By Sofiane Talmat @_Sud0
"The great thing about a map: it gets you in and out of places in a lot different ways." - MacGyver
- Exploiting a bad use of tools.
- A small piece of social engineering.
- Some creativity.
- A small number of manual configuration changes..
- Unplug the network cable (I could have taken control of the mouse instead, but that would have aroused suspicion).
- Stop the DameWare service that is providing access to the support guy.
- Reconnect the network cable.
- Create a new domain admin account (since the domain administrator is the operative account on my computer).
- Restart the DameWare service.
- Log out of the machine.
Let’s recap the formula for this awesome sauce:
2. A small piece of social engineering: Just call the support desk and ask them to install some software for you.
3. A small amount of finagling on your part: Use the following steps when the help desk person logs in to push him to log in as Domain Admin:
• Change the local administrator password (7 seconds).
• Log out (2 seconds).
• Plug the network cable back in (1 second).
5. Some more finagling on your part: Do the same steps defined in step 3 to create a new domain admin account.
6. Success: Enjoy being a domain administrator for the company.
At the beginning of my IT security career I was a bit skeptical of the magic of social engineering. But through the years I have learned that social engineering still works and will always work. Even if the social engineering involves the tiniest and most basic request, if you combine social engineering with some imagination you can own a huge company. And if you are conducting a pentest you don’t always have to rely exclusively on your technical expertise in pentesting. You can draw on your imagination and creativity to build a powerful weapon using small and basic tools .... just like MacGyver.