Sunday, February 28, 2016

Social Engineering Task # 6

This task required that I go someplace where I am not supposed to be and get evidence of being there.
It had occurred to me that there are certain attractions that I might be able to gain entry to without paying admission. By going in under false pretenses and not paying, I would be someplace that I am not rightly supposed to be. For my target I chose a well know attraction in Boston. Days before my attempt I contacted someone from a corporation that is a major sponsor of the venue and asked if employees get reduced admission. To my delight I found out that employees can attend free by simply displaying their company identification badge. The next step was to get online to see if I could find out what an ID badge for that company looks like. I then had a friend take a photo of me, pasted it into Power Point along with the company logo. With a little work I had an authentic looking ID badge. I taped it to the back of a Charlie Card to make it look more realistic and give it some substance. I placed the badge in an ID holder with a lanyard that I got from a recent trade show I attended. Before attempting entry I observed the process of how people were gaining admission. Then I waited until there was a long line. That way the attendants would be more in a hurry to get people in. I entered like I was invisible. Now that I know I can do this I can find out what other places employee of certain companies can get into without paying. The best bet is to check their web site and find out what companies are corporate sponsors that donate large sums of money. I don't feel as though there are any moral stakes involved. I am not taking anything away from anyone or causing the venue to lose money. If I had to pay the $23.00 to get in I would not go anyway. I had absolutely no remorse or bad feelings doing this. In fact I enjoyed it because it required using various soft hacking skills such as reconnaissance and observation. There was little risk involved if the hack did
not work. I am wearing the ID badge backwards so that the company cannot be identified. If you recognize the venue send your guess to drbluninja@gmail.com

            

3 comments: