information, passwords, login names. etc..it is endless. You can probably think of tons of uses for this skill. Hence it being a great trade to learn. The Stuff: Ok, now that you understand what social engineering is all about. You are saying "so many groups talk about this crap, why should i read this damn file?" Well, in this text, i will try to go into depth about the topic, and where, how, why it can be such a great trade. First off. You May wanna have an older voice. I mean a voice of a 9 year old, is not gonna be that great. You will want to sound mature enough to sound like you are from where you say you are from. If you say you are part of 'Loyds Of London' (a big insurance agency) then don't talk in a high voice. One thing that may be of use is to actually call up an office of theirs and talk a represnitive, even get his name, and the office at which he works. This can be very crucial. If you say you are from a firm which the company knows, and they know the name. Chances are, you will get what you want. Basically you are bullshitting your way into somehting. There is an internet provider where I live, I got their password file except that it is shadowed. But the users, real name, and phone number are their. If I wanted to crack that file hard enough, I could call up all the users, using a dialog such like this: : Hello, Good evining, My name is I am the system administrator over at , Is this a bad time for you? : No, this is a good time, what can we do for you? There have been several hack attempts at the server. We feel that some users's accounts may have been tampered, would you like to change your current user password? We would greatly advise it for security reasons. : Yes. That would be great! : Ok, we will need to know your current password first. : Ok, it is . : Thank you, and what would you like your new password to be? : I would like it to be . : Ok, thank you, The next time you login, please use the new password you have givin us. : Ok, I appreciate that you have considered the security of your system, and appreciate the call. : No problem. Thats what we are here for. If you have any further questions, please feel free to call our main office any time at: . Good Evining. : Goodbye There. Now wasn't that easy? You now have the users, old password. What you want to do now, is login to the server using thier old password, and then change it. Usually servers (such as mine) provide a shell account. You will want to login on the shell, and use the 'change password command' on mine it is '+'. Other wise, just call up the central office, and tell them you are the user and you would like to have your password changed to keep your account secure. They may call you back to verify it being you. So tell them, you will be away or make up something, and tell them, you may leave me email or whatever. Now you have complete access to their account. If you wanted to do this the hard way, you could do it for every single person on the server (it would take a long time), and people would get suspicious. Especially the administrator. He would wonder why all these people are calling and having thier pwerds changed. So I advise only do it with one person. You can now, do what you want on their account. You will not be found out (unless someone has caller id, and they trace your number. So I would advise that you call from a pay phone or loop your call through a diverter or somehting like that. That way you get off scott free. Of course, now once the real user finds out what happened, they will probably shut off the account, and get a new one, (if they are smart) most people aren't. Now that is a perfect example of something which you could use social engineering for. But you say "oo..an internet account. How much access is their with that, I wanna get into a unix server." Well. you get a number such as 1-800-333-2234. (i doubt that is an actual server number, but we'll use it for an example) now, just about every server i know of, or have been on, are connected to some sort of buisness. Sometimes even that buisness's number is very close to the server's number. So say the Servers number is: 1-800-333-2234, the office number may be: 1-800-333-2235 or 1-800-333-2233, so try those, and see what happens. Sometimes when you goto login to one, they have a some sort of text at the top that says like 'for information call 1-800-333-3333' or somehting like that, so call that number and bullshit your self an account or something on it. Now social engineering can be used to card also. ( I don't recommend it though, since carding can be quite dangerous, and if you get caught, I belive it is 10-30 years depending on how much you carded, what you carded, and how much you did it.) Well anyways. Social engineering is a great skill to master, basically it is being able to talk to someone, and sounding like you work for them, or some other comapany and getting what you want. No prank calling is not included here. Thats just pathetic anywyas. There is really no purpose in calling someone up for abslolutly no reason at all. and tellin em somehting, that they probably don't really care about (unless they did somehting to you, and you know just how to get back at em.) Prank phone calling is just annoying, and after a while, people just turn the ringer off, and stop answering the phone. But thats getting away from the point of this whole file. One very big, Big, BIG thing is: DON'T LAUGH! If you do, your whole scheme is done. A good tip is do it when you are alone. That way there is no one around to make you laugh, and there is no one around to rat you out, and then don't tell anyone you did it. You never know when you might get someone pissed off, and they wanna get you back, by ratting you out. So my best advise is: If you ever do something (don't matter what it is) if you can get your ass in trouble for it.) Don't tell anyone you did it!! Thats the best way to stay outta trouble. And probably the safest way to do just about anything. Well thats just about all for me for this. Your probably bored of reading all my crap. I'm out. The Adds: If you got any questions or whatever or just wanna get ahold of me i can be reached at my bbs: 207-490-2158 - Strange Days - ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ³ ³ 200proof (h/p) í UNT (h/p) ³ ³ Rot (h/p) í UII (h/p) ³ ³ Fhg (h/p) í TfA (h/p) ³ ³ FUK (h/p) í Blade (art) ³ ³ Punc (art) í FoWL (art) ³ ³ 9x (h/p) ³ ³ ³ ³ -ì-ì-ì-ì-ì-ì-ì-ì-ì-ì-ì-ì-ì-ì-ì-ì- ³ ³ ³ ³ MassacreNEt (12194:12194/75) ³ ³ UnderNEt (162:162/0) ³ ³ FoWLNEt (4001:101/6) ³ ³ ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ - A System Of free Information -