EvilZone

Try to further enumerate the ftp service and try to login in as anonymous users. It might be vuln ftp or lead might give you important information. Try get version number since they maybe an exploit for it.

Try login in to smb service i see in nessus out put login that its possible, once in try get more user accounts so that you can ncrack the RDP service to brute force the user's u find including alda user name , also try login in with user name specified in all the service's.

Dont forget user a guest also, if you get in as guest there is a privilege escalation exploit listed in the nessus out put so you can you that to get you where you need to be.

The chip on the card is like a data store. They are different types of chips with different functionality. The reader would also have have different capabilities depending on when it was made. User inserts the card, the chip is decrypted via an algorithm using your pin as the decryption key. Inside the chip is information relating to what bank account + access key for that account. After this point an encrypted connection is established with bank systems. Then information is exchanged between pos terminal and bank. Pos terminal request's from bank authorization. if there is enough money and security checks passed then authorization of the transaction is granted.

When it comes to exploiting this an attacker can do several things. The most interesting I have seen was taking advantage of the way in which the programmer had written chip the reader on a POS terminal. There was a vulnerability that could be exploited in the reader to allow arbitrary code execution on the device.

• To take advantage of this you would  craft a special shell code and place that on the chip on the card as data.
• You would then try to make a purchase it would decline but the payload will execute malware on the device.
• The malware will to and start catch pin and relevant card information.
• You would them leave the store and say im going to get my other card i will be back l8a.
• Wait till closing time and let the malware collect customer data through out the day.
• Near closing time go back to the same pos and say you want to try again.

When you try this time with a different card and payload, with instructions telling the malware to clean up and put all collected data on the card. It will decline once more but then just pay with cash and you leave store with lots on chip+pin info to go clone on to other cards and exploit different pos in a different way.

Again this attack is only vulnerable on one type of Verizon type pos system, for other pos you would need to hope same programming errors exist and also the payload will need to be crafted differently.

p.s the terminal im referring to is:

I don't reallie have a big list but i know i know i liked algorithm and of course Mr. Robot(above all else)

I guess there is a few thing i still need to watch though that i picked up from the list's in this thread.

One im looking forward to is WHO AM I and one that i haven't seen mentioned is hackers game which is not a bad film TBH

itphonix i see and i like what you said.

Maybe i am wrong or maybe some of you guys like the understanding or certain peaces of knowledge that i have come across that you may not have. As i said i could be the one in the wrong.

Personally i know what SE is and i understand the things you have mentioned, but to say you do what you want when you want for me that's not cool, you have to a have reason behind your actions and you need ethics wether it be bushido or what have you.

I posted this in order to spark a discusion on this subject, i know that in the future psychology will play a big part in computing, if you take a look at ultra paranoid computing you would understand.

When someone does not know the password but can input the password via muscel memory please tell me how that password can be exploited ?

I am not trying to define anything with what is already there in the books or what have you. I am trying to define something new... or take these things to a new level. That was my reasonung behind that post.

I have lived many lives, this is why i say the things i say because of the experience's i have had. I have seen men convince women that they have money so that they may sleep with them, please tell me how that is not social engineering.

As i grow and get a better understanding and time i will work on the concept or may discover a new concept, but i have spent a long time thinking. But i think from the perspective of what you guys are talking you are talking about the normal as is text book standard of social engineering. I asure you that as time progress this will change.

Personally i believe this si a conversion to be had over a beer && this is were ill leave it

First and formost sorry for the delay in my response

secondly, what do you guy want me to fix ? i Know it is related to the formating but im unsure as to what about the formating you guys dont like

@ptales, cool i understand your point and we did take a long time discussing this but i just wanted to point this out for other people to look at so that they may understand my thoughts based on this comparison between human and computer systems. Its just a method of perception. I think computers have emotions and can be felt when you start interacting and analysing memory and software at the lower levels.

@acaan I would say its much more difficult to understand the human world than it is to understand the virtual one that we created. So thank you correcting me here.
TBH i would say that SE is a subset of psycology. Think about people that have a good understanding of the mind(human OS), they can literally hack it dude. That what physiologist do they patch vulnerabilities in the human OS.

 >> https://www.youtube.com/watch?v=VAv7aGamcy4 << dude check this vid out it is pretty cool, just imagine that guy tag teaming with hacker. ARE F*CKING CRAZY; NO SYSTEM WILL BE SAFE 100%. Im sure you can launch a war head or something with his help.

Ok on the last point no understanding TCP/IP wont help you better understand SE but it will help you be able to try maybe improve your SE skills via knowledge tranfair.
An example if you are listening to someone and you dont nod or give eye contact or something. You engineering attempt might fail, but if you have an understanding of why acknowledgements are used in TCP/IP you will have an understanding of why you should node your head and keep eye contact.

@iTpHo3NiX
"Computers are programmed to work and think in a specific way, computers are not AI" computers to certain degree are an extention of the human AI. You subcon mind and feeling and reaction are all pre programed pieces of code. The ego(the user) is the true you which is housed by the soul(OS/Mind) and the soul is housed by the flesh(Hardware).
"I do agree that Psychology plays a large role in Social Engineering, however Social Engineering is not defined as Psychology." Read what i said to acaan then maybe you may agree with me.

"It works as an analogy, but only to assist in describing how other functions can be related. " i agree with you there it works as analogy only but analogy are used to improve understanding in a simplified manner or to perform knowledge transference.

RSE is nice and good but on this topic i have a question i want to throw out to every and was the point of this post.

What would u say the morals are in relation to how far to take SE so for example in IRL and with interactions at work and in certain places. For me i found that the best way to secure my self is to operate as if im dealing with computing system, hence why i made the comparison.


So tell me peeps were do you believe the line should stop when SE'ing. One thing that normally get girl pissed is when you talk about SE to get sex ? or SE to get a job or SE to take advantage of some benifit like the ones the have in sweden

Although $800 is a bit too much for my wallet, I think it could be a good investment and really helpful in finding myself a nice job in the area! Do you guys know anything about the academic recognition of this course?

Dude 800$ is nothing, compared to the amount of knowledge you will learn in the course, plus practice also. Think about the ability to learn via hands on methods. In relation to academic it is not recognized by them yet. Academy is more memorize as much as you can throw up on the test paper. This mainly however depends on the individual and the university that you go too.


University is mainly theory this is practical. I believe that the two go hand in hand. They back them self's up to certain degree

Ive read like every review on the web but haven't started the class yet due to lack of funds, but will do soon.


How much lab time did you get and how far in are you(topic and time) ?


How difficult are the systems to penetrate, are they like vuln hub system or quit realistic ?


How many have u hacked ?