I arrived onsite to suite #102 (the bank’s corporate headquarters) around 9:40am.
I was impersonating a local utility worker – with all the garments like a hardhat, clipboard, obnoxious yellow vest and some old Timberland work boots. I played the part well.
When I approached the suite I saw a giant glass entrance into the main office of the bank with a secretary minding the entrance and questioning visitors. I also noticed employees were entering and exiting an unmarked door at the end of the hallway – no cameras to be seen. I proceeded slowly past the main entrance and then ran to catch the secured door as it was closing behind an unsuspecting employee. I was in!
Entering that door, I casually walked further into the office looking for opportunity. All desks and offices were occupied, and I made eye contact with a number of employees while walking around without being questioned (it must have been my great outfit.) I saw an empty office, slipped in and deployed a small device under the desk that automatically connected back to a VPN server under my control. I left the suite and returned to the hotel to check connectivity – in and out in about 10 minutes.
If that wasn’t enough, the bank has a branch down the street from me, so I decided to give them a chance to catch me there.
I arrived at the branch at around 12:30pm impersonating a local food delivery driver. The food was prepaid, of course, so I just needed to drop it off. Initial conversations with internal staff at the entrance did not yield any access to the building. Great job by them.
I asked to use the restroom on the first floor and while there successfully dropped a USB drive. This was no ordinary drive, however, because it contained a single file – a reverse shell macro-enabled Excel document titled ‘Employee Bonus Plan.xlsm’. That ought to get someone’s attention.
A final attempt to deliver the food was denied and a local police officer was now stationed by the front door standing guard. Yikes. I took the food with me and exited the building. “Have a nice day officer,” I said, hoping someone would find the drive and open the file. In and out in 10 minutes.
Back at the office. After I enjoyed few sandwiches from my ‘delivery’ – the payload executes! I saw the happy stream of data signaling the Excel document was executed on a user’s workstation and a metasploit meterpreter session was successfully established. This resulted in complete control of the user’s workstation.
With the user’s local access being administrator, persistence was established to maintain the connection through reboots. Now I had internal access at the branch and verified domain credentials to access the network like a typical employee.
With the previous access gained at the corporate office, I also owned the branch network! Anyone need a loan? Great rates!
Are you all clued up on the world’s most notorious hackers? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
So in other words, best job ever? I won't lie, AFOAF got the chills and a small rush as he read this. AFOAF Never did anything close to this scale but it reminded him of days long long ago and but hes ashamed and feel that to do this freelancing or to serve in this role to help prevent such things is what he want and must do. Not to mention, its the most fun thing in the world to try to beat break hack or bypass any sort of system. I personally stay on the whitehat side and I can't even practice anymore for fear of trouble. White hat 100% now.
Great article man thanks for that