Currently I have read and practiced all the "How to" section excluding the "everything else" which I promise i will go through including the practices. I am almost half way through the old forums threads (meaning pages 1 through 5) including all the links in those sections. Guys (meaning noobs) a huge gold mine of information (hint hint)!!!! I will be exploring "Hack this site" after I finish this site.
I am not attempting to brag on the above, I am just attempting to demonstrate that I have done my DD (Due Diligence, in hacking terms "recon" before posing this question.
It appears to me that IT and Law Enforcement are gaining greater skills at tracking a hack, As such the more that we can remove ourselves and incorporate Social Engineering in the equation, meaning the less Data , well we will call them enemy, will have to work with. Again I am not saying they are the enemy but in the case of this scenario and playing the part of a hacker they would be.
I have a way to Target a group, located in a specified demographic area which will gain me the greatest reward for a client side access to a business system. All threw social engineering, which means no email to trace. I see and really like the client side attack against a server and think this might be the way of the future for hackers. Only because there are still so many vulnerability in the client side. Attack from within :). I am still a noob but what do you all think
5 Responses
So what I am asking is,
1:Do you think that the more we can incorporate social engineering into a hack. Meaning "less digital footprint" would increase the success of a hack. Or would it be better to just grab Ip addresses from the net.
2: What would be the best exploit that would have the greatest range of access for a client within a specified demographic area using lets say a web based exploit. Yes i understand that each exploit is specific to a client OS. Again this is for research. :)
Now again this would be keeping in mind that through social engineering I can pick what format I want the "victim" to use be it MP4, Flash, ect, this is the part where i can have unlimited ability to create the exploit, which hopefully will give me the widest range of clients to attack. ( meaning xp, linux, win, Mac. Without leaving a trace to where this whole attack came from. Again, No email address,, no requests, just the client logging into a site and or Torrent, whatever i use.
Some Brilliant ideas you have there Jon,
What I would do is setup a website and have different downloads of my payload for each OS. This would allow me to have the greatest possibility of success in loading a Metapreter.
Sorry guys this is how my mind works, Create questions and try to answer them. would love to hear better ideas :)
Thank you masters,
Ok so I would then have to look at the highest probability of success for each OS. Meaning, I can setup links for each OS (mac, *nix, win).
From each OS I can then break down to the exploit I want to use and require them to click on it (such as 95, 7, 8 ect, you get the idea).
Thank you, I will look into it. But am done for tonight gonna get drunk (OK already drunk, but meh). Really would love to hear ideas from the forum. :) nite all
spear phising is now all the rage and if you want to target all OS-es then the simplest way is java exploits,with a little spice of social enginering
Share Your Thoughts