The ID Card

Sometimes the answer to the problem is simpler than you think. You just need to keep your eyes and mind open to any posibilities.

On a particular project a few years ago, we successfully inserted ourselves in the building of our customer by walking through the main entrance and their security guards. The trick? Their own badge ID card.

We performed the usual recon of the building during the day and night. We studied the patterns of the employees coming and going, what times were the busiest and what times the security guards were doing their patrols. However, it took us to follow several employees to realize that we could do this way easier. We discovered that this particular employee would hang the company badge on the rear view mirror when he would enter the car after work. We also discovered that he loved stopping for coffee in the morning before going to work and he would leave the car running while he ran inside the coffee shop to get his brew.

Well, armed with an RFID copier hooked into a laptop we waited for the guy to go in, we quickly opened the door, snatched the ID card, copied it and returned it to car. It took us about 40 seconds to do it.

We spent the next day perfecting the fake badge card based on pictures we took of them during the recon. We made two, one for me and one for another guy in the team. They both had the same ID, but the security guard didn't care. He saw the picture matched the face and that the ID opened the gate near the front desk. We were in.

The rest is history.

The dangers of a flat network - or how I tracked the mob boss...

Defining and Categorizing a Red Team (PDF) by Boyd White