Social Engineering(SE)

Wondering why I am writing about social engineering here in wireless technology related blog.Am sure everyone is aware with the famous persona and hacker of all the time “Kevin mitnick” .he was the master of social engineering and in ‘the art of deception”.I never read any of the book purely  targeting to social engineering ever.everyone surely heard some of example of social engineering  like dumpster driving/gathering personal information from social networking sites like orkut(chirkut)facebook,hi5,linkdin etc for foot-printing the profile/tailgating etc etc are well known examples.

I did something different and can you believe it.its related with wireless.

Case 1

one day I was testing my neighbor’s router by entering in its service configuration.there I made some mistakes related to rate transfer config.so I lost my connection with the router.see the stupid n00b ISP’s.they use to ship wireless routers to the end user with default username/password combo configured  and neither ISP nor End user bother ever to change their default password from admin/password to something else.it was Airtel  wireless router(beetel model).the fun part is when I telnetted  first time into router I got  whole info about the user and also about  Airtel ACSadmin  :D.I have all the info including land-line number of that user.SSID was the username :D e.g. satish.I thought to give my social engineering a worth try.it was tedious task however I was confident enough(I don’t know why I am so much confident while doing negative work :D)I called him from my mobile and told him am calling from airtel technical department.I was very much confident while talking and I told him you got some problem in your router.that guy is doctor.by luck he was also facing same issue he was not able to connect his laptop with wireless router.that end-user told me I called your technical department too and filed complaint to resolve the matter.he was very happy that airtel personnel called him so fast to resolve the issue(Airtel ISP people must thank me for enhancing their repo :D)

.I told,sir you are facing issues while connecting to your wireless router.

he replied yes.what to do?

I told connect your PC/laptop with the wireless router’s LAN Port using ethernet cable.

He told ok I have connected what’s next.

I told go to firefox/IE whatever browser you using and point the URL to http://192.168.1.1

He told ok its showing login page and asking for username/password

I told enter username as admin and password as password

He did same and entered in the configuration menu.

There I made changes in wireless configuration and told him to save that config.and restart the router.

he did same and voila the internet start working.he thanked me numerous times and was asking my direct number.

I told am airtel technical personnel.we don’t have permission for distributing our number to anyone.I called you because I got Service Request(SR) from my modem technical department.He was convinced because of the clarity,explanation,confidence,technicalities and helping nature.I cut the call after everything went properly.

Conclusion: you people wondering how I could identify all issues.I had screen-shots of his wireless router’s menu already in hand.so I could guide him properly where to click and where to go.in this manner I could rectify the issue where I made mistake in the router’s service menu :D

Case 2

Case 2 is rather funny and I laugh a lot whenever I remember that incident.after knowing the username/password of the menu the same user started doing R & D in his router.to stop that I configured his default username/password to something else.I think he gone mad by seeing that he himself not able to get-in to the router login page.he called airtel technical personnel at his home.I was not aware with this fact.like before I called him and told am calling from airtel technical department.you got some issue blah blah.he told yes,you are the same guy who called me earlier,I told may be I dont know I handle lots of requests on daily basis.he told one of your technical guy is here already.:D I was shocked oh what’s this.but I was confident enough and knew that technical personnel is not that much technical as I am.(those are mcse/ccna people only)end-user told me that talk with your guy.I told ok give him the call.you know what he called!!hello sir .I asked what’s the issue(shouting is always duty of lead technical people)I shouted on him why the hell this issue arising again n again of configurations.rectify the issue and strict the user not to play with modem settings and default username/passwords.:D.I asked did you configured the settings in menu.the real airtel personnel told yes sir all those things I have done.I asked reset the router to default configuration.he did same.he asked me from where I am calling.I told am from bangalore head-office near to koramangla area.he was satisfied told me ok sir thanks for guiding etc etc.this is how another part of social engineering I played.

Conclusion:you need to be very high confident & having technical data before seeking any social engineering attacks.if you became suspected the force will be behind you and you have to save you ass then.cause its purely illegal task.

Case 3

Above cases were related to the non technical user.I found one technical user also.who tried to over-smart with me(real h4x0r’s don’t give a damn and don’t give a fcuk those who tries to be over-smart).he used to keep changing his network key(WEP Key Index)and I have to crack it again n again.his name is navnagar.what I did I changed the default username/password of his wireless router(now change :D)so no longer he could change the key.

one day I had lots of work so thought to give social engineering one more try.I called him in the same manner.he picked up the call on land-line and I told him that

I am calling from airtel technical modem department.he was smart I  knew and will verify my identity.

he asked me where from I am calling,dept.employee ID etc.after that he asked me about his details registered with airtel.that smart-ass did not knew that most of details are in his account id only.

I verified him using his name navnagar,land-line number,his mail id and its default password lolz he became convinced too.next excuse what I told him.sir today its router maintaining work in your area,we will be updating firmware of each airtel modem so that end-users can get higher bandwidth and least delay time.as you people know these people are fool and if you giving them offer that too free,they will surely avail it.now here comes to point.

I told him not to shutdown routers today whole day.he got suspected and smart-ass asked me why all the time.when you will be upgrading do let me know I will turn on my router.

I told in strict way by emphasizing that sir its our duty to  inform our respective customer for any free release or any major up-gradation company providing for the sack of its valuable customer.we wants to  increase our market share blah blah all nonsense things I told him so that he must not think  am a hacker and wants to gain access in his router.(This free offers impact on users a lot because every human is greedy and its a vulnerability everyone must exploit)

he though for a while and became agree on the point of keeping the router turning on all the time.he played a trick with me and I was ready for that.before doing that he asked me for my numbers.I gave him toll-free number of airtel office(Thanks to free pamphlet). anything left:D LOLz 0wned!

Conclusion:With smart ass be smart ass.thing you must have all information with lots of confidence filled in you.if you got trapped you will be behind the bars.so think twice,thrice before conducting such real live social engineering attacks.

I did all because I was not able to get Internet in the fucking area where I was residing.so this was the alternative way for 2 months since I got my connection.after that I never did that.by chance I got my hands-on for trying social engineering skills.Am purely ethical hacker but my motto says.don’t learn hacking,hack to learn and we all are hackers you can stop me but you can’t stop us all :D

Advertisements
Comments
  1. natz says:

    hi,
    Your blog is very interesting and written in understandable form with a funny edge given to it . Keep writing . :)

  2. d3c0d3r says:

    superb use of social engg :D

  3. h4x says:

    simply awesome! Can I HAZ more?

  4. Raplh says:

    Nice….i stumbled upon this blog while trying to find how to save a file on backtrack USB drive……..very interesting….aur blogs likhtey raho!:P

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s