?? social.html
字號(hào):
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">However
most social engineering attempts are done by lone individuals and so the social
pressure and other influencing factors to be constructed by creating a believable
situation that the target feels emersed in are less effective.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">If
the situation, real or imaginary has certain characteristics then the individual
is more likely to comply with your requests. Following this paragraph they are
listed.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">Diffusion
of responsibility away from the target individual. This is when the individual
believes that they are not solely responsible for their actions.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">A
chance for imagination. Compliance is more likely to occur if the individual
believes that by complying that they are ingratiating themselves with someone
who may give them future benefits. Getting on the good side of the boss is surely
going to have some benefits hey?</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">Moral
duty. This is where the target complies because they believe that it is there
moral duty to. Part of this is guilt. People prefer to avoid guilty feelings
and so if there is a chance that they will feel guilty they will if possible
avoid this outcome.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">On
a personal level there are methods used to make a person more likely to cooperate
with you. The aim of persuasion is not to force people to complete your tasks,
but enhance their voluntary compliance with your requests.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">Basically
the target is simply being guided down the garden path,:P. The target believes
that they have control of the situation, and that they are exercising their
power to help you out.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">The
fact that the benefits that the person will gain from helping you out have been
invented is irrelevant. The target believes they are making a reasoned decision
to exchange these benefits for a small loss of their time and energy.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">CO-OPERATION<br>
There are several factors, which if present will increase the chances of a target
co-operating with a social engineer.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">The
less conflict the better. Co-operation will be readily gained when the softly-softly
approach is used. Pulling rank, annoyance or orders rarely work for effective
persuasion.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">Psychological
research has also shown that people are more likely to comply with your wishes
if you have dealt with the same person before. Before trying the 'big hit' try
requesting smaller and more reasonable requests. This way they will be more
compliant to your needs.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">When
attempting a social engineering hack, the more sensory detail you can provide
to the target is better. A person would be more compliant to your needs if they
can See and smell you as well as speak to you, it is often difficult to get
some one to comply with just a simple phone call. However these days the possibilities
are great because of the fact that so many businesses are on the net. Another
point I am going to make is that it is often impossible to persuade somebody
using ASCII chat or e-mail. Ever tried Social Engineering some one on IRC?</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">The
main thing I can tell you is don't try Social engineering people with higher
authority than the made up person you are using, for instance, don't try to
Social engineer the sys admin as we all know he's more competent than you are,
Especially on his own network.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">Remember
before attempting to social engineer somebody, you have to do some info searching
on that particular person. I have known people to read over people's shoulder
when a person was typing on the phone just to gain knowledge on the targets
lifestyle and friends. Another aspect of what people will go to just to find
out information on people is to watch as they type in their Credit card and
ATM pin numbers. Some even go to the extent as to watch from windows across
the road with binoculars to see these numbers being punched.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">Ever
sat in computer class and called to your teacher to type in some sort of password,
which you conveniently watch over his fingers on the keyboard as he punches
in this innocent request. This is the sort of ways social engineering can be
taken into life, I have often used skills described in this tutorial just to
nock down prices on goods at a local market.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">When
looking for information on a Target, you want to consider going Dumpster diving,
or trashing as it is sometimes called. On these outings remember to take a sturdy
pair of shoes, gloves and a torch (preferably with red filter), Bolt cutters
may come in handy too! Oh and remember to cover yourself up! In these outings
you can often find employee names, phone numbers, account details, amongst the
mounds of IT treasures.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">One
technique to use on a target is to pretend you're an employee of another company
doing surveys for a hardware company, if you choose to follow this line of attack,
have the questions lined up, and make sure you take time as if you were writing
down their reply's.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">Any
information gained from these phone calls can be used, Information on the companies
firewalls, routers or servers could be used for further attack on the companies
Website.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">So
now you have some of the skills that it takes to become a good social engineer,
but remember like I said at the start of this tutorial, the most important tool
of common sense out weighs any of the skills in this text.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">Even
major companies can be social engineered, an example of this is an AOL employee
who was having a Tech support session, during which the hacker mentioned he
had a car for sale, at a very good price, and the techie was interested. Of
course the hacker sent the techie a pic of car, binded to the jpg was a trojan,
which enabled the hacker to get into the internal network.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">So
remember anything is possible with the right incentive, you just have to please
the person's senses.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900"><br>
Happy Hunting,</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="1" color="#FF9900">Forbze</font></p>
<p></p>
</body>
</html>
?? 快捷鍵說(shuō)明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號(hào)
Ctrl + =
減小字號(hào)
Ctrl + -