37、社交工程：人类黑客艺术的实战案例剖析-优快云博客

本文链接：https://blog.youkuaiyun.com/perl8/article/details/154230274

社交工程：人类黑客艺术的实战案例剖析

在网络安全领域，社交工程是一种极具威力的手段。下面我们通过一个真实的案例，深入探讨社交工程在实际中的应用以及我们能从中汲取的宝贵经验。

案例背景

“John”受雇为一家大客户进行标准的网络渗透测试。此次测试并不涉及社交工程和现场工作，只是常规地检测客户网络的漏洞。在测试过程中，起初一切都很平常，John 按照常规流程进行扫描、记录数据，并测试他认为可能存在突破口的端口和服务。

临近一天测试结束时，John 使用 Metasploit 进行扫描，发现了一个开放的 VNC 服务器。这个服务器允许控制网络中的其他机器，在整个网络防护严密的情况下，这无疑是一个意外之喜。

然而，当 John 打开 VNC 会话并记录这一发现时，屏幕上的鼠标突然开始自行移动。这一异常现象引起了 John 的高度警觉，因为在这个时间段，正常情况下不会有用户合法地连接并使用该系统。John 观察到，这个操作的人似乎对系统并不十分了解，他怀疑网络中出现了不速之客——一名入侵者。此时，John 的目标从原本要进行渗透测试的公司，迅速转变为这个组织内部的恶意黑客。

社交工程的实施

John 意识到，他需要运用社交工程手段从这名黑客那里获取尽可能多的信息，以保护他的客户。由于时间紧迫，他来不及进行周全的计划和信息收集，只能冒险尝试。

他打开记事本，迅速编造了一个借口，声称自己是一名“菜鸟”黑客，和这名黑客一样偶然发现了这个开放的系统并正在进行攻击。以下是他们之间的对话记录：
| 对话内容 | 发言者 |
| — | — |
| whats up? | John |
| hehe, just looking around | 黑客 |
| yeah, me too. Anything good? | John |
| you’re a “hacker” too? U was just looking for unsecured VNC servers | 黑客 |
| U=I | 黑客 |
| I was looking forsomething easy. this was easy. ;) You see anything else on this network? This is the only one I got. | John |
| Didn’t find anything else of interest here, most is secured pretty good. Yeah, easy to gain access, but I want admin priviliges… :D | 黑客 |
| Yeah, would be easy from here. Just a priv elev. I am interested inwhat else is here. What is this spreedsheet that is always up? | John |
| I have no idea, it was heere when I logged in, I havn’t been around much. Found this computer 2 hours ago maybe. What about you? | 黑客 |
| I had it for about a week. Off and on. Just did not do any-thing with it. Sort of lazy. What was your test file from rapid share?I just dumped strings on it and don’t reconize anything. | John |
| Cool. Well, the file was just a test i made, was trying to see if I could get a server (trojan) running. But the fire-wall didn’t allow it. | 黑客 |
| lol. I had the same problem. I did metasplit shell and no-go. Thats why I kept using this. You in the us? or out of country? I know some people in denmark. | John |
| I’m from Norway actually, hehe, I have relatives in Denmark. | 黑客 |
| You hang in any boards? like I used to like some but they have been going away | John |
| I mostly hang in some programming boards, but not much else. Have you been into hacking for a long time or what? What’s your age btw? I’m 22. | 黑客 |
| I have been on this for like fun for around a year or so. Still in school. 16. Just something to do. You ever go to evilzone? | John |
| Haven’t been there. I too mostly do this for fun, just try-ing to see what I can do, test my skills. I wrote the “VNC finder” myself btw, I have found a lot of servers, but this is the only one where I could actually have some fun | 黑客 |
| Wow. What did you write it in? Can I dl it? Do you have a handle? | John |
| It’s written in a language called PureBasic, but it’s kinda not ready for release yet, it’s only for my own use. But maybe I can share it anyway, I could upload the code some-where and let you compile it. That is if you can find some PureBasic compiler on some warez site :P | 黑客 |
| Thats cool. you can put it in that pastebin site from irc. That lets you anon post I have not done purebasic before. just python and perl | John |
| Let me see, I’ll look for that pastebin site and upload it, just give me some minutes, I’ll be around. | 黑客 |
| Ok cool! do you have a handle?I I go by jack_rooby | John |
| Handle, for what? I don’t chat on irc much or anything like that, but I could give you an email you could reah me on. | 黑客 |
| Thats cool. I mean handle like for irc and boardz and the such. heay e-mail works too. | John |
| Yeah, at the programming board I share my full name, etc. Maybe not too smart to share just yet. My email is: intruder@hotmail.com | 黑客 |
| Send me a message or whatever and I can add you on msn maybe. | John |
| I will send you a note. It is good to have someone that can program to know for this sort of stuff for when I get stuck or find something good | John |
| Hehe, yeah, we could be a team :P | 黑客 |
| Cool! let me know when you did the pastebin | John |
| http://pastebin.ca/1273205 | 黑客 |
| btw… that is kinda very in the “alpha” stage, the GUI is not really finished. but it can be configured through some viariables. | 黑客 |
| Cool. I will test it and see what I can do with it. Thanks for sharing. if I do something cool, should I e-mail you? | John |
| Yeah, please do. If you run this program for some hours you’ll find a lot servers, I even tried to make some code to detect servers that has no security and even some that has a bug which can let you log in even if it has a password. These servers will show up in the result (the “found tab”) as “insecure”. But sometimes it does a mistake and says some are insecure which are not, but that’s not many, it’s just to test them. | 黑客 |
| Wow. I saw some other vnc servers here too, but they all wanted passwords. Does your tool let us in to that? | John |
| Just a very few has the bug which can let you in, but you must use the special client for them, more info here btw: http://intruderurl.co.uk/video/ Download the zip file. | 黑客 |
| Olol, k, soI wrry | John |
| sorry. Ok, I will dl that and have a look. Thats cool. Did you write the backdoor from rapid share too? or did you get that from someplace? | John |
| I try to write most of my tools myself, this way I learn. So yes, I wrote it myself, but it was not finished, I was just wanna see if I could run a server, but it didn’t doo any-thing yet, hehe. | 黑客 |
| I see. I sort of gave up, but I thought I would come back and try some more.I figure there has to be some stuff around but I don’t have a botnet of myown to use, this guy named Zoot54 tried to sell me one, and some people vouched for him, but I did not trust him at all. And I don’t know how to write my own tools at all other then some perl and python which wont work for most windows hosts like this so I have been tryingthe metasploit but getting the firewall error. Do you have plans for this? Like something cool to do? or just moveon to the next? | John |
| Perl and python is a good start btw, I haven’t been using them myself, but when you know some languages you can easily learn more :P Maybe you should give PureBasic a try, it’s really easy actually. Hehe, a bot-net would be cool, I was thinking about making one, but it’s kinda hard to make it spread, at least on Vista. But nah, I can’t give up this server just yet, I have to try some more, there has to be a way to get more priviliges ;D | 黑客 |
| thast cool. You can have the server as I have had it for a while and don’t know what to do next. let me know what you are doing if you would so I can learn some more though. That would be cool. Do you have a myspace or facebook or any-thing? Or just use the e-mail? | John |
| E-mail works for now, when I trust you more maybe I can add you on facebook, I don’t have myspace. Yeah, I’ll keep you updated :) | 黑客 |
| Cool that works for me. Do you have a shell or do you have this same gui? Is it just a multi connection vnc? | John |
| Yeah, I just used ThightVNC or whatever and made it not dis-connect other users. I’m not a shell fan really, hehe :S | 黑客 |
| Cool. When I get a shell a lot of times I makes mistake tand dissconnect on accident | John |
| Good you didn’t dissconnect me :D Btw, when I first saw you messing around I was like “damn, the administrator is here”, hehehe… | 黑客 |
| Hah, no I looked up the time zone and they are in the middle of the US so it is the middle of the night for them. | John |
| Yeah, I did the same thing. Even did a speed test of the internet connection, hehe.They seem to have faster upload speed than download speed, weird… But handy for a DoD attack maybe. | 黑客 |
| DoS, i mean. | 黑客 |
| weird I woner what type of line it is its says it it from co. which I thought was a funny name.. Did you ever get any other systems here? I wonce saw a warez server but that was a long time ago and it is gone now. | John |
| Haven’t found any other systems. But I would sure like to access all these network computers they have… damn many, it’s some kind of university. Hehe, I printed out “hello world” previous today. | 黑客 |
| Haha did you send it to a printer or to the screen? these people would more then likkely freak out if they saw the mouse start mooving on them in the middle of the day whith tht weird spreadsheet | John |
| Haha, they probably woold, but what silly idiots runds a VNC server without a password?! I printed to some of the print-ers, I hope somebody saw it. | 黑客 |
| Haha thats is true, i bet som.. well they cant run it with out admin privs right? So it cant be just some user that did it, someone with admin would have to do it or else our back-doors should work on it and they are not going at all. Or do you think some one just changed the config? | John |
| Hmm, well, i think you’re right, maybe some admin or prankster.. | 黑客 |
| Do you do this work for a living? I keep hearing you can make money with it, and I think if I do this for a while and get to be good I might be able to get a job with it. Is that what you did? | John |
| I have earned money on programming, but never on hacking or security stuff. But that’s a good idea, people would pay to get their security tested and if we get good enough we could probably earn a lot this way. | 黑客 |
| Thats what I hope. I bought a book on the ethical hacker and think that they have some good programs in there. I don’t know what the age is to take the test, but if I do take it that might be a good start to do this work. And there are some good tools in there like the metasploit. You should take a look at it if you have not yet. | John |
| Yeah, thanks, I should check that out :) But I’m getting a little tired now btw, hehe. Can’t sit here chatting in bloody notepad all day, hehehehe. So cya later man, cool meeting you, very fun. | 黑客 |
| Yeah I was scared when I saw the rapid share up on the screen. Cool to meet you and I will e-maiul you and let you know how the program works. Tht is exciting to try that out and see what happens. You stay safe and don’t like the bad guys find you! | John |
| Hehe, thanks, the same for you btw! :) This was interesting, I think I’ll save this notepad log btw, give me a sec,lol… | 黑客 |
| there, lol, sorry | 黑客 |
| goodbye | 黑客 |
| bye | John |

通过这场对话，我们可以看到 John 快速地伪装自己，扮演了一个需要学习和帮助的新手黑客角色。他巧妙地引导黑客分享了许多信息，包括黑客的工具、编程技能、所在地区以及联系方式等。最终，John 成功获取了黑客的照片、电子邮件和其他重要的联系信息，并将这些信息报告给了客户，帮助客户解决了网络安全隐患。

案例中的经验教训

熟能生巧 ：John 能够在没有充分准备的情况下成功运用社交工程手段，很可能是因为他平时经常使用和练习这些技能。这告诉我们，在网络安全领域，不断地实践和训练是非常重要的，只有熟练掌握各种技能，才能在紧急情况下迅速做出反应。
灵活应变 ：在与黑客交流的过程中，John 并不知道对方的真实身份和反应，他只能根据对方的回答灵活调整自己的策略。这要求我们在面对复杂多变的情况时，要学会随机应变，根据实际情况做出合适的决策。
满足对方心理需求 ：John 意识到，扮演一个“菜鸟”角色可以满足黑客的虚荣心，从而让他更愿意分享信息。这提示我们，在社交工程中，了解对方的心理需求，并通过适当的方式满足这些需求，往往可以取得更好的效果。

案例分析流程

graph TD;
    A[发现异常] --> B[怀疑入侵者];
    B --> C[决定社交工程策略];
    C --> D[编造借口并交流];
    D --> E[获取信息];
    E --> F[报告客户解决问题];

通过这个案例，我们深刻认识到社交工程在网络安全中的重要性和威力。同时，我们也应该从中学到宝贵的经验教训，不断提升自己在这方面的能力，以更好地保护我们的网络安全。

社交工程：人类黑客艺术的实战案例剖析

社交工程在不同领域的重要性

从案例看社交工程的通用策略

在 John 的案例中，我们可以总结出一些通用的社交工程策略：
1. 快速伪装 ：在紧急情况下，能够迅速编造合理的身份和借口，让对方产生信任感。John 快速将自己伪装成“菜鸟”黑客，就是一个很好的例子。
2. 建立共鸣 ：通过寻找与对方的共同话题，如都对黑客技术感兴趣、遇到相同的技术问题等，拉近与对方的距离，增加对方分享信息的可能性。
3. 满足心理需求 ：了解对方的心理需求，如虚荣心、成就感等，并通过适当的方式满足这些需求。在案例中，John 满足了黑客的虚荣心，让黑客更愿意交流。
4. 灵活应变 ：在交流过程中，根据对方的反应及时调整策略，不局限于预先设定的方案。

社交工程的风险与防范

持续学习与实践的重要性

从 John 的案例可以看出，持续学习和实践社交工程技能是非常必要的。以下是一些提升社交工程能力的方法：
1. 学习理论知识 ：了解社交工程的基本原理、常见策略和心理学知识，为实践打下坚实的基础。
2. 参与模拟演练 ：通过模拟社交工程攻击和防御的场景，提高实际操作能力和应变能力。
3. 分析案例 ：研究各种社交工程案例，总结经验教训，学习他人的成功策略和应对方法。
4. 交流分享 ：与同行进行交流和分享，了解最新的社交工程趋势和技术，拓宽自己的视野。

未来社交工程的发展趋势

随着技术的不断发展，社交工程也在不断演变。以下是一些未来社交工程可能的发展趋势：
1. 结合新兴技术 ：社交工程可能会与人工智能、机器学习等新兴技术相结合，使攻击更加智能化和精准化。例如，利用人工智能生成逼真的虚假信息，提高诈骗的成功率。
2. 跨领域攻击 ：攻击者可能会结合多个领域的知识和技术，进行跨领域的社交工程攻击。比如，将网络攻击与物理入侵相结合，获取更全面的信息。
3. 针对移动设备 ：随着移动设备的普及，社交工程攻击可能会更多地针对移动设备展开。攻击者可能会通过伪装成应用程序或短信，骗取用户的信息。

总结与展望

社交工程作为一种强大的手段，既可以用于保护网络安全，也可能被恶意利用造成严重的危害。通过分析实际案例，我们可以学习到宝贵的经验教训，不断提升自己在社交工程方面的能力。在未来，我们需要密切关注社交工程的发展趋势，采取有效的防范措施，以应对日益复杂的安全挑战。同时，我们也应该将社交工程的技术和理念应用到合法的安全测试中，为保障网络安全做出贡献。

graph LR;
    A[学习社交工程知识] --> B[参与模拟演练];
    B --> C[分析实际案例];
    C --> D[交流分享经验];
    D --> E[提升社交工程能力];
    E --> F[应对未来安全挑战];

总之，社交工程是一门充满挑战和机遇的艺术，我们需要不断学习和实践，才能在这个领域中取得更好的成果，保护我们的网络和信息安全。