Social engineering materials analyzed by keyou (transfer)

First, I am not a social worker. I just want to talk about my personal point of view.

I will provide you with only a few ideas.

Here I call the person we want to work with.

First,

First, search for his QQ number on the Internet, and generally get a series of BBS such as Baidu Post Bar and Baidu know. The most useful part is Baidu Post Bar, which contains a lot of information, such as schools, classes, ages, birthdays, and small numbers. Here, the trumpet is the most valuable. Ordinary people do not dare to send their privacy to the large ones.

Example: When I got online one day, my friend sent me an image in which a was using the image farming technology to steal my ID. At that time, I was bored and bored. Let's go. Because a uses my ID and his QQ profile picture is displayed in the picture sent by a friend, I enter "QQ search" and use my ID as the keyword. Four keywords are displayed. I open them one by one and find the same picture as the previous one. Record the QQ number. Baidu and Google. I found his Baidu posts, read their posts and topics of participation one by one, and found that there are only seven people he cares about, and I went to the Community one by one, I found one of them was his account number. I recorded his account number's QQ number, his account number, and read the post in his account. I found a name named "enter your name, check whether you can find the same name as yours. I also saw the name of a school in the post he followed. Not to mention, it is probably his school and a junior high school. The name of Baidu's school, websites, and BBs. Go to the blacklist decisively, and then blindly play XSS into the background, upload images, change the burp package, pass a sentence, and win shell. Take off your pants and search for the password in the database with his QQ keyword. An error occurred while logging on to the QQ mailbox. So I took his name's first letter and added his password. Then add him as a friend and say that I am a primary school student. I successfully lied to his mobile phone number and then called him to say that I was the school's teaching Director (when I intruded into the website, I saw the name of the Teaching Director), saying that our school's archive system was damaged, and some people's information was incomplete. We need to reload the database, is your name xxx in ZZZ class of YYY school. The other party said yes, and then I said that three parts of your information were damaged. Your parents' name, your ID number, and your home address. Then he said it (I spoke with him for almost half an hour before he believed me. Here I only talked about the main conversation), hung up the phone and complained on QQ, with my parents' name, ID card number, home address, the success rate of QQ appeal is very high. I applied for four times with my QQ password. The next morning, I succeeded. Change the password to password-based password protection. Then leave the name of Helen to wash and sleep.

Second,

If the other party lives very close to you, you can buy a g u disk, put the boot trojan in it, or bind the Trojan to a software in the U disk. Go to the door of his house and drop the USB flash drive into the door of his house. Remember to do a good job of investigation in the early stage. When will he go out? Never let the USB flash drive be picked up by others. After receiving the USB flash drive, many people will insert the USB flash drive into their computers to see what is in it (Curiosity kills the cat ). Then you can go home and wait for your zombie to go online. I don't need to talk about it anymore. I'm sure I have the QQ password.

Example: I have never tried it. This is what I saw in my book.

There are many other things, but I am too tired to write articles on my cell phone. Let's talk about the experience of the colorful pen.

First,

Do not be nervous when making a phone call. Find a piece of paper and write all the questions that the other party may ask.

Second,

Before adding him as a friend, you 'd better make enough preparations.

Third,

Do not have too much hope for any part of information collection, but you must have confidence. Otherwise, you will give up because you are bored.

Fourth,

Be careful and never let go of any details,

Fifth,

You can also add him to say that he is a primary school student (rarely remembered). After gaining trust, he said that your game equipment is so good, your grade is so high, and my account is blocked, if not, you have a plug-in your hand, which is very Nb. Unlimited blood. Then... understand

The reason why I wrote this article is that I have enough social engineering articles on the Internet. After writing them for a long time, I was forced to write them, and I didn't provide any ideas.

I am not a social worker, and I am not a Helen forced dog. I just want to share my views and opinions. What are the shortcomings? Welcome to discuss them.

Social engineering materials analyzed by keyou (transfer)