Social Engineering
by: vapor | evaporate@earthlink.net)
site: http://phreaking.datablocks.net




Ok nobody really knows were social engineering began but it is a very common 
thing in this modern day world.

Social Engineering is tricking a person into revealing their password or making 
them transfer to the intercom extension on a phone system. 

A classic social engineering trick is for a hacker to send email claiming to be 
a system administrator. The hacker will claim to need your password for some 
important system administration work, and ask you to email it to him/her. As I 
explain later, it's possible for a hacker to forge email, making it look like it
came from somebody you know to be a legitimate system administrator. Often the 
hacker will send this message to every user on a system, hoping that one or two 
users will fall for the trick. Kmart is very easy to social engineer password 
wise and extension wise.




Example #1 


Kmart: hello this is Sid how may I help you

You: yes can you please transfer me to shoes

Kmart: one moment please

Shoes: hello this is shoes how may I help you

You: oh this is shoes I think they transefed me to the wrong place. Can you 
please transfer me to (intercom ext #).

shoes: yes please wait

You(on intercom): Everything is free on aisle 9

(note make sure you know the intercom ext this can be don by going to the store 
and telling them you want them to page someone and watch the # they press.)



Example #2 


server: hello this is the admin of the server how may I help you 

you: yes this is mike from network solutions we are having a problem with your network

server: really??

you: yes, have you noticed anything wrong

server: no we haven't

you: ok we have you here as login (username) and password is rainbow

server: that's not the correct pass

you: that is the source of the problems im guessing please tell me the correct 
pass so you can function properly

server: the pass is (pass)

you: thank you for your cooperation


 
SMTP Servers 

Ok first you need to find a server that supports port 25 (smtp) this can be done
with a port scanner 

ok now open something such as telnet and connect to that server and port now 
here what you do (oh yeah if you type something wrong there is no backspace so 
you better start over):

220 tot-wm.proxy.aol.com ESMTP Sendmail 8.10.0/8.10.0; Mon, 29 Jan 2001 19:23:19
-0500 (EST) <~ that meens its ready

helo www.westminsterschool.org <~ command you type to identify your self to that
server must be the serves address
250 tot-wm.proxy.aol.com Hello AC8A4C17.ipt.aol.com [172.138.76.23], pleased to
meet you <~ servers responce
mail from: fakename@fakeaddress.com <~ where you want to look like where it came from
250 2.1.0 fakename@fakeaddress.com... Sender ok <~ servers responce
rcpt to: person@address.com <~address of reciever
250 2.1.5 person@address.com... Recipient ok <~ responce from server
data <~ command you type to write letter
354 Enter mail, end with "." on a line by itself <~ servers responce
mail goes here then press enter then period <~letter
. <~ sent by pressing this(yes its a period)
250 2.0.0 f0U0O0o28896 Message accepted for delivery <~ servers responce


Hope This Was Usefull,
    -vapor

-----
Reformatted to 80 columns, courtesy of Darren Pierce.
©2000-2001 Bomb the Box Information Technologies. All Rights Reserved.
This document can be redistributed as long as it remains intact.