At the end of last year a friend gave my contact information to a radio producer with an interesting project. She wanted to learn as much she could as you can from a person through different means:
- Getting his writing analyzed
- Getting his voice analyzed
- Using a private detective to follow him for a couple of days
- And of course the digital perspective (which is where I tried to pitch in)
Basically we had a target (which gave us written permission to hack him and his systems) and the idea was to go, collect all the information we could from his online presence, hack any of his accounts and / or his personal computer. One of the things we had in mind, was since “the Target” was one of the producers, is that we didn’t want to kill any of his devices.
So from a security point a view, this was fun. I took a whack at a couple of tools in order to get this done: BeEF, Metasploit (Community and Pro editions), THC-Hydra, and social-engineer-toolkit.I was really surprised how much information could be gathered without actually using exploits and how some of these frameworks are almost point and click.
I spun up some VMs, setup the tools and let Tina sent our target some prepared websites. It was we spent a lot of time trying to figure out the best times to send him the emails so he would fall into our traps with his PC and not his mobile device. Speculating when and where he would do it. For the first attempts with BeEF, I didn’t have time to automate the entire process, so I would monitor to see if he had followed the link in real time.
After the 2nd email automation and monitoring made our lives easier, but still it was a constant need to see if it had worked. Even though autopwn is pretty good, it is even better to be able to jump in manually and customize the attack when the moment is right. Another thing we learned along the way was to use sites that would actually get is attention and have him keep the page open for a while, so that the autopwn could cycle through the exploits.
At the end we ran out of time (the Christmas holidays were on our tail) and I didn’t manage to get access to his accounts.
Most of the exploits I used were caught by his AV (or didn’t work with his mobile device) and the dictionary attacks on the e-mail account didn’t work. In retrospective I should of have tried some simple phishing or going to his house to do some Wi-Fi based attacks.
You can listen to the program in German here.
My parts can be heard: 11:11-12:37 and 15:10-16:58
Leave a Reply