Gaining Physical Access - Beginners guide to hacking and penetration testing (2017)

Beginners guide to hacking and penetration testing (2017)

Gaining Physical Access:

Sometimes in order to gain access you must physically gain access to the location, below are some tips to help you gain access.

Tailgating:

Tailgating is a simple, yet effective way to gain entry into a building. An example of this would be to join a group of workers that are smoking outside of the targeted building and join them. Strike up a conversation with them, give a cigarette, try to fit in. As they return inside, follow along while still engaging in conversation. A second method would be to stay close to people while they are entering a building, chatting with someone, perhaps discussing current events. Often times if a person appears to be with the actual employees can get past the desk guard or secretary.

Disguises:

Based on your information gathering you may be able to build a suitable disguise to gain entry. Printing a vendor shirt that they company uses or running down to your local uniform supplier to disguise yourself as their local janitor company could allow you to slip in quietly and without arousing suspicion. Playing the role of a low ranking employee that has high access such as a janitor can make your job easier.

Confidence:

Appearing confident can get you far. As long as you act like you belong, even to the point in ignoring the front desk guard or secretary can actually get you access. I have seen this trick work often when used against a security guard.

Lock Picking:

Sometimes, talking or sneaking your way through the door just won't work of if you are trying to gain physical access to a server the door may be locked. In these situations being able to pick a lock is an invaluable skill to have. The basic lockpick kit will have 2 parts to it, a tension wrench that you use to turn the lock and pick itself.

The tension wrench's role is to turn the lock as much as the lock will allow while the pick itself is used to push the pins up to the shear line. Patience and a light touch is needed in order to gauge it just right. If you push too far or not far enough the pins will reset.

A good resource along with a cut away view can be found here: http://www.lockpickguide.com/pintumblerlockpick.html

References: Chris Hadnagy