How to Use Social Engineering to Gain Unauthorized Access to a Hotel Room
Edit: Some of the methods I show you may be difficult, or not work at famous or high quality hotels.
Welcome back, my excited hackers! Right now I am on vacation in the wonderful city of Tulum, Mexico. I thought it would be a great idea to teach you guys yet another social engineering excercise to get your brain up and running. Today we are going to be learning how to open a hotel room or other important locked room that isn't yours. This tutorial requires no lock picking, or knowledge of card readers in advance. However this tutorial does require that your hotel use card readers to open locked doors.
Skill Level: Hard
Important Note: This social engineering attack should only ever be performed on your own hotel room if you lost the key, or if it is an emergency. This tutorial claims no responsibility for anything idiotic you do with this information.
Let's imagine you are an elite hacker on an important mission to take down a government website. You know that the owner of this website is spending his vacation in the Rio Plaza Hotel, and will keep his website updated about the food and quality, meaning that he has his laptop with him. We also know his laptop is in his room and he is far away from the room at a pool. Using this attack we are going to trick an employee to unlock the door for us so we can get in, exploit (or steal if you're completely evil) his computer, and get out.
First of all we need to know this guy's room number. I'm assuming that you will be practicing this attack on your own room or a friend's room, but I will teach you how to find the room number of somebody you don't know in case of any kind of emergency.
Find out his room number by following him around for a bit. But not creepily. For instance, if he or she is lounging at a pool, get a drink at the bar right next to the pool. When he is going back to his room, walk a good 6 feet behind him and watch which room he goes into. Don't make him think you are following him, though. You want to act as if you are going to a different room. Once you have his room number you can proceed to the next steps. In the next step I can talk about some interesting things you can do with his room number.
Calling his room is something absolutely amazing you can do. Through experience, I have come to the conclusion that if you can get in contact with his room (from a mobile phone) and say that you are the front desk, they will almost always believe you. From here you can access a humungous amount of information that normally would not be given. To call his room, just call the hotel and say something like this:
Hello Rio Plaza Hotel how may I help you?
Hi could you put me through to (name) at (room number)?
Sure, One second...
Hi this is Mark from the front desk?
A hilarious example of this can be found here:https://www.youtube.com/watch?v=kazEfTx-rmw
You can go from here. Make some stuff up. If you want to do this just for fun or as a prank call, you can convince him that there have been multiple noise complaints for his room. If you want to stay focused and gather information, ask him when he registered for the hotel and how long he will stay. Ask for his name and the name of the other people in his room. You should write all of this down. I always suggest if you are writing down confidential information, always do it on paper. No system is secure, and if forensic investigators get hold of your computer, then it would be best to not have the information of another person on your text editor. Now we will look into the next step which is the actual breaking into the room.
Before we break into a room we must make sure he is not in the room. You can do this simply by knocking on the door and if somebody answers, just say you had the wrong room. If nobody answers or you know they are gone, sit in the hallway and wait for a janitor. When the janitor comes by, tell him you are locked out of your room. Don't act whiney, but still act upset. The janitor will most likely feel bad for you, and open the room for you. If he redirects you to the front desk, just act like you found it and walk away. Once you are in the room, you should have a plan in case somebody comes in.
If somebody comes in the room, your two best options are as so:
Act like you are house cleaning. You can do this by coming prepared in employee clothing. Just take a picture of an employee and cherry pick out the clothes that you need to be prepared with. Also wear a name tag, as this will tell the person entering the room that you are a staff. If you are snooping on his laptop, you should immediately close it and pick it up as if to set it on a table while he walks in. This will make it look like you are re-organizing things. In the next step, we are going to talk about some technical attacks you can do on his or her laptop, quickly and with ease.
For all of these following attacks I am going to recommend purchasing a USB Rubber Ducky to perform all of them in seconds rather than manually typing. I will also link the USB Rubber Ducky Code for every corresponding attack.
- Changing Hosts File For Phishing
You're best bet if you want to phish the target, without sending him a phony url is to change his hosts file. The host file is where you can change where a url will direct you. For instance, www.facebook.com will send you to 184.108.40.206. There is a simple tutorial on how to do this here, but if you want to use your USB Rubber Ducky to do it in under 15 seconds, the USB Rubber Ducky code is here.
- Putting a Shell On the System
While putting a shell on a system is a bit more risky, it works, and can give you access to many confidential files. There are many tutorials here on Null Byte but here are ones that might be particularly helpful for this case:
Again, if you want to do this without any manual typing in under 15 seconds, you can make a shell quickly here.
This tutorial was made to show you how easy it is to access a computer if you are at a hotel. To protect yourself from this social engineering attack I suggest always putting your computer in a safe or in a drawer where an attacker won't look for it. Also for hotel's to never let their employees open doors for people without a name. If you enjoyed this tutorial you're welcome to throw a kudo at me and if you have any questions feel free to comment below.