In this chapter we’ll look into some of the most basic hacking techniques and tools. These basic tools
can be incorporated into other hacking techniques. Some of the tools and techniques that will be
mentioned in this chapter aren’t that technical. In fact, these may be the easiest of the many things you
can learn in your white hat hacking career.
Social Engineering
Social engineering is a non-technical hack. It doesn’t mean that you have to go to Facebook or any
other social media site just to gather someone else’s information. It simply means taking advantage of
the most commonly used resource available to computer users and companies as well – people. In the
case of companies it’s their employees.
By nature, people are trusting. It’s natural to trust someone else, especially if you know the other
person. This is one loophole that hackers try to take advantage of in any organization. All they need is
a few details from one person, and then to use those details to gain more information from another
employee and so on.
For instance they can pose as some kind of computer repair guy or a tech support representative and
contact a customer of a certain company. They may talk the person into downloading some free
software. The software was free but it wasn’t what the hacker described it to be. The customer who
trusted the service of said company downloads the files. The software that the customer downloaded
then takes remote action without the customer’s knowledge. Thus the hacker is able to gain valuable
information.
They may claim to be this or that from a particular company to subscribers of a service. And at times
they do not always ask a subscriber or customer to download something “free.” They may even
bluntly ask for the customer/subscriber’s username and password. Since people are trusting,
naturally, they divulge that information.
Phishing sites on the other hand do the same job. These websites are designed to gather login
information. Some phishing sites even have some similar visual patterns or designs as the original
site. Customers on Amazon may be tricked into signing into a phishing site that looks so much like
Amazon. They login thinking the site is related to Amazon. The site then gathers the usernames and
passwords of customers. Now, imagine if they could make people enter their credit card information,
their PayPal logins, and other important bits of information!
Social engineering is one of the toughest hacks out there because you have to make yourself look
official and legit to a complete stranger. However, once successful, it is also one of the hardest type
of hack to counteract.
Social Engineering Basic Steps
The first step is to gather information about the company or people. Hackers can do the research
themselves. They can use information filed with the SEC, finance organizations, and pretty much any
other bit of useful information – there’s a lot out there. The bigger the organization/company the more
information there is you can find. Some hackers even pay someone else to look up all the information
they need online.
Some hackers even check out the company’s trash – yes they dumpster dive. Not a fond prospect but it
turns up some very interesting documents at times. Some employees unwittingly throw away
documents such as meeting notes, printed emails, organizational charts, network diagrams, a list of
usernames/passwords, lists of internal phone numbers, and even their employee’s handbook.
The next step is that they build trust. Hackers contact employees or customers using the information
they have gained. They act as someone within the company. They often behave as a nice person – a
person willing to help or in need of help. How believable they are depends on the amount of
knowledge they have gathered. They don’t always need to do face to face encounters or speak to their
target in person. They can chat, send voice mail, or even send an email that looks official.
We have already mentioned the Love Bug as an example of this scenario. The creator of that worm
virus also used social engineering to entice his targets to open the infected email. The email
addresses of the targets came from email lists. When the target people saw the email they also saw
that it came from one of their friends – so it was presumed safe to open. The virus program then
gathered emails and other information from the target’s computer and sends copies of itself in the
form of other emails to other contacts.
Another fine example of social engineering is the Nigerian 419 scheme. Targets receive an email
from someone they think they know and they offer to transfer a certain amount of money to their
target’s bank accounts. They ask for a little money to cover the transfer and the target’s bank account
information. Anyone who fell for it found out that their bank accounts no longer had funds the
following day.
Countermeasures to Social Engineering
The biggest countermeasure to social engineering is to inform the public. Keep your customers and
employees aware of what official communication from the company looks like. People should
become wary of anyone who asks for login information and other key bits of info.
Compromising Physical Security Flaws
Physical security is actually a vital part of information security. Hackers can eventually find access to
one of your computers. They can’t get past your company’s firewall but they can install a hardware or
software within your network inside your firewall by simply walking in the door and connecting a
device into one of your employee’s computers.
Smaller companies that have few employees will have very little to worry about. These employees
usually don’t allow a stranger to use their computers. Larger companies have a bigger problem – they
have more employees, more computer hardware, and plenty of other access points that hackers can
use.
Hackers may not always want to just install a piece of hardware and have a point of entry from the
inside. They may just need to access a computer, steal some important documents, or grab anything
that seems to contain some vital information. They will usually have an alibi when asked. They will
try to enter a building through any door including outside smoking areas where employees go to,
cafeteria doors, fire escapes, or any entry point that is available. They may even just tailgate
employees reentering a building and all they need to say to get in is “thank you for keeping the door
open.”
Hacking Passwords
Hacking passwords is one of the hot activities for some hackers. However, note that it can be
accomplished through social engineering and compromising physical vulnerabilities in the
workplace. A simple way to hack someone else’s password is to look over their shoulder as they
enter it on a computer. Password hacking is one of the most common ways for hackers to access
information via the network or a computer.
Another tactic is called inference. You gather as much information about an employee as you can
(birthdates, names of children, their favorite stuff, important dates, phone numbers, favorite shows,
and other stuff). Then you use those when you try to guess the password. You won’t believe how
many people just use the digits of their birthdates and other easy to remember numbers as passwords.
There are of course more high tech ways of guessing another person’s password. The tools of the
trade in terms of password hacking include network analyzers, remote cracking utilities, and other
forms of password cracking software. You may also have heard about application programs that use
“brute force.” Brute force is a trial an error method of guessing the password. These programs try all
possible combinations to try and guess the password. It may take quite a while before they can
actually guess the password. This method is also called exhaustive key search.
Some hackers exploit physical flaws and try to gain access to another’s computer just to locate
passwords. Windows operating systems usually store passwords in the same directory or location
known as the SAM or security accounts manager, for instance c:\...\win32\config directory or some
other similar location. Sometimes passwords are stored in a database file that is still active like
ntds.dit for instance. Some users create emergency repair disks or emergency repair files in a USB
thumbdrive. All that’s needed is access to the directory (e.g. c:\winnt\repair). Some passwords can
also be found in the operating system’s registry. And at times employees also save their passwords in
a text file, which makes it easier for hackers.
Another way to crack another person’s password especially if you have gained access to their
computer is to install keyloggers. These are either pieces of software or hardware that log the
keystrokes of unsuspecting users. Everything they type is recorded or logged. There are many
keystroke logging software programs out there that can be bought or are given away for free. There
are also hardware based keystroke-logging tools like a replacement keyboard or a keylogging tool
that can be plugged into a USB port at the back of your target’s computer.