The AA

On a rather interesting project, I spent an hour trying to convince the assistant of a CEO (the AA) I was targeting (1) to open a PDF that contained important information that I needed the CEO to consider. It was important to me that she open it while I was on the phone because I needed to verify that I had a connection to their network via the code I embedded in the weaponized PDF.

She wouldn’t have it. She kept on saying that she would open it later when she was free. Not good. Eventually she got tired of me (I was using every trick in the book to convince her!) and she said: “Fine! I’ll open it.”

Of course since Murphy usually come to visit during the worst moments, the exploit on the PDF didn’t work. The PDF itself had some interesting information that was relevant to my legend (together with a website I set for this job) so I was still on the game. She mentioned that this would be interesting to the CEO and that she would email me later with his opinion. That was good. I mean, my code failed for some reason (I later found that they had a firewall that was blocking all non SSL HTTP communication out so I fixed that), but I still had another chance to get some code in. I prepared the cover website by adding code that would download a piece of binary to the AA’s computer and give me a backdoor there.

A couple of days later I received an email from her and I replied with a very convincing email that contained a link to my website, something that would definitely interest the CEO. By noon I was looking at the contents of the AA’s hard drive and by the end of the day I was root on several servers on the network.

Sometimes all it takes it good social skills, some language command and good coding to hack into someone’s network. No exploits needed. That’s the beauty of social engineering.

(1) Hired to do so by the CEO's company!

Another physical pentest

I came, I listened, I conquered.