NLP Patterns… Not quite needle work and stitching

We have had our brief introduction to NLP, buts now lets give you some patterns you can try out and put to good use. I will point out that many NLP patterns seem very simple, but you need to remember they are all words we are familiar with. NLP is all about the construction of the sentence, and the use of language in an appropriate context. Be brave and try them out, you may be surprised by the results.

If you check out the resources page I have recommended a couple of books, obviously these will be growing lists over time. The aim of the following is just to give you some examples of NLP Patterns / Sentences to give you some awareness, and to give you something to try out yourself.

As stated before I am not a NLP Practitioner, however the use of language, and understanding how to construct your sentences for manipulation and influence is knowledge worth having. See what you think, give them a go, and then research them further.

Redefinition – Changing the focus of conversation from their point, to your point, and then applying focus with a question. Imagine using this pattern when posing as a network engineer.

The issue is not about me not having my ID badge with me, but about the consequences to the business if I don’t repair the fault with the firewall. Can you imagine the trouble we will both be in if I don’t get this sorted ASAP?

What we are achieving here is refocusing on what is important to you, and using a question to ensure visualisation and consideration for your point of view.

Agreement Framing – Creating an opportunity to voice an opinion and increasing peoples attention through agreement. Imagine using this scenario when looking to get approval for an expensive conference.

I agree that the cost of attending Defcon is expensive, and that is why so much useful information, and valuable networking is available. I would add the issue isn’t the expense, but the value of information and contacts that will be gained from attending.

We take the approach of agreement, as when we state we disagree people shut down and don’t listen. Using agreement is interpreted that we agree with what was said, so we pay attention, and then listen to the additional information.

Interruption – Interrupting or defusing a situation by interrupting the train of thought, and the set out planned activities with a random pattern of information. Imagine a situation during an SE exercise and you are found to be somewhere you shouldn’t be, and someone is all set to escort you out and contact security.

You are approached rapidly, and as the person starts to talk and question you, you blurt out something completely random “Damn I forgot to feed my fish”. In confusion the person starts to question, you interrupt again “I have lovely fish, I bet you would love to see them”. You then move along the conversation, and make your exit as appropriate.

The approach here is really a pattern interrupt. You are stopping someone in their tracks from their planned actions both physical and verbal. You have then added confusion with a random and unrelated statement. When the question begins, you again interrupt. This is about changing perception and even where possible build rapport. Approach this one with caution is my advice, unless a close get away is available, it may result in receiving physical harm :)

Awareness – Bringing attention and focus to a topic, using language that will help visualise the topic / concept.

Do you realise how powerful NLP patterns can be to a social engineer? Imagine the experiences you will be able to achieve with this new found knowledge.

The objective of the awareness pattern is to provide information, that ensures people become aware of a topic, this may be subconscious but it will often not be questioned. In the event of questioning it could be followed up with another similar pattern.

Obviously these are just a few examples, there are many defined patterns in many books. The idea here is for you to get some examples, you can then spot them when you hear them, and easily create your own.

April 26, 2010 | Dale | Tags: , , , , , , , , | 2 Comments »

Building Rapport and getting Buy In… Simples

Everything related to social engineering, and the various skills we have discussed all need a foundation to work from to give us the influencing power we need to have the victim / subject doing our deeds. So how do we set-up this foundation? We need to build rapport, and get the appropriate buy in. We need the person or people we are interacting with to believe 110% that we are who we say we are, and that the requests we make of them, no matter how strange are legitimate and well founded.

Wikipedia Definition – Rapport is one of the most important features or characteristics of unconscious human interaction. It is commonality of perspective: being “in sync” with, or being “on the same wavelength” as the person with whom you are talking.

Some people are better at this than others, I am sure there are various personal and cultural reasons for this, but I will go through the steps and thought processes I go through myself, when looking to build rapport, and get someone working with me to achieve my goal.

First of all consider the situation from the 3rd person, put yourself in their situation. When you start to consider your approach and communication from their perspective you can start to rehearse what your going to say and how your going to act, and give a performance you would consider believable. I appreciate alot of us will be more paranoid than the average person due to the industry we work in, but I think you get the right idea. Pitch it at the right level, and aim for success, rapport, buy in, and ultimately influence and leverage.

Then is the option of faking it. What I mean is act as if rapport already exists, and you have known the group or individual you are interacting with for years. It may sound odd, but doing this will put you at ease, and you will give off unconscious signals, and these will be picked up and mirrored by the people you are speaking with, and you can continue forward from there. Personally I would say incorporate this concept to some extent, but don’t really on it fully, and bundle it with other rapport building techniques.

First impression count. Walking up to someone, smiling and extending your hand and greeting sets up a situation of social compliance. The fact they smile back and shake your hand means you have succeeded in your initial rapport building exercise. You asked them to do something and they did, you have leverage. From here there are various possibilities to elevate your situation. Perhaps you will use information you have gathered from open source information gathering techniques, or build upon the guise you have formed for interaction. Perhaps you are playing the part of a sales man, technician, cleaner, etc.

Matching and Mirroring techniques. This is essentially mimicking, but not to a level that someone thinks your taking the piss. So what we are talking about is mirroring someone’s posture, gestures, breathing and such like. The reason for this process working is, the basis that people like people who are like themselves. From here you can change the tempo and watch for them unconsciously mirroring you, this leads to the rapport and buy in on an unconscious level.

Identifying similarities and listening. Another key element to building rapport is identifying similar interests (real or fake) and listening to the other person. Everyone likes the sound of their own voice, some more than others. This works really well at getting compliance, and all you need to do is drop in the occasional request or command, and get acceptance and confirmation and you know you are on your way.

Finally I will say that ensuring you look the part for the role you are playing, and you have the knowledge that should be associated with that role, and giving reassurance to your victim / subject. So if the role you are playing is of a telco engineer, have a basic comprehension of the lingo used, location of kit, who you should be interacting with, and wear the right clothes and badges. Take things a step further, and set expectations, and reassurance of what is going to happen, whether this is real or not doesn’t matter, this is just to get buy in.

So to summarise, I look to consider how my approach will be interpreted by the victim / subject, ensure I look the part, clothes, badges, business cards, tools, knowledge, etc. I communicate in a confident, influential manner, remain assertive, but open to discussion and listen. From here I will use appropriate opportunities to verify rapport and buy in, once confirmed go about getting what is needed. This last part is key. If you have not succeeded with getting buy in, most times its not worth pushing your luck, you would be best of rethinking your approach, and who to interact with. We will look later at reading the body signals to understand what someone is experiencing, and this is another useful skill for measuring your progression when building rapport.

Like many of the skills in SE, practice is a key element in success. I encourage you to go out and make friends with strangers you meet on the street, in bars etc. This is great practice for building rapport, you can use your other skills to spark conversation, magic, mentalism, and if its not working bosh them under and tell them YOU WILL LIKE ME :)

April 19, 2010 | Dale | Tags: , , , | 1 Comment »

Social Engineering Tool Kit 0.5 Released

The Social Engineering Tool Kit by Dave Kennedy has been updated to 0.5, Return of the Lemon :)

I have only just updated my version this morning, so have not yet had time to try out the new features myself, but I have to say I am excited by what the new version brings. Here are the high lights:

  • Harvesting of Credentials
  • Reporting Engine
  • SET HakSaw
  • Many Many Bug Fixes

I am excited about the new ability to harvest usernames and passwords from my cloned web pages, this really does bring a new and beneficial element to this approach. The HakSaw is also good news, allowing the SET to go more mobile. I look forward to seeing how this develops, especially with regards to any automation around autorun disabled clients. Keep up the awesome work Dave, and all that have helped along the way.

For full details of this release visit the Social Engineer Blog.

April 17, 2010 | Dale | Tags: , , , , | 2 Comments »

Get Out Of Jail Free Card.. Don’t leave home without it

There are many things that we may consider essential to have with us when engaging in a social engineering test, but ensuring you have your Get Out Of Jail Free card should be one of the top items on your list, along with a fake one also :)

If you look around on the web there are various examples of template, some better than others. So I thought I wouldn’t create another to add to the list, but I will put a few points below as to what content you want in your permission letter. Should you end up shit creek and get caught, this will be your paddle.

  • Customer name and applicable reference information
  • Dates of testing
  • Details of consultants carrying out testing
  • Facility Name and Info associated with sites to be accessed
  • Brief overview of what test will encompass
  • Brief detail on what the letter is, and how it should be used / handled
  • Customer Contact Information (Signature, Title, Phone Numbers) At least two

This isn’t a comprehensive list, but I think this information would give the majority of information you need for an effective Get Out Of Jail Free Card.

Carry a duplicate with fake contact information, you never know, they might not actually check, so no GAME OVER.

Feel free to add to this list via comments.

April 12, 2010 | Dale | Tags: , | 1 Comment »

Cialdini’s 6 Rules of Influence.. Pick your weapon wisely

Robert Cialdini was a professor of psychology at Arizona State University until late 2009, when I believe he retired. So if you have not heard of this guy, I think your missing out on some valuable information. After many years of research and study he has come up with 6 rules of influence. 6 points that can be put to good use to improve your chances of getting the result your looking for.

Cialdini has a very popular book available that I have linked to on the resources page called “Influence: The Psychology of Persuasion”. I have not read the book myself, but its on my list and I am sure its a worth while read. So now your thinking, you have not read the book, so what on earth are you posting about. Well, I have seen a recording of a seminar he gave in the US on his 6 rules, and I thought this information would be good to share, spark some interest, and encourage you to try them out, and perhaps take up some further reading. I am sure once you read the 6 points, they will make sense and seem obvious (like most things do once we understand) and you will be able to recall situations you have been in the past where this information may be have used, or helpful to you.

So without further a do, the 6 points.

1 – Reciprocation
This is most likely the most useful rule. Its the rule of reciprocation, the fact that its human nature to feel the need to return a favour. Its this feeling, the feeling of obligation that puts us in such a powerful situation. If I was to ask you to lend me some money for a drink, of course I would be grateful. Should you ask in the future for the same of course I would do the same, I would feel obliged to return that favour. Reciprocation does not always need to be a exact / specification exchange, the point to focus on is the obligation. So seems obvious, but many of us just throw away this powerful weapon of obligation. How often have you done something for someone, and then when they ask say thank you, you destroy the situation with “No problem, it was nothing”. Kiss it good bye, you have lost your vantage point. We have are in an excellent position when someone thanks us for something, its a point of leverage. So next time your in this situation you can simply same the following “No problem, I know you would do the same for me”. In that simple response you ensured the obligation to return the deed is cemented. The great thing about obligation, there is no real time limit on when you decide to cash it in.

Another point of leverage is when someone says no. No one likes to hear it, and no one likes to say it either. We can use the rule of reciprocation in this situation also, in the form of concessions. An example is the following. You ask your boss if you can have funding to go to an expensive conference, and you are denied. You then retreat with your tail between your legs. A few days later you ask again, but this time for a cheaper conference. This is seen as a new request, and once again, no, access denied. We can be more successful if we look for reciprocation. After someone says no, they are vulnerable, and would ideally like to please. This is the time to strike and ask again for something more reasonable. There is a high probability of this being accepted, due to reciprocation. So next time you want to attend a conference, aim higher, and when denied ask for the conference you wanted to go to. You stand a higher chance, and if they said yes anyway to the more expensive conference you are sure they would not have agreed to, then even better.

2 – Scarcity
The next rule utilises the desire for something there isn’t a lot of, when something is scarce. The approach here is to communicate in a way as to highlight what someone will lose as a result of not going in the direction you want them to. In order to get even more acceptance exclusivity is something else that can be added to the scarce mix for additional success. An example for this can be easily demonstrated when we talk about information. If we are to tell someone that we have exclusive information, about a limited one time offer, people are hooked. The thought that not everyone is privy to this information, and the fact that this something will soon be unavailable, makes the proposal even more inviting. Give some thought as to how you can use this principle.

3 – Authority
If an expert says something, then it must be true. This is something we all find ourselves falling victim to, well I gave him my information because he was an expert, an authoritative figure. So to establish ourselves as a point of authority, we need to ensure we establish ourselves early on as someone who is knowledgeable, and trustworthy before trying to influence someone. When doing this it is essential to build rapport, and also to bring to the table negative information as well as the positive, this builds the sense of trustworthiness, as well as being knowledgeable on something, and as a result being an authoritative figure.

4 – Consistency
We are more willing to say yes to a request that is consistent with something they have already said or done. If we look for people to make a commitment to something, there stands a good chance they will be consistent with what they have said or written. Research shows if we can get someone to commit to doing something verbally, or ideally written down they are more likely to do it. It is this fact, that they have already said and confirmed they will do something that gives us the consistency.

5 – Consensus
If others are doing it, we are most likely to do it, its the power of the crowd. If there is a peception that everyone else thinks something is a good idea, or an individual is knowledgeable / authoritative, then we tend to fall in line and accept often without question that it must be true. If a friend was to introduce someone to you, and tell you that they are brain surgeon, you must likely will believe so. This is possibly a difficult example, as challenging the fact would be difficult.

6 – Liking
People prefer to say yes, to those they know and like. We can increase our chances of someone liking us by identifying similarities, complimenting people, and by cooperative efforts. We like people who are like us, we like people who like us and say so, and we like people we can work with in a cooperative way. This is another reminder of why rapport is so important.

I hope this information will be useful and some what interesting, as you can see some topics where touched on more than others. I will say that these 6 rules work globally, however research has shown that some are more significant in some countries more than others.

Reciprocation scores high in the US and UK, Authority scores high in ASIA, Consistency is very important in Germany, and Liking is very important in Spain.

April 6, 2010 | Dale | Tags: , , , , , , , | 3 Comments »

Easter Competition.. Win a Sha LoN Basic Pick Set

COMPETITION NOW CLOSED !!!

As a special treat for Easter I am going to give away a Sha LoN Basic Pick Set to one of the Head Hacker Readers.

Of course there is a catch, and you need to be in it to win it, and I will pick the winner on Friday the 9th April 2010. Send your answers eastercomp[at]headhacker.net . I am looking for a concise and interesting answer, that I think best answers this question. My decision is final, good luck.

Question -In your own opinion what skills do you think are essential to make you a good social engineer, and what item is essential to have when carrying out a social engineering assessment.

These ShaLoN Picks are great for getting your start in lock picking, and to build up confidence and splash out on a more comprehensive set in the future if you feel the need. The set contains a variety of hook picks, rake, dimple rake and a couple of different tension wrenches.

Happy Easter

April 2, 2010 | Dale | Tags: , , , , | 2 Comments »

Lock Picking.. Graceful Entry Techniques

The ability to pick a lock may not be an essential social engineering skill, but I would say its an advantageous one to have, oh and its fun to.

Wikipedia Definintion – Lock picking is the skill of unlocking a lock by analyzing and manipulating the components of the lock device, without the original key. Although lock picking can be associated with criminal intent, it is an essential skill for a locksmith. Lock picking is the ideal way of opening a lock without the correct key, while not damaging the lock, allowing it to be rekeyed for later use, which is especially important with antique locks that would be impossible to replace if destructive entry methods were used.

Those of you who have tried lock picking will be familiar with the buzz and satisfaction you get when you pop a lock, its something that never goes away. I will also say that its alot easier than people think, don’t get me wrong some locks are dead tough to pick, but many peoples assumption is lock picking is to hard to even attempt.

Before I go into the basics of lock picking, and some of the tools available to you, I will just mention a couple of situations where this skill might be handy as a social engineer.

Usually when your on a job, you have a defined objective. Now what if your objective is to get into an office room, but its locked, or information in a filling cabinet, or a cage protected with a padlock. If you have no knowledge of lock picking its possibly game over unless you want to go to destructive methods, and normally in a corporate environment we do not, this isnt an opportunistic home burglary job. However if we have an understanding of how a lock works, and we have some tools with us, then our chances of success have increased. Obviously the amount of time available for picking, and your skill level, as well as the type of lock all play into the scenario, but you could have identified the types of locks in use on a recon, and practised with this type before attempting the job.

The objective of this post is just a very simple overview. If your interested in lock picking I recommend you visit some of the forums, get some books, and get picking :)

How does a lock work, and how do we pick it?

The image above shows the common pin tumbler lock that is common around the world. Essentially when you place the correct key in a lock, both the bottom and top pins are moved by the key, and when the shear line is met accordingly by the pins, the key will turn, and the lock will open.

So if we don’t have the key what can we do. Well there are a few options. We can rake the lock, we can pick the look, one pin at a time, we can use a pick gun, or we could possibly bump the lock.

Picking and Raking

So when it comes to picking we need at least two basic things, a hook pick, and a tension wrench. We insert the tension wrench into the key way, below the pins, and apply a small amount of pressure. The amount of pressure required is an art in itself, and will be something you get a feel for over time. We then insert the hook pick and feel for the number of pins in the lock (the more pins the harder to pick). One by one, with a small amount of pressure on the tension wrench we push the pins up past the sheer line, and feel for the pins to find their position. You don’t need to do this in a particular order, as the order isn’t necessarily inline. Personally I tend to start at the back, and move around from there. Obviously we cant see into the lock, so it all has to be done by feel, and this cant take some time to get used to. I recommend people buy a practice lock with a clear casing so they can see what’s happening as they learn.

Before picking a lock I will most often rake it first, and in alot of cases the lock can be opened simply from raking alone. So to rake a lock we use a rake instead of the hook pick. As before we position the tension wrench, and then insert the rake all the way into the keyway. Then pull and push the rake in and out of the lock in a diagonal stabbing type fashion. What we are doing here is forcing the pins about the sheer line in quick succession as we go in and out of the lock. If this doesn’t open the lock, it will have most likely picked some of the pins for us already, making the job a little easier.

The Pick Gun

The pick gun is similar in a way to raking, except it jerks all the pins up at the same time. Using a pick gun can be an effective and fast way of gaining entry, but again requires some practice to master. Many lock picking hobbyist are not fans of a pick gun, as it takes the skill and enjoyment out of picking. I agree, but if the objective is the gain entry and time is short and pick gun has its place.

Bumping

Bumping uses a specially cut key(s) based on the type of lock. The key is inserted partially into the lock, and them hit with a bumping hammer, whilst slightly turning the key. The bumping process forces the pins to jump away from each other on the shear line, allowing the lock to open. I do have generic key bumping gear, but have not had a great deal of opportunity to use it myself. Bumping can also be good for rapid entry.

Shimming

An alternative to picking a padlock, is shimming. You can place shims down either side of the shackle, and as you turn the shim around and the latch will be released. Not all padlocks work this way, but a good majority you come across will, so its handy to have some shims with you.

Forensics

I thought I would close of saying that any manipulation of a lock other than by its original key will leave some evidence behind. Lock picking will leave tiny scratches on the pins, bumping can also leaving denting on the cylinder. Just something to be aware of, that if inspected a lock will give some hints to the fact picking was attempted, but this isn’t something that would normally be considered by a layman in my opinion.

Lock Picking Kit

If you are interested in lock picking, make sure you subscribe to Head Hacker, as I will be giving away a basic lock picking set as part of a competition soon.

Links


April 1, 2010 | Dale | Tags: , , , , , , , , , , | 3 Comments »