Social Engineering -- The Basics

[Bablo]

this was written by me! fuck its been forever since i read this guide
i hope u all like it, i was little bit of beginner when wrote so just relax
just hope it helps!

++++++++++++++++++++++++++++++++++++++++++++++++++

Alright, before I start. This isn't a step-by-step guide to every fucking situation.
The only real way to actually become good at this shit, is by gaining experience. After all, practice makes perfect.

Another thing I'd like to say is that this shit takes time. I haven't been doing this for years and years but I've had my experience.
You've got to take things you've learned and put them into the practical scenario.

I'm going to write some basic guidelines, or "rules" that you should generally follow if you want to successfully Social Engineer someone. Again, this isn't what everyone should do but it is what I've learnt in my own experiences.

The Ten Commandments

Rule 1 (Golden Rule) - Don't, ever, push it.

Some people, aren't stupid. They won't just give out passwords or information to someone they don't know - They want trust.
If you aren't getting to him in your first conversation then delay it. Tell him you will talk to him tomorrow or something. By doing this, you will be developing trust - And thats exactly what you want.

Rule 2 - Act like you don't give a shit.

You never, ever, want the victim to know your desperate. If he realizes this, his got you in his palm. A nice way of doing this is to use words that show you are uninterested.
Be like "err.." or "uhhm.." and the best "I will be with you in a second, got someone else I need to talk to."

Rule 3 - Pretend you are doing them a favor.

You want him to think that you are helping him. Be like "Look, your pissing me off. I thought I could help you but you are actually wasting my time."
Then after like 30 seconds of silence, respond with uninterest (remember Rule 2) say something like "uhhm..I'm sorry dude, I didn't mean it like that. Sometimes I really want to help someone so it makes me angry when you don't understand that."

Rule 4 - Make them feel stupid.

Often, I get asked for server help or whatever. When you get something like this, or when like someone asks you to help them setup their FTP Host just push the conversation to a point where you reach your goal. (Getting his password) To do this is really easy, usually. Never ever be like "I need the password." instead use this method.
Tell him, "..you have to root the access of the server to 667, then after words create a SQL host..blah blah blah" Then drop the bomb, asking him "Do you know how to do it?"
Obviously, because of what you just made up he will say "Can you help me?"
When he says that his all yours.

Rule 5 - Always be busy.

If your on MSN and some random guy, you've never seen before asks you if you can help them never ever say yes. Always, pretend that you are busy and that you like have something important to take care off etc. Be like "Sorry man, but I'm quite busy here." Then when his begging you to help him, be like "You seem like a nice guy so let me have a look".
Then always be like, "Let me finish up quick, then I will be able to help you without any distractions."
This always helps in bringing in some trust.

Rule 6 - Have a conversation with them. (Optional)

From my experience, if you are ever having deals or trades with someone and you want them to go first for instance. Get them talking, so for example if I am selling eBay Gift Cards and he wants you to go first then be like; "By the way, what you are you ordering?" then if he says "A PlayStation 3 mate, I can't wait to get it." just carry on talking and say some random shit even if its not true.
"Yeah, I got mine a few days ago. It's really awesome, and I have ordered another 5 games today. "
This really helps to get the person to actually trust you, and it gives them an impression that you actually want to help them.

Rule 7 - Have good grammar.

When you look at a sales thread for example, and someone is typing in only Caps Lock you aren't really going to be interested. So, quite frankly don't be a complete illiterate retard and type with like spelling mistakes each sentence.
Be proffessional and look legit.

Rule 8 - Pretend you have had the same experience. (Optional)

Now, if someone doesn't trust you and they do not want to go first. Give them a reason like "Sorry mate, I can't go first because I have been scammed before of [ENTER AN AMOUNT HERE]! And I really don't want that to happen again."
Usually, they believe you and start talking about how they have been scammed too.

Rule 9 - Look like you actually exist.

This is pretty basic, but sometimes it helps to get an avatar. :

Rule 10 (Platinum Rule) - Don't ever reveal yourself.

No matter what you are trying to get, or trying to achieve. Never expose yourself, nowadays everyone is making logs of everything. Even if they are talking to like their mother.
If you fuck somebody over, don't rub it in their faces. You won't achieve much with this, and I learnt the hard way. Get what you want and don't say a thing more, you don't know who could be on the other side. Always remember this to be a proffesional till the end.

Alright, that took forever to write but yeah.
If you need help with like a scenario or whatever you can just contact me. I will be posting more of these as my experience grows, but this 1 is fine for now.

Remember the special rules and you will be fine.

Hope you enjoyed this tutorial by,
Regards.

 

[Bablo]

Social Engineering -- The Basics [Part 2]

In next few topics (yes, I'll try to write new ones when I catch some free time) we'll be talking about some practical scenarios. They will be based more on covering evergreen situations where you can use SE to hack without a hacking. My plan is to explain 1 method in 1 topic... OK, so letZ start with this one...


Scenario #1 - how to get admin rights on some forum using SE
The easiest way to do it is to become fake backstabber. Pick some relatively familiar forum and get a SS of a staff section (it can be even some forum where you're staff member - in that case, blur/blackout all topic titles and shit). Nice addition will be if you took SS of ACP also... It doesn't need to be the ACP of that forum. Any ACP SS would probably do the trick.

Next, pick some staff member from that forum and try to find some info on him. Nothing fancy - read 10-20 of his posts on his forum just to get a picture of his writing style and phrases that he use. When you do your homework, go to the forum you wanna fuck up and register there under the same name as the staff member on the forum you are about to "backstab" (of course - you won't). Now... Your 1st post should be introduction section - tell them few lines about yourself (that is - the staff member of that 1st forum you're using as a bait). At the end add something like "I'm admin / mod on XXXYYYZZZ.org, but I'm thinking of leaving them cause they're ugly, stupid bitches. Maybe I stay here - this sure look like a nice place to hang out.".

Now, wait until you're sure that some admin post reply saying something like "Oh, welcome to AAABBCCC.org". Then, wait like a 10-15 min and send them a PM saying: "Hey... Listen, I wanna fuck those shitholes over there. I have a suggestion for you. I'll give you their DB so you can e-mail their members, but I wanna some staff position here cause I'm to old and to experienced to be a regular member". He'll probably say something like: "Fuck off", or "Not interested". Of course - he's not trusting you. Now it's time to use those SS. Reply him and include them to PM, saying something like: "Look, I know you don't trust me... I wouldn't also in your place. But here are some proofs that I'm really staff there and that I have access to all sections. I will also provide you with DB download link." Hehe... Now, most of the ppl will take the bait just right at this point. His next PM will be: "Give me the download link".

And here we come to most genius part of whole scam. Take any other DB (i.e. pick one from MS DB/VPS dump section), rename it to XXXYYYZZZ_dd_MM_yyyy.SQL and RAR it, but put password on the fucking RAR. Do NOT enable "Hide filenames" options - you want him to see that fake filename. Upload it somewhere and PM him the download link. Naturally, he'll download it and realize that he can't extract it from RAR (cause it's password protected). He'll ask you for a password in his next PM. Reply to him: "OK, no problem - but I want to make sure you'll keep your part of the deal - make me an admin here and I'll send you the password." Most stupid fucks will give you admin permissions instantly at this point.

 

[Carding 4 Carders]

What is social engineering, and why is it a good time to start worrying about it?​

"Those who are willing to sacrifice immediate freedom for short-term security do not deserve either freedom or security" – Benjamin Franklin

Social engineering has been a pressing security issue for some time now. It is actively discussed by experts, manufacturers, and users of information devices and systems. At the same time, few people really understand the potential threats of social engineering and how dangerous it can be.
For hackers, social engineering is probably the easiest and most effective way to break into security protocols. Thanks to the rise of the Internet, we have a powerful tool for connecting devices across distances. While this has fundamentally changed communication and information sharing, it has also created loopholes for illegal access to personal information and interference with privacy.

Since ancient times, before the invention of technology, humanity has encoded and protected information.
An example is the well-known Caesar cipher, in which messages were encoded by shifting letters alphabetically. For example, the message "hello world “will turn into” ifmmp xpsmf" if we move the letters by one position, and the recipient will have to do the opposite process in order to decipher the message.
No matter how simple this encryption technique may seem to you, it has lasted for almost two thousand years!
Although today we have invented more advanced and sophisticated security systems, information security continues to be a challenge.
It is important to note that there are a great many techniques used by hackers to obtain data, and we will briefly go through some of them in order to form an understanding of why social engineering is very important.

Full search and dictionary search​

Brute force involves using an advanced set of tools to crack the security system by calculating the password by searching through all possible combinations of characters. Dictionary search involves running a list of words from the dictionary to potentially find out the user's password.
Brute force today, even as a powerful tool, is unlikely to be used due to the features of modern security algorithms. Just to understand, if the password for my account is "qwertyuiop1202@990!!!", only 22 characters, then you will need a factorial of 22 to calculate all potential combinations by the computer. And this is quite a lot.
Moreover, there are hashing algorithms that convert a given password to a hash, which will further complicate the task for the computer. For clarity, the password given earlier can be hashed in d734516b1518646398c1e2eefa2dfe99. This will significantly increase the security of your password. Next, we will look at the safety techniques in more detail.

DDoS Attacks​

DDoS attacks (short for Distributed Denial of Service) occur when a user is blocked from accessing a legitimate resource on the network. An attack can occur both on the part of the user and on the part of the resource that they are trying to access.
As a rule, a DDoS attack leads to either a loss of revenue or a loss of the user base. To carry out such an attack, a hacker can take control of several computers on the network, which will be used as part of a Botnet in order to destabilize and, in some cases, clog traffic with useless packets of information, which, in turn, will lead to overload and collapse of resources and network nodes.
Phishing

In the case of phishing, the hacker tries to get the user's data by creating a fake authorization page. As a rule, an attacker sends a message to the user on behalf of a trusted resource, such as a Bank website or social network, with a link for authorization. The link itself usually looks quite similar to the real one, but if you look at it more closely, you will find that the link text has significant differences from the original one.
For example, a phishing link paypai.com, which was once used to get a username and password from PayPal users.

Typical phishing email template:
"Dear user,
We noticed suspicious activity in your account. Click on the link to change your password and avoid blocking your account.»
Chances are 50-50 that your data has already been stolen in this way. Don't you? Have you ever logged in to a website, and after clicking the "log In" button, sign-in or login, you were thrown back to the authorization page? Was there such a thing? Congratulations, it was the same phishing attack.

How does social engineering work?​

Even now, when encryption algorithms are becoming more secure and harder and harder to crack, social engineering is still a very powerful tool.
A social engineer usually collects information about you in order to gain access to your online accounts and other protected resources. It usually forces the victim to voluntarily give up personal information through psychological manipulation. But it's not even that that's scary, but the fact that he doesn't have to come into direct contact with you, just someone who knows you is enough.
In most cases, social engineering is not applied directly to the person who acts as the end goal.
As we know, social media accounts represent real value, i.e. they are worth actual money.
You can find out about this on the website CryMore.biz
For example, recently a popular carrier in Canada got into the news due to a hacker attack on one of its customers. Technical support revealed the client's personal information as a result of social engineering, which allowed them to replace the SIM card and steal$ 30,000 in cryptocurrency.
Social engineers play on people's insecurities, inattentiveness, negligence, and ignorance when they extract vital information. In the age of mass remote support, organizations are much more likely to fall victim to hacking due to the inevitable human factor.
Anyone can become a victim of social engineering, and worse, you can be hacked without even knowing it!

How to protect yourself from social engineering?​

• Avoid using personal information, such as your date of birth, pet name, child's name, and so on, as your username or password.
• Don't use weak passwords. If you can't remember a complex password, use the password Manager.
• Be more careful when you come across an obvious lie. The social engineer doesn't know enough right away to hack You; you'll be approached with incorrect information in the hope that you'll correct them, and then they'll continue to pull data from you. Don't fall for such tricks!
• Make sure that the sender and domain are authentic before you do something according to the instructions in the email.
• Contact your Bank as soon as you notice any suspicious activity on Your account.
• If you suddenly lose the signal on your phone, contact your provider immediately. you may have encountered a SIM card clone.
• Enable 2-factor authentication (2-FA) for services that support it.

Conclusion
These steps are not a panacea for social engineering, but they will definitely make you a harder target for hackers.

 

[Carding]

Critical thinking​

The "it's always been done this way" argument has rapidly fallen out of fashion with the spread of universal literacy and mass printing, so it doesn't work as well as it used to. Today, our actions are largely determined by what we have heard or read somewhere.

But even experts often make mistakes, not to mention the fact that there are always many who want to take advantage of our credulity: from enterprising merchants of healing bracelets and unique healing techniques to unscrupulous politicians who need public support. Therefore, each of us tries to filter the surrounding information to the best of our ability, to separate the true from the false and inaccurate.

The Golden rule of journalism is "simplify first, exaggerate later". According to one story, in the 50s, the editor-in-chief of the economist issued this rule to his employees. Today it is used more widely than ever, and it is not only journalists who use it.

Everyone tries to develop rules of behavior for themselves that would allow them to maneuver in the information flow without picking up too harmful thought viruses along the way. Some do this carefully and constantly, others do not pay much attention to such protection and prefer to drift smoothly with the current. But it would be more reasonable to follow at least a primitive safety technique rules of thinking that can be used consciously and systematically.

Very often we come across statements in which we feel some kind of flaw. "Something's not right here", we think, and decide that it's best to stay away from these statements. Critical thinking skills help you understand what exactly is wrong with questionable reasoning, justify your criticism, and come up with your own arguments.

WHAT DOES IT MEAN TO THINK CRITICALLY AND CAN IT BE TAUGHT?​

Critical thinking is one of the basic academic disciplines in higher education in many English-speaking countries. Students are taught to read texts carefully, to show methodical doubt (that is, according to Descartes, to discover "what is logically possible to doubt"), to find weak points in both other people's and their own arguments, to work with concepts, and to Express their thoughts clearly and reasonably.

An important component of such training is the ability to ask the right questions. Issues may receive much more attention than is usual in the Russian education system.

One of the tasks in the course of literary history can be, for example, to come up with 50 questions for Shakespeare's hamlet — a situation that most Russian students would not dream of in their worst dreams.

Critical thinking as an academic discipline is based on the rules of formal logic, the theory and practice of argumentation, rhetoric, and scientific epistemology (a branch of philosophy that deals with the tools and limitations of cognitive activity). One of the most prominent theorists in this field was Karl Popper, who considered critical thinking to be the Foundation of all rationality. Knowledge, according to Popper, does not exist without the practice of making hypotheses, justifying or refuting them. The question of the source does not matter here at all: it is the method and relation to the source data that is important.

From this point of view, a scientific journal, tabloid press, or TV channel should be treated equally cautiously.

In one of the main manuals on critical thinking, called "the Art of asking the right questions", the authors describe two ways of thinking that anyone with a mind uses. You can, like a sponge, absorb all the surrounding information. This path is quite simple and necessary for everyone: only by getting enough facts, you can make the world around you meaningful.

A person who is closer to the first way of thinking will try to remember any material as correctly as possible, without missing a single detail. He reproduces in his head the author's thinking paths, but does not evaluate or consider them critically. This does not necessarily lead to stupid cramming and retelling without deviating from the original text: this approach can also be quite meaningful. But it lacks critical distance: you stay within the given initial framework, instead of expanding it and moving on.

Another method is similar to sifting sand in search of gold. This requires active engagement with the knowledge you are absorbing. Independent thinking without this mechanism would be impossible, all your opinions would be determined by what you last heard and read.

A person who has fully mastered the art of sifting sand understands that arguments are needed not to memorize them, but to evaluate their strength. To do this, it is necessary to transfer this task from the unconscious plane to the conscious one. What do we really do when we try to argue and disagree with someone else's position?

A well-reasoned argument may be somewhat similar to a duel, but it's definitely not like a fight in kindergarten.

REAL AND FAKE CRITICISM​

The basic structure of any argument is given by the following model: things are X because Y. There is something that they are trying to prove to us, and there is something with which they do it. To treat the material critically means to learn to separate one from the other and carefully consider their relationship. Can other conclusions be drawn based on the same data? To what extent do these arguments justify the author's conclusion?

Rejecting someone else's conclusion simply because we don't like it doesn't mean we are critical of it. This means simply not understanding its essence.

Sometimes even the most intelligent and enlightened people are tempted to look at things simplistically. This is often associated with stigmatization and the division into "friends" and "strangers" this is the basis for a significant part of our everyday social experience, in which there is a place for domestic racism, gender discrimination, and intellectual snobbery.

Another mistake that often underlies our false conclusions is the myth of "correct answers".

Many questions do have a single relatively accurate answer. For example, there is no need to discuss the distance to the moon you can just find out in the reference book. But most questions require thinking, and the answers to them can be very different. Therefore, it is not enough just to make inquiries in an authoritative source: you need to assess how convincingly the data provided are justified and try to build your own chain of reasoning.

HOW TO READ TEXTS: BASIC STRUCTURE OF REASONING​

Any text written or oral-should contain some basic elements, without which the author risks not delivering his message to the addressee.

Of course, in the texts of the media or our everyday conversations, we can easily cope without them. But if we want to have a meaningful conversation that will lead to certain conclusions, we should at least pay attention to how the reasoning is constructed. The main elements are listed below. This list can be used as a coordinate grid that can be superimposed on any expanded reasoning. And it really simplifies life a lot.

Goal
Any text is written or pronounced for a specific purpose. Who is the author talking to and what is he trying to convince the audience of? If you write the text yourself, check whether you have deviated from the set goal. But first, understand whether it has any real meaning for you, and whether it is worth the effort at all.

Problem
The problem is not something that the author has made a mistake in, but the questions that he intends to answer. It is necessary to separate those issues that have a clear solution from those that need to be considered from different points of view. In addition, large questions should be divided into smaller parts, so as not to go into empty abstractions.

Assumptions
These are the assumptions that the author takes for granted. Unconscious assumptions can put the author or audience in an awkward situation, which is illustrated by a well-known joke in which a person is asked if they have stopped drinking cognac in the morning. When we write or read something, we need to think about what these assumptions are and how true they are.
Awareness of your own prerequisites is the stage after which it becomes much easier to move forward.

Point of view
We all look at things from a limited and private perspective. Achieving absolute objectivity is impossible not only because we are all people with our own characteristics, but also because any thing can be understood from different angles. The "trick of God", that is, the claim to complete and unbiased knowledge, remains precisely an unfair trick: no one simply has enough resources to achieve knowledge of this level and quality.

Data
Any statement must be supported by relevant, i.e. relevant, data. For example, when talking about the dangers of GMOs, it is necessary to refer to scientific studies or their popular scientific translations, and not to the opinions of neighbors on the entrance. We also need to check whether the data provided relate to the problem that we are considering whether we have moved away from it somewhere.

Concepts and ideas
Concepts are thought tools that we can't do without. No matter how much we want to talk about "real things," we still need artificial models and fictional concepts to do this. The only problem is that they must be chosen correctly and clearly defined this is the key difference between objective knowledge and opinions and subjective observations.

Conclusions and interpretations
These are the ways in which you extract meaning from the data. Note that there is often a different way to make sense of the same information. If this is the case, then the data may simply not be sufficient to draw a meaningful conclusion. In this case, it is better to say it directly than to make unsubstantiated assumptions.

Consequences
What happens if we take the author's main points and conclusions seriously? What positive and negative consequences do they have? You can often see that at first glance reasonable arguments cause contradictory or meaningless consequences this is what the rhetorical technique of "driving to the point of absurdity" is based on.
The flying Macaroni Monster, like Russell's teapot is a clear example of being driven to the point of absurdity.

Bertrand Russell in the" Philosophical dictionary of mind, matter, morality" gives only three rules that, in his opinion, can significantly improve the intellectual climate of the planet, if they are accepted by a significant part of people who are trying to think and reason about something.

1. if the experts agree, the opposite opinion cannot be considered correct;
2. if they do not agree, non-experts should not consider any opinion to be correct;
3. when all the experts have decided that there is no sufficient basis for a certain opinion, it is best for the average person to refrain from judging.

These rules would indeed save us from a huge amount of what Russell calls "intellectual garbage" but isn't there something unfair about such strict regulations?

As we have already said, experts can also make mistakes, and not every situation has a clear position based on reinforced concrete truth. As for the third point, life often forces us to act in conditions of uncertainty: we can not always just stoically refrain from judging, waiting for wise experts who will put everything in its place.

To rely solely on expert opinion and dismiss everything else from the doorway is to welcome the intellectual passivity of all but a select few who have "true knowledge." It would make a lot more sense to use the skills and principles of critical thinking that everyone can really master.

 

[Carding]

SI: Politeness is a thief's main weapon!

In this article, I want to touch on social engineering methods that reflect on human weaknesses and allow you to control a person's actions for their own financial gain or to obtain any information illegally. If someone did not understand something, they will understand further in the course of reading the article. I have already mentioned more than once in my previous publications that my life circumstances forced me to resort to such a type of shadow activity as social engineering.

As I have already said, circumstances force a person to go to extremes. When there was barely enough money, desperate thoughts came to mind, some of them completely absurd. It was during this period that I learned what carding is. However, it immediately dawned on me that a beginner without a budget and with zero knowledge has nothing to catch here, so I was very interested, but more as a self-development than as a permanent source of income. After that, a crazy idea was born in my head, which was based on what I constantly encountered in my hometown.

I remember the story of a "wonderful" girl named Ilona, who spluttered with imaginary admiration when telling me how her friends "famously breed suckers". She said something like this: "Imagine, we are sitting in a company, and then a friend shows everyone a text message from the Bank in which it is written that $ 200 have come to his card." The woman was beautiful, of course, but stupid, and her social circle left much to be desired...

It was not easy for me to start doing this, something constantly gnawed at me from the inside, then, over time, this feeling was dulled. For myself, I immediately decided that I would only throw wealthy individuals who would not be particularly impoverished if such an unpleasant incident happened to them. For example, if a woman buys an expensive fur coat, then a small delivery fee for which I will throw it will not be critical for her, rather than if you divorce a poor student for a full prepayment, when she wants to buy converse sneakers with the last money.

Actually, that's how I got involved in this movement and "worked" for two or three months, the income was very decent. Frankly speaking, during this period I earned so much that it seemed like a fabulous amount to me at the time, and I had never held such money in my hands before)) BUT! Guys, you don't need to do this and I don't encourage anyone to engage in such fraud, since it's quite a nasty activity, it's better to use CI skills to rob pendos.

At first, I couldn't do anything, smart customers figured me out at a click, and I began to work normally only after some time, when I realized how to act correctly. I want to share these tips with You. Again, I do not encourage anyone to work on RU! These methods can be applied in other areas as well!

Politeness is the most important thing, so I put it in the first place, although in this article, in fact, there is no top. So each item doesn't have a specific order or sequence. Do you enjoy being spoken to politely? A polite attitude to a person disposes to trust. This is a very simple tool to get what we need from a person!

Mutual exchange - we feel obligated to respond to other people in the same way that they gave us. Offer free bonuses or discounts on subsequent purchases, it is very easy to do. Or take the topic of selling sports betting as an example. First, you offer different people free predictions for matches, and then if the team that should have won according to the free forecast wins, the person will want to buy a new bet for money. I think you know what I mean.

Forbidden fruit is sweet-Again, for example, let's say a rich aunt wants to buy a fur coat that You don't have. Tell her that it has already been booked, but the prepayment has not been made, and you agree that if this aunt transfers the prepayment , you will send the fur coat to her and not to that other, fictional aunt. Everything is elementary simple, the desire to buy goods from the aunt is already there and after she learns the shocking news that it has already been purchased, but there is an opportunity to settle this issue and buy a fur coat - it will not fall off your hook!

Herd instinct - it has nothing to do with it, but for some reason I wanted to call this point exactly that. I'll give you an example. A young woman named kitty Genovese was stabbed to death outside her new York city home in 1964. The shocking moment was that the attack lasted more than half an hour, 38 people watched it, listening to the screams, but no one intervened or even bothered to call the police. With the participation of all these people who watched what was happening, everyone's sense of personal responsibility decreases!

Limited opportunities - if you tell people that the product or service you offer is in limited quantities or even in short supply, it will immediately fly apart like hot cakes!

Image - think carefully about the image, this is very important! If you are trying to pull off some scam through the FB, then your page should be as full as possible and look alive! In any case, whatever you plan , the image should be worked out to the smallest detail in order to create a good illusion for catching a sucker.