<HTML><body bgcolor="000000" text="ff22433" link="9900cc" vlink="#22aa22" 
alink="#0077ff">
<TITLE>SPLOITS</TITLE>
<BODY>
<H1><CENTER>Bernz's Social Engineering Exploits</CENTER></H1>
<HR>
<CENTER><H1>Revenge</h1></Center>
I'd say that if if you really want to get him, get
his number and address through four11.com or something like that. If four11 doesn't have it, 
your local library will have national phone books. Write
a professional letter. Use a water mark. Make the letter look really
nice and trustworthy. Do you have some kind of mailbox besides your own
residence to send it to? If so, use that as your return address. If you're
a phreak, so use an alternate phone number. Write to him as something
scary like as a bank or credit card company and tell him he's $5000 or
something overdrawn. At that point he should go apeshit and call that
number to straighten things out. If he doesn't respond, send another and
label it "urgent, final notice" or some shit. He should call and ask
about it. Tell him according to your computers he's too overdrawn and
you have to confiscate his credit card/or freeze his bank account. He'll
read his account number off to you at one point to which you will (a)
have his credit card/bank number and (b) tell him its not the number you
have. Tell him to go to his bank to straighten it all out. He'll go and
find nothing wrong. Send him another letter and start the cycle all
over. You'll be a pain in the ass. It doesn't really do much as far as computers 
are concerned. It's just a scam that's annoying.<P>
<HR><CENTER><H1>Corporate Stuff</H1></CENTER><P>
> I read your tutorial/essay on Social Engineering, thought it was pretty<BR>

> accurate and damn funny.  I was curious - got any special advice on good<BR>

> approaches to engineering law firms, and/or other private companies<BR>

> that  handle legal matters and information as opposed to a generic<BR>

> business or computer centre?  I haven't got anything specific in mind,<BR>

> just curious what your thoughts might be on approaching that area of<BR>

> commerce.<BR>

> -j. jc7664b@american.edu
<P>
i'd recommend the getting in by means of disguise (suit). Then ask the secretary something and take a peek at her computer. Look for what she
types, look for post it notes. Try to get her to leave for a second so
you can rifle through her stuff. 
<P>
it depends what kind of building for a law firm. A garage entrance is
good for letting you in. Just walk in and go up the garage elevator,
bypassing security. Secretaries are not smart. That's why they are
secretaries and not lawyers. Take advantage of that. Look clean shaven
and respectable. It's an influence con game. Make them believe you are
there for a reason and you're scott free. You can also tell them you're
from some computer company so they give you run of the computer. 
<P>
Another good thing is a very long term plan, but it works. If you know a
bit of programming, alter your favorite office or internet program with
vis C++. Put a bit of messed up code in it so it crashes. Go to kinkos
or staples and make a nice little package for it for $5. It looks pro.
Take it to the victim office and present it as a demo package. Make sure
you put your phone # in there. Tell them to call in case anything goes
wrong. Also tell them they get a full version for being beta testers.
Make sure they take it and try it. they'll call you. go back in and fix
the problem. this gives you full run of the computers. I know that this
one is a longshot, but I've used it and to much success.
<P>
<HR><CENTER><H1>Payroll Scam</H1></CENTER><P>
Security guards make only slightly more than McDonald's employees. At $6.50
 they are not really willing to stop a bullet. They are hardly willing to stand. They 
are not smart, otherwise they'd be cops (which aren't too bright either). In other words, 
they are a push over.<P>
You have the knowledge that you can manipulate security guards. That $6.50 matters to them 
more than anything and you know it. Let's say you need some access to their place. Call relatively
late at night where there is the late shift guard. IT MUST BE A THURSDAY NIGHT. He should be the dumbest and the last thing he 
wants at four in the morning is to be bothered and deal with people. Give yourself a professional
sounding name and speak gruffly and demandingly. This is part of the illusion. Tell him you're from
accounting and you're working on tomorrow's payroll. You're computer went down and you need some access or else 
"There will be no paychecks tomorrow" or something like that. That's a nightmare to this guy. He will do
anything he can to get his $200 bucks for his hard work. He will help you in any way possible. Walk him
through his system and things like that. Ask him to tell you what's around. You control him. Be creative.
<HR><CENTER><H1>Garage Break-In</H1></CENTER><P>
Getting into a computer is hard. So is getting into a corporate or large building. Walking past 
a security guard isn't great for keeping a low profile. Underground garages stay open almost all
the time. This is a good thing for you. No one pays attention to someone walking into a garage beacuse
they could hypothetically be getting their car. Makes sense. Garages also have elevators that go into buildings.
Some have keys to prevent awful people from getting in. Be patient, someone will come down and just
hop in. You can bypass the lobby through the elevator and go right to the place you want. If you're
wearing a suit (which you should be), scam the janitor into letting you into a place. Look hurried
and pat yourself for keys. Tell him you left them in your car and you just have to grab something really quickly. He's not smart. He's a janitor.
If he was smart, he'd be in your place. Think on your feet if anything comes up.
<HR><CENTER><h1>More to come!<BR>Send <a href="mailto:bernz@ix.netcom.com">me</a> more</h1></center><P></BODY></HTML>