Penetration Testing mailing list archives
Re: Testing the user community
From: "Lee Lawson" <leejlawson () gmail com>
Date: Fri, 2 Feb 2007 09:43:20 +0000
Have you just admitted to committing a crime? I don't see how you could have obtained prior written permission from all of Dr X's contacts before you started the 'test'. I don't think anyone on the mailing list would condone that sort of action. Please stay legal or you will ruin it for the rest of us! On 2/2/07, Nicolás F. Iglesias <nfiglesias () gmail com> wrote:
Once, i did a personalized phisymail from a personal PC, catched through Netbios. The intrusion was as follow: - I found a Winbox on internet, from Dr. X (i don't remember his real name). He has the netbios opened, so it was easy to broke his lan. - I learned, from DOCs, LOGs, websites visited and all data i found on his HD, who was and what kind of person he was. - I wrote an email, using a language according to his "personality" (university phd and so on...) and i "invited" his contacts to test a financial software (he and his contacts, all working on economy and finances). - The fake soft has a keylogger on it. The logs was sent to my free emailaddress. - In a few days, i was able to see all data from his friends and very interesting people (one working at my country's defense agency as an IT consultant), bank accounts, credit cards,etc. But it just was a nice experience and i didn't stole a penny. What i'm trying to expose is that, on phishing, you have to develop social engineering. NiCo ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
-- Lee J Lawson leejlawson () gmail com leejlawson () hushmail com "Give a man a fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life." "Quidquid latine dictum sit, altum sonatur." ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: Testing the user community Matthew Snider (Feb 01)
- <Possible follow-ups>
- RE: Testing the user community Des Ward (Feb 01)
- RE: Testing the user community Morris Sgt Derek P (Feb 01)
- Re: Testing the user community mblack9905 (Feb 01)
- Re: Testing the user community Javier Fernández-Sanguino (Feb 01)
- Re: Testing the user community webmaster (Feb 01)
- Re: Testing the user community Carl Jongsma (Feb 01)
- Re: Testing the user community Nicolás F . Iglesias (Feb 02)
- Re: Testing the user community Lee Lawson (Feb 02)
- Re: Testing the user community Nicolás F . Iglesias (Feb 02)
- Re: Testing the user community Pete Herzog (Feb 01)
- Re: Testing the user community Schanulleke (Feb 01)
- RE: Testing the user community Paul Melson (Feb 01)
- RE: Testing the user community webmaster (Feb 01)
- RE: Testing the user community Paul Melson (Feb 01)
- RE: Testing the user community webmaster (Feb 01)
- Re: Testing the user community Mister Coffee (Feb 01)
- Re: Testing the user community Thor (Hammer of God) (Feb 02)
- Re: Testing the user community Gadi Evron (Feb 05)
- Re: Testing the user community M . B . Jr . (Feb 06)
- Message not available
- Re: Testing the user community M . B . Jr . (Feb 07)
- Re: Testing the user community Gadi Evron (Feb 05)