Hi, i'm Uncle J4ck, and for today i will talk to you about how i hacked my brother wifi using only social engineering (ofc i took his permission to do it XD)
But wait a sec !! do you know what's social engineering and what are the benefits of using it in a real world hacking ? lemme explain it to you in a simple way.
Social Engineering is basically, instead of using technological vulnerabilites, you use other techniques related to your way of speaking, your way of sneaking around, and in general related to the human body to extract and gain access to people's confidential informaions, and it causes a lot of damage you know it's like the old story of the wolf and the sheeps when the wolf is wearing a costume like a sheep and trying to take advantages of the little sheeps when their mother isn't around them it's basically the same, we use some useless stuff and we take advantages over humans. So there's a cycle that make the "how to social engineer someone" algorithm in a simple way using this image below:
-
Investigation: The hunt starts here, you are the wolf, you choose a prey (the sheeps), you start doing research on them, their social media profiles, what they like, their social relaions (their mothers / their fucking girlfriend / ...) literally everything, after you start planning on how you will attack your prey (basically choosing your attack method).
-
Hook: (You remember you are wolf and you remember the story, the wolf start getting closer to the little sheeps by pretending that he's their mother by wearing a female sheep costume), well it's the same for us, you wear a fake mask or any method and you start getting closer to your victim, sometimes it's easy and you won't even make a real life contact and sometimes there are some hard a** bastards that you need to get closer to them to hunt them.
You can resume this little paragraph in this quote "Sometimes you have to play the role of a fool"
-
Play: Onces you get the sheep's trust and he believes that you are a good friend to him or i don't know which type of relationship you will develop with him, you start manipulating him to get what you want (basically extracting informations and taking advantages).
-
Exit: when the wolf ate the sheeps, he got rid of his costume and he start looking for another prey to eat, it's basically the same when you take advantage of your prey, you cut the connections between him and you, and you start looking for another victim.
and here is the trick from my pov and experiences, you shouldn't cut the connection directly because he will feel that you suddenly diseappear and he might feel insecure that someone strange got into his life and diseappeared directly without a trace, you should cut the connection by start diseappering sometimes and you start answering his messages lately and you start giving him excuses and done, he will think that you are just busy or i don't know
For the attacks i won't get in details but i will meantion them
you can google them XD
- Phishing attacks
- Spear phishing
- Whaling
- Smishing and Vishing
- Baiting
- Piggybacking/Tailgating
- Pretexting
- Business Email Compromise (BEC)
- Quid Pro Quo (i.e., tech support scams)
- Honeytraps (romance scams)
- Scareware
- Watering hole attacks
Now you know about the social engineering stuf, i will get into the story.
Well my brother moved into a new house and he bought a new router and he used many devices to split his network stuff like a wifi for the guests and the actual real wifi and all that shit to protect his network. SO he challenged me to get into his wifi network (he said that i need to hack his wifi but without using any physical hacking or physical touch to the devices) (i knew this bastard will make it hard for me), firstly you know i did some aircrack-ng stuff (scanning to find the actual network), i tried to evil-tween attack him using a rogue based mini router, i used many techniques and this mf didn't fall into the trap), i kept bruteforcing but nothing it worked, so i started thinking like how can i break his network i start using his informations (and that was easy for me because he was my brother i already know his informations)
i started trying everything but he's not stupid to make his password look like (1223456798..) right ? XD
Anyway, one time i was going to see him and i passed by his car and i saw his vehicle registration code and it was a bit complicated password (DX853-93)
i won't give you the real code don't worry XD
i said why not, let's try it and it worked, he was using his vehicule number as a password and yea
Well this was an easy challenge for me, i didn't osint him or make a contact or start manipulating him, i just used his public informations like (his address / vehicule number / his name and last name), and you can also do the same while targeting someone, start by trying everything and grab everything that you will see about your target as much as you can
Don’t open emails and attachments from suspicious sources
Use multifactor authentication
Be wary of tempting offers
Be a skeptic. ALWAYS
Educate yourself about these kind of stuff
Update keep updating
While you are targeting someone, the osint part is the most important step in this process because
information == power
Keep your professional and private accounts safe
Don't leak a lot of informations about you in the internet, Because you might become a sheep and you will get yourself in trouble, because the wolves are always ready to hunt
Plot twist: Be a dog inside a sheep costume to take down the wolf if he wanted to take advantage of you, you know what i mean right ? XD