Infiltration Methods

danielwang · Post by **danielwang** » Mon Jul 21, 2003 11:37 pm

Infiltration Methods (part one)
Daniel Wang

These methods were conceived and designed by myself, unless credit is given in the description.

Sending Rewrapped / Infected Software
If you unexpectedly received a piece of software from Amazon.com in the mail with your name on it, what would you do? That’s the beauty of this scheme.
I simply purchase a piece of software from Amazon.com with gift options and ship it to my location. When the package arrives, I carefully tamper with the seal and replace the CD with a burned CD-R, resealing all of the wraps. Replacing the packing list and air bill with bogus version, I put the software back in the printed gift box and send it off.
Other methods include calling users up, sending CD-Rs via proxied interoffice mail, etc.

Asking Dumb Users
I actually considered this method before and without any influence, but reading Kevin Mitnick’s book “The Art of Deception” allowed me to realize how trusting some users can be.
A combination of the software approach and Mitnick Method social engineering, and example of my approach involves calling up the local Red and Jerry’s arcade masquerading as a Sybase representative. Explaining the dangers of buffer overflowing, I have them “test the system” by doing an “insert into users” statement…

In The Facility, Part One
After getting away with sniffing traffic at my local Red and Jerry’s arcade, I put my eyes on larger targets. Say, for example, corporate. At our unnamed location, we have the typical corporate office – reception area, restrooms, and phone behind the security corridor. I take a Pocket PC along and ask the security officers to use the restroom (prior research confirms), which apparently has Ethernet ports.
Looking into the Intranet, a memo about external FTP server access is found. The password changes every month, though. Flushing the toilet, I leave with my valuable information…

In The Facility, Part Two
A one-time occurrence several years ago, my parents once took me into their workplace (F**st D**a) for Take Your Kids to Work Day. Installing a cheap copy of a VNC-based Trojan, I printed out the entire intranet’s worth of documents. Inspecting the temporary security badge I have, it is apparently worthless. However, next year (still F**st D**a) is better – I am invited back to the cube to set up some equipment. Peeling off the cover of the HID badge, I replace the actual security core (an HID Proxplus II chip) with a worthless one. I’m more prepared for firewalls this year, as well. It takes but seconds to backdoor Internet Explorer with a BHO.

Cardinal.jpg · Post by **Cardinal.jpg** » Tue Jul 22, 2003 3:05 am

Initially I thought you were talking about drain infiltration but stuff about the facility is equally as cool. Have you got a purpose for this or just to test your limits?

danielwang · Post by **danielwang** » Tue Jul 22, 2003 9:26 am

Cardinal.jpg wrote:Initially I thought you were talking about drain infiltration but stuff about the facility is equally as cool. Have you got a purpose for this or just to test your limits?

Just to test my limits. I really don't go sneaking around corporate offices with a iBook, as so you know.
It's just fun to see what's on the Intranet.

See latest issue of "2600: The H****r Quarterly" for the scoop on what someone did at Best Buy... he got into tagzone, msizone, cf, etc. And printed out all the memos.
Including ones about hiring and firing employees, etc.

If you're bored.

Roke · Post by **Roke** » Tue Jul 22, 2003 12:43 pm

I thought you were talking about being a ninja.

shai-hulud · Post by **shai-hulud** » Wed Jul 23, 2003 5:30 pm

I'm more intrested in 2600's dumpster diving articles. I haven't dived myself. but the articles tempt me.

danielwang · Post by **danielwang** » Wed Jul 23, 2003 5:34 pm

shai-hulud wrote:I'm more intrested in 2600's dumpster diving articles. I haven't dived myself. but the articles tempt me.

I actually ended up building a server (Zaku.mechacker.com) and a home office out of thrown away items - without dumpster diving - before I even knew about 2600. I drove by CollegeAmerica on Colorado boulevard one day and the engineering department was dumping circuit boards, power buses, and fun stuff right out fo the dumpster. I took the box and hopped on the bus.

Since I've read 2600, I've been inspired to try the phone company, too.
THIS COMPANY DOES NOT SHRED COMPANY MEMOS!!!