Recon and Dialog Details Page
Social Engineering
Providing engaging Social Engineering games for high school and up.
Detailed Scripts
Startup dialog
Hey “Player”, I found a guy we can make a fortune from! All we got to do is hack his
email account to gain access to all his financial accounts. To hack his email, we would
need to get his username and password, so let’s get on with the first one.
Username step
Pretty sure this guy uses the same username on all his accounts, that’s what all people
do!
I have spotted him on Facebook(Link), Twitter(Link), Instagram(Link). Go check him
out and see if you can spot what he uses for the username.
-
“Prompt the player to enter the username”
- Correct: Told you! Nice job!
- Incorrect: Hmmm... this does not seem quite right.
Password step
We know his username, now we need to get the password. Getting the password is a
little tricky, but I am sure we can figure this out. You see, most people associate their
passwords with something they know, like, or belong to. And all that information is
typically right in front of everybody on their social media pages. So, what you got to do
is go back to his pages and find the following information:
-
Birthdate?
-
Where is he from?
-
What schools did he go to?
-
What activities he enjoys?
-
What is his favorite movie?
Cracking step:
Good! All this information will greatly benefit our efforts. Now, there are two
routes we can go from this point. One, crack his password by trying all
combinations incorporating keywords from the information you found. I will
take care of that and you will try the second way. The thing is, most
authentication systems include account recovery mechanism incorporating
security questions. Go figure if you can answer some of his security questions
right.
-
Where did you go to high school?
-
What is your favorite activity?
-
What city you were born in?