exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

camera.txt

camera.txt
Posted Aug 17, 1999

Video Cameras and Social Engineering: Another Excellent Tutorial by Bernz.

tags | paper
SHA-256 | 0904c170ee137f0705f7d699ec5039749bcc5f4f31a3b4d8a2876d4a47ec2a7e

camera.txt

Change Mirror Download
Live Social Engineering: The Camera Trick

by Bernz
Special Thanks to: Dumb security personel in corporation buildings everywhere.

We live in a world where video and film cameras create a certain attitude. Watch the news
one day. A camera and a reporter shoot a story. Everytime a pedestrian walks by, they turn to the
camera, make a stupid face and grin. They are happy for those 3 seconds of background exposure.
To me, this is an idiotic attitude, but it also represents a tear that can be converted into a chasm of
a security hole.
If someone told you sincerely, "I'm gonna put you in a movie", you'd be happy. You'd
get your big dose of mass communication fame and fortune. Actually, we probably would think
he's an undercover cop and move out of state. But we're a weird bunch and we can't assume
everyone's a paranoid little fuck.
What this brings me to is that almost everyone in the world loves the camera. This is a
security flaw, believe it or not, that can be exploited to a great degree.

What do you need?

First thing's first. You need a camera. I would prefer Hi-8, but an old 8mm would do just
fine. It must have sound and a realitively clear picture. Lots of videotape and batteries are good.
You'll also want a boom mike and a friend to carry it for you. Like all social engineering,
professional appearance is what matters most of all.
Next, you need credentials. You can't just walk into your mark's office and say "I'm
gonna take video." The fact that you have a camera and a sound guy is great and lends quite a bit
to your appearance, but you need an edge. Hence, the film student. Almost every state has a
college with film students in it. Finger accounts at these colleges. A great majority of colleges
uses Student ID numbers for logins. Use a desktop publisher and whip up some fake IDs on
cardstock. If you can't do this on your own, someday i'll get off my ass and make templates.
Make sure the names correspond to your sex. If you've got a beard and your "name" is jennifer, I
don't think you'll be taken seriously.

Entrance

You have your alibi for your appearance and your equipment. Go to the front office and
talk to whoever it is that lets you in. Point the camera at the security guy. Tell him you're film
students or even better, news interns, shooting documentary footage on local <fill in company or
governmental position here>. Security guards are not noted for their intelligence, nor are they
noted for good pay and fun lives. Any chance to be on america's or even <name a county or town here>
television will make them cooperative. They'll probably give you clearance if they can. If you have
to keep up subterfuge to get in, do it. I can't instruct that as it is a case to case situation.
A boss might have to confirm this. Even if it is a government place, chances are it's a
Dilbert-esque environment. The bosses are moronic and the workers are dim and without energy.
The boss will let you in to promote his office (and himself). Anyone in any corporate structure
desires to advance much furthur. A good report on local news can definately help that out. That
one-eyed god on your shoulder can enlighten any environment though. Cameras bring an odd
sense of wonderment to those being filmed. If they think youre legit, they'll wnat you around
because you can only do them good.
If you're going to use the news scam, wear your fake IDs on the outside, like a real press
person.

In! Post-It Note Salvation

So they let you in for a tour. Idiots.
First is first, aim your camera at everything. Most important is ask about their "Jump into
the 21 century." Companies love the fact that they have the money for kick ass computers and
have no compunctions about showing that to anyone who comes along. They'll start blabbing
about their network and their T1 connections and all that shit. They'll log on for you. Aim the
camera at the keyboard at the best angle you can and record the typing. It doesn't matter if you
can see it right there or not. That's the beauty of video..check it out in slow mo at home.
Next, as you pass any post-it notes, check em out on video. Those little yellow bastards
are like water in deserts. Every office has idiots who write passwords on them.
After that, just walk around. Get ANYTHING on tape you can. Videotape is cheap, don't
be afraid to waste it. Check out security. Check out their UNIX server. Check out everything.
Use your head and just look. That's all I can say.

Clean-Up

Throw your tape in your VCR and go over everything. Look for any lapses in security.
Any passwords. Slo-mo through typing and post-it notes.
The hard part is getting in. After that, it's pretty easy.

Love and injuries,
bernz (bernz@ix.netcom.com)

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close