Archive

Posts Tagged ‘hack’

How To Hack Facebook In less than 1 Minute

March 30, 2008 Comments off

Umm… yea… the title says it all, non-harmfull but it still screams hours of fun… enjoy 🙂

Advertisements
Categories: Geek, tech Tags: , , , , , , , , ,

The Dark Arts

December 12, 2007 Comments off

It’s no secret that since I’ve gotten access to the internet I’ve used that “wealth of knowledge” at my fingertips to learn how to do some rather insidious things. From hacking pay-per-copy Xerox machines for free copies, accessing the menus of Coke and Pepsi vending machines to change the prices to anything I want them to be (up to and including free), to accessing your home phone system to make calls without your knowledge, and even the secret phone number to the #########‘# ### ###### #### #######. I should add that I’ve never called it or been tempted to because I don’t need a black SUV showing up at my house with several “Men In Black” in it wanting to question me as to where and how I got it. But here’s a hint: if you dial the number, no matter what area code you use, it rings to the same phone, the same person will answer, and shortly there after a few gentlemen in black suits with tiny earpieces in their left ears will show up at your door and start asking “A LOT” of questions. The existence of this number has been somewhat of an “internet urban legend“, but believe me it‘s real. So if you’ve got a lot of spare time on your hands and no fear of being whisked off to some secret “black ops sight” for questioning, then have fun and go at it. I hear waterboarding can be fun.

I’ve never used anything I’ve learned for my own personal gain, it’s always been more of a challenge to know something just for the sake of knowing it, besides karma’s a bitch! But here lately, I’ve been talking to Tony and Joe about a new project to work on, and it’s kind of rekindled that fire to learn more about the “Dark Arts”. I’ve been carrying around a copy of “Hack-god” Kevin Mitnick’s The Art of Deception, I’ve read this book many times before, and it never ceases to amaze me how easy it is to get information… any information.

The Art of Deception is a book about Social Engineering: the practice of hacking the person, not the computer to get the information you want. In it Kevin shares “hypothetical” stories about how he and others may have been able to get sensitive information about people and companies. I should add that social engineers don’t refer to this book as “The Social Engineer’s Bible” for nothing, it’s written under the pretext of educating people on how to protect themselves from being “hacked”, but it’s impossible to explain how to protect weaknesses without explaining what they are and how to exploit them first.

Excerpt from Kevin Mitnick‘s The Art of Deception:

Mary H’s Phone Call

Date/Time: Monday, November 23, 7:49 AM
Place: Mauersby & Storch Accounting, New York

To most people, accounting work is number crunching and bean counting, generally viewed as being about as enjoyable as having a root canal. Fortunately, not everyone sees the work that way. Mary Harris, for example, found her work as a senior accountant absorbing, part of the reason she was one of the most dedicated accounting employees at her firm.

On this particular Monday, Mary arrived early to get a head start on what she expected to be a long day, and was surprised to find her phone ringing. She picked it up and gave her name.

“Hi, this is Peter Sheppard, I’m with Arbuckle Support, the company that does tech support for your firm. We logged a couple of complaints over the weekend from people having problems with the computers there. I thought I could troubleshoot before everybody comes into work this morning. Are you having any problems with your computer or connecting to the network?”

She told him she didn’t know yet. She turned her computer on and while it was booting, he explained what he wanted to do.

“I’d like to run a couple of tests with you,” he said. “I’m able to see on my screen the keystrokes you type, and I want to make sure they’re going across the network correctly. So every time you type a stroke, I want you to tell me what it is, and I’ll see if the same letter or number is appearing here. Okay?”

With nightmare visions of her computer not working and a frustrating day of not being able t get any work done, she was more than happy to have this man help her. After a few moments, she told him, “I have the login screen, and I’m going to type in my ID. I’m typing it now– M… A… R… Y…D.”

“Great so far,” he said. “I’m seeing that here. Now, go ahead and type your password but don’t tell me what it is. You should never tell anybody your password, not even tech support. I’ll just see asterisks here–your password is protected so I can’t see it.” None of this was true, but it made sense to Mary. And then he said, “Let me know once your computer has started up.”

When she said it was running, he had her open two of her applications, and she reported that they launched “just fine.”

Mary was relieved to see that everything seemed to be working normally. Peter said, “I’m glad I could make sure you’ll be able to use your computer okay. And listen,” he went on, “we just installed an update that allows people to change their passwords. Would you be willing to take a couple of minutes with me so I can see if we got it working right?

She was grateful for the help he had given her and readily agreed. Peter talked her through the steps of launching the application that allows a user to change passwords, a standard element of Windows 2000 operating system. “Go ahead and enter your password,” he told her. “But remember not to say it out loud.”

When she had done that, Peter said, “Just for this quick test, when it asks for your new password, enter ‘test123’. Then type it again in the Verification box, and click Enter.”

He walked her through the process of disconnecting from the server. He had her wait a couple of minutes, then connect again, this time trying log on with her new password. It worked like a charm, Peter seemed very pleased, and talked her through changing back to her original password or choosing a new one–once more cautioning her about not saying the password out loud.

“Well, Mary,” Peter told her. “We didn’t find any trouble, and that’s great. Listen, if any problems do come up, just call us over here at Arbuckle. I’m usually on special projects but anybody here who answers can help you.” She thanked him and they said good-bye.

Simple as that, SYSTEM COMPROMISED! Did you see what happened?… neither did she. I’m gonna leave you hanging and see if any of you can spot exactly what happened, and I’ll update this post in about a week or so with the answer… MWHAHAhaha..ha..h..a…