We've looked at various ways to crack passwords through decryption and/or brute force. But one thing I haven't touched on yet — and probably the easiest way to get a password — is to simply ask the victim for their password.
Through a process known as social engineering, defined as "psychological manipulation of people into performing actions or divulging confidential information", we can gather information about a person and then, using that information, trick them into divulging their password.
Don't believe me? Renowned hacker and social engineer Kevin Mitnick used this method almost exclusively to present himself as a credible person in order to con ordinary people into giving him their username and passwords. If you're old as fuck like me, do you remember all those phishing IMs you used to get through AOL that would typically read, "Dear Sir/Madam: Your billing information is out of date. Please provide your credit card number and expiration date so we may update your information."
You know how many people fell for that? Enough for AOL to add a warning at the bottom of IM boxes to remind people not to disclose any personal or financial information online. I'm glad people have wised up since the 1990's. Oh wait, they haven't.
What You Will Need
- Kali Linux (either a bootable LiveCD or bootable USB image)
- Internet connection
- The Harvester (included in Kali Linux)
Collecting Emails Through OSINT (Open Source Intelligence)
Gathering information on a target (company or person) has become much, much easier since the internet is a treasure trove of data relating to personal and public matters. This is step one for gathering email information about a company that can be used for good or evil (FOR LEGAL PURPOSES: Do not use the following steps maliciously. I am not responsible for your actions.)
Now, let's get to the hack: