Social Engineering Story Sharing

[iTpHo3NiX]

Hey guys! Welcome to my new thread. This thread is meant to share your SE stories with the community! Me being me, I love social engineering and its fun to exploit everyday people by different methods. This thread will serve as a play ground for sharing any stories you have using Social Engineering.

Story 1:
Title: The old days

Back in the olden times of EvilZone, say about 2007/2008 I had a pretty nice MySpace Phishing exploit that I found and decided to get to work. At the time I was running my own forum under RagnorakFX.net and had a phishing page I added to the host (MySpace.RagnorakFX.net) and it was a simple phisher. I then got a dumped MySpace user:passes booted up ultrasurf/freegate and got to work. I logged into several MySpace's and added a few lines of HTML that masked pretty much the entire page with a blank .gif that made it so anywhere you clicked, add friend, message friend, add comment, etc, would redirect them to my Phishing page. I would then log in to those and repeat the process. At the end of this, I had about 10,000 unique MySpace user names and passwords which I dumped on EvilZone. However my story isn't done there. I remember testing a few of them against email accounts and hit one. This guy used the same password for MySpace as well as his yahoo mail. When looking through his email I discovered that he recently bought a Mac through PayPal. I was curious... Went to PayPal, incorrect password so I reset it and deleted the emails. So at the time I was heavy in the torrent scene trying to get into all those special trackers. Well I had 1 highly sought after tracker at the time which I will not name for my protection as I'm still an active account holder. Anyways this tracker was and still is a top tracker and I was in the invite trading game. This tracker gave you invites for donations. I started making donations at 50€ for 5 invites (+other goodies) eventually I hit 20 invites and then did a few 10€ donations. In the end, I burned this guy's PayPal and ended up with 23 invites... However the trickery wasn't quite over. Knowing that these transactions would get charged back I waited to hear back from staff at the site. About 3 days later I was pm'd by a staff member. Let the magic continue... I had made a legitimate donation before and explained that my account was hacked and I was already talking to PayPal and the individual that I used his account. I informed them that I was sorry and that the only email any donations would come from was <my PayPal email> he had me email him from my PayPal email to confirm it was me and let me keep my account and the invites I received slipped his mind. So now I had my account in good standing, 23 invites, and a job well done. I then used these invites to get into several other top tier trackers that eventually led me to have most of the top trackers in the world and a heavy presence on several trackers which eventually led me to the p2p scene. Job well done iTpHo3NiX

Story 2:
Title: The Custom Controller
Fast forward to Yesterday (11/17/15) I accomplished a little SE that presented itself due to a faulty one I paid for. I contacted them and politely told them of the issue. I had done a little bit more research and found on 3rd party sites they're not very popular and oftenly treated like shit from some of their customers. I used this to my advantage, and decides I would play the poor not upset customer. In my initial email, I explained the issue in detail and the guy got back to me with a return label and an apology saying that it was "damaged in transit" which i know was not the case. Instead of calling them out on it, I played along. Still being oh so nice i informed him that i packaged up the controller and sent it out. At this point i asked if it was possible to add my additional customizations, Sensitive buttons ($19.99 customization) chrome gold triggers ($5.99) pro buttons ($19.99) and a red LED ($19.99). He responded with "Thank you for your time and understanding! I can have these added at no cost to you. Please let me know if you need any further assistance in the meantime, I would be happy to help." At this point I thanked him and am currently waiting for my new controller to arrive in a few days (probably Monday). I also expect a few additional goodies to come with my controller because of how nice I decided to be.

So now there is a large gap between my first story and my second story and I do have more that I can share, however I'd like to hear some of your guy's SE stories so I can enjoy before sharing.

So what are your SE stories?

[nvrmoar]

Story 1:

I work for Interpol!


When I was 23 years old and 'fed up' with the way my life was going in America I decided to spend a year in Ho Chi Minh City, Vietnam (Saigon). I decided I'd take up a job teaching English like many young traveling expats do. Living in Saigon was like the wild wild west. What we in the developed world would consider savage behavior is quite the norm. There is quite a bit of lawlessness because when people do get in trouble, the police can be easily bribed. This 'cops don't give a shit' mentality means a lot, and I mean a lot of shit goes down. It's common for people to get shitfaced drunk and drive their motorcycle home. It's common to see people blast through red lights. It's common for people to slide cops a few bucks to have them turn a blind eye.

Well, I was young and dumb and partying like a rock star in Saigon. One night after quite a bit of drinking a few friends and I hopped on our motorcycles (main mode of transportation in Vietnam) and decided to part ways. A buddy of mine led the way as we were driving the same direction. Him being white makes the likelihood of police pulling him over for no reason very high. Police assume white face means dumb foreigner who they can bully out of money. Well, he gets pulled over and I zip by pretending not to know him. Associating myself with him would be begging for them to take my money as well. Instead, I stop about 1 block ahead and casually pull over on the sidewalk. I begin to push my bike toward where my buddy had been pulled over which is absolutely legal. As I am walking by the cop glances at me, then stares back. He points at me and motions for me to come over. "FUCK!!" I'm Asian so I usually get away with a lot and I assumed he would just think I was a local. By now my friend has already paid off the cop and has gone on his way and here I am absolutely lit. The officer asks me to produce a drivers license, which like most foreigners, I did not have. Instead, I produced my American drivers license. He then goes through the script that many foreigners know too well.

Cop: "Well, you have no drivers license. So, we must take your motorcycle for 3 months or you can pay me 2,500,000vnd (about $125US)."
Me: Wait a minute.... But I wasn't even driving!! I was walking, pushing my bike!
I become furious and ask for this guy to call his supervisor. Then here comes the part people usually call BS on...
Me: "DO YOU KNOW WHO I AM!? GIVE ME YOUR BADGE NUMBER... WHAT IS YOUR NAME?!"
Cop: Wha huh? wh what huh? Who are you?
Me: DO YOU KNOW INTERPOL? I AM WORKING FOR INTERPOL! I AM A POLICE OFFICER! You wait. I am calling my superior.
I now pull out my phone and pretend to make a phone call.
Me: Uh yes, this is Agent Lee 334012. I've been pulled over by some officers. (I begin to approach the rear of the police motorcycle and pretend to be examining the plate number). Yes the plate number is 52A--
Cop: OK OK! Go. Go. Just go!.

The next day I woke up hungover.. I couldn't believe what I had done. The perfect combination of alcohol, stupidity, and luck got me out of a sticky situation with the cops. Things could've gone so... soooo wrong. I tell people this story and no one ever believes me so I don't expect anyone here to.

Anyway. I'd like to end this story by saying I don't condone behavior that puts the lives of others at risk such as driving drunk. In fact I am more embarrassed by this story than anything. It was a point in my life that I was a reckless young guy with not a care in the world. That same year I lost a friend of mine who crashed his motorcycle into the rear of a water tanker semi truck in the wee hours of the morning. Not long after that incident I was driving (drunk again) and passed out while driving my motorcycle, fortunately on a mostly empty highway. I ended up wrecking, woke up choking on cerebrospinal fluid (brain fluid) that was draining from both nostrils due to the impact of my head hitting the concrete at high speed which caused a tear in my sinuses. I suffered a very bad concussion and memory loss and that was the close call that retired me from such behavior.

[b00ms1ang]

Zoo

My first job in college was working as the IT and Reptile House Manager for a local zoo. The reptile house had over 67 different species, including extremely large snakes and alligators. My tiny 5 foot girly self spent a lot of time training and working with these magnificent creatures.

After about a year, there was a major policy overhaul at the zoo. Someone had gotten attacked and viciously gored by a muntjak (a deer folks. Someone got attacked by a deer). The boss (who honestly, knew nothing about animals as a whole) made a list of every animal in the zoo and their varying "danger levels". Of course, 90% of the reptile house made the danger list. Now, every time someone wanted to handle something on the danger list, they also had to have pepperspray in case of an emergency.

Now, I'm all for safety. And I wasn't against this policy change at all. I knew that no matter what, I wasn't going to use pepperspray (the only animals I was worried about were the 10 foot alligator Gog, and the venomous timber rattlesnake, both to whom using pepperspray would actually make the situation more dangerous). Pepperspray can damage the film over snakes' eyes (it's like a membrane cover since they don't have eyelids) and I've been bit enough times in my life where I'd rather gently manage a distressed animal than try and cause it damage in return.

However, one of my nosy and annoying coworkers, took this policy like it was her dream come true. She was spiteful towards my reptiles, particularly the 15 foot anaconda (which had nearly killed her once because she was being stupid, as she was trying to handle the easily stressed and shy animal ALONE in front of a horde of 20 children, and it began to constrict her whole body). After the policy change, she didn't enter the reptile house without her pepperspray in-hand. I lived in constant fear for my snakes and their ability to see. She also held that power over my head, saying that it would be my fault if she had to use it since it was evidence that I wasn't doing my job properly if a reptile got frightened or aggressive. I tried talking to the boss and area managers, but they didn't see a problem with the whole situation.

So, I had to take matters into my own hands.

Oftentimes, our animals would go out for programs. They'd go to schools to educate children or attend birthday parties. That day, there was a birthday party for a kid that wanted ALL reptiles. And the real kicker? He wanted the biggest alligator to come as well. I was always in charge of packing, especially when it came to the alligators. The fun thing about alligators is that they can actually be really mellow animals if you tame them out right, and if they trust you. But they also put on a great act if they don't, or if you enter their territory too quickly. I'd gotten to know my alligators and all their personalities really well, so I knew what made them tick.

My gross coworker was watching me as I packed up. Finally, I entered the alligator pen to get Gog, the big boy. I had our large industrial snake hook that I use to keep them from biting me held far ahead, which is not normal practice. The alligator, just being an alligator, began snapping violently at the hook, and deathrolling it. I know that this is normal if the hook approaches too fast, it's just a territorial response. My coworker however, did not know that was normal. She watched as I "struggled" with the big reptile, and had to "battle" him into submission. Really, it wasn't any trouble at all, it was all an act. I'd pretend to "slip" off his back, or let him "almost take" my big hook. But really, it was the usual routine and he was no more a risk than usual. Finally, with exhausted breaths I got him into the transport bin. I told her
"Dang, he's really aggressive today. Like, really aggressive. Be extra careful. A single bad swing from a tail his size could break your spine" (which is true, but at the end of the day he was a babydoll and no one was going to get hurt)

She was mortified. Terrified. And that program she was going on that day? She was going with one of the managers. I did however, tell the manager in private that all was well, all the animals were safe to take, and that there were no issues.
One of my friends also attended to program. He reported that the entire time, my gross coworker was in a frenzied panic about the big alligator. She had her pepperspray in-hand the whole time, making the manager extremely nervous. And at the end of the program, the alligator turned his head and she screamed and ran backwards.

The manager reported it to the boss, and we ended up having a meeting with me, gross coworker, and the two managers. I play coy and said that I had had no trouble with the gator, and that my coworker must have been seeing things and just didn't have the reptile experience to handle a high pressure situation. I also brought up the anaconda incident, and several other "events" that may or may not have happened how I told them. That coworker completely lost her privileges to work with the reptiles, and my reptiles were safe. I also earned a lot of credit with the boss for it, as they "should have believed me all along". I was able to use that credit to coax the managers in ordering more feed for the reptiles and give us much needed technology for the reptile house (new heat lamps, new cages, etc). I spent the next year coaxing the boss and managers, and ended up in a highly diplomatic position at the zoo (getting my friend a manager position in the birds, and earning my own permission to work with dangerous primates) until my resignation at the end of my second year working there when funds were dropped and animal care standards dropped alongside it. I still have a really good name with the boss and managers, and if the zoo ends up failing I have dibs on a good number of the legal-to-keep animals in the reptile house for my own collection.