/nsa/ - Hacking Basics Social Engineering The - Enrive
Enrive[ a / b / biz / c / co / g / gg / global / k / lit / Movies / mu / nsa / pc / pol / sci / toon / tv / x / ]

Tutelary Technology - /nsa/ [Catalog] [Board FAQ]

This thread has been flagged as old and contains pop-up ads.
Replying will revoke its old status.



Media deleted

Hacking Basics Social Engineering The first thing you need to understand about hacking is that 90% of it is about deception, trickery, and flat out lies. The weakest link in the chain will always be the end user. They will write their passwords down and tape them to their monitor, they will open executable files from unsolicited emails, they will download porn from un trusted sites and get a virus. Hacking is, and always will be, a con game. No amount of technical skill is going to change this. Exploits On the technical side of things, what you are generally looking for is not some magic skeleton key that will give you all access to all password fields, its is some sort of flaw in the security code that you are trying to exploit. A cheat code in a video game is an exploit, so is a program that takes advantage of buffer overflow. No Hand Holding Some people might be cool and help you out, but they are generally the exception to the rule. Even they will get frustrated if you are trying to discuss something you saw in a movie or are too slow and can not keep up. As an amatuer, many topics will simply be beyond your understanding at first, and you will have to learn many fundamental skills before you can even approach certain topics. There are just as many people out there who will try to fuck you over for no god damn reason and try their stupid "pranks" on you. There is some real malicious shit out there too, people who will try to blackmail you, steal your credit card info, or sell your information online to shady scam artists.


One of the earliest type of hacking techniques was known as "Phone Freaking" in the early 70's, when people realized they could misrepresent themselves over the telephone. There is a ton of information you can get by pretending to be someone else, not the least of which is somebodies username and password. With a bit of research and practice, you can get access to all sorts of records and data that you would not otherwise be able to access. You might ask, "But what if I get caught?" Well, think of it this way: is somebody really going to go out of their way to track down a prank phone call? If you're really worried about it, you can always buy a disposable cell phone at radio shack.


A list of tips and tricks I'm not sure I want to share with anyone. Whenever you sign up to a forum that uses email validation, they have your email and your password. Unless you use a different password for your email as you do for your forum, they all have access to your email. This is a variant on phishing I call "netting" you can aquire large lists of emails, residential adresses and even phone numbers, either through your own private research or through payment, which can cast a broad net. For example, if you owned a popular forum, and you accessed a dozen emails, each of those emails would have a contact list. You can often get business emails simply by visiting commercial websites, which might be someones own private email, especially with smaller companies. If you can sneak a trojan into someone elses computer and get them to run it, it is relatively easy to make a batch file and attach it to a legit program using iexpress that activates the windows telnet server software feature, giving you remote access while they remain online. You can put linux on a flash drive and gain access to any compter by plugging it into the USB, rebooting, and setting the bios to boot from the flash drive. Most computers do not have a cmos password set, and even if they do, you can remove the cmos battery which will cause it to reset. I do not trust VPN networks, but I am too lazy to setup my own proxy software addons that you can download for firefox. Most of the grunt work with the addons is finding anonomous proxies that do not reveal your ipaddress. I sometimes use VPN's for piddly shit but the one i use charges by the gigabyte. Also, I have some doubts about what they do with the traffic being intercepted by their proxy servers, and at the very least am curious as to what they do with their routing meta data. Most commercial software applications have a free analogue that doesn't cost any money. They are usually serviceable, even if they don't come with all the bells and whistles that mainstream software does, and they are often simpler, though a bit more technical, to use. The iexpress program sends a function call using the Command.com which bypasses the normal user account control settings on windows. It will run any program as an adminstrator. Alternative web browsers are often less vulnrable to security exploits, and lightweight browsers with fewer graphics and less options run faster. Some examples include chrome, opera, and firefox.