Subliminal Hacking
The Art and Science of Social Engineering


May 24, 2010

Gaining Access.. As easy as abracadabra, alakazam

Some of you may have gathered by now, as well as infosec, social engineering, and hypnosis, I am also interested in abit of trickery pokery, magic.

In recent months I was asked to carry out an impromptu social engineering exercise as a favour to someone. Of course I obliged, almost bit their hand of infact, but we will keep that a secret. Anyway, I had discussed the generic process and results of this test with a few people, and they also found it amusing and suggested I made a post. So here we go.


You know the recon, give the building a little tour, and you are not surprised to see access controlled doors, locked windows and turnstiles on the main entrance to stop tail gating. However as we continue on our little wander we find a rear entrance, however it is also access controlled. No big surprise. However we see from the corner of our eye, something beautiful, thats right its smokers corner. The smoker is a common helper to the social engineer, and normally we could fake having a cigarette. Two problems, I have no smokes, and I don’t smoke. However I do have a set of cards on me, as I have been taking every opportunity to practice some of my tricks when ever a spare 5 minutes arise. So I sit down on the bench just up from smokers corner, and start shuffling the cards and having a little mess about.

Almost 45 mins later, a few people have been and gone, but one guy just cant resist any more. He approaches me, and in a joking tone asks “What do you think you are, a magician or something?” There is my cue. I show he a simple trick, card prediction. Hes impressed and laughing, rapport is building. He asks me if I know any others? So I get him to pick a card, and then remember it, and then go through the deck and reveal his card. He is loving it, and lets face it, who doesn’t like magic 🙂 However its getting cold, and I have got work to do. So I suggest we best go in, as I am cold, and my work wont do itself. He kindly walks we me to the rear entrance, and without asking swipes his card and lets me in. Access Gained.

I am still not sure if what happened next was a good or bad thing, but he asks me if I know any more tricks and if I would show his work mates. I explained I need to get on, but I can do something quickly. So he takes me to the first floor, and to where he sits with his two work mates. I do a quick triple card routine, which involves abit of mind reading. They are amazed and loved it. Now I really need to go.

I head down a corridor and located a small empty meeting room. Locate a network point, and plug in my La Fonera. Lights are on, we have lift off. I head back down to the rear entrance, a few people are off out for a cigarette. I tail gate and head back to the car.

In the comfort of the car, I load up BT4, connect to my La Fonera, that’s connected to the corporate network and do what needs to be done. With that little smirk on my face, of what a great few hours I have had.

So basically the magic was just another method to build rapport, and a point to build upon. I don’t think it could be used everywhere, but in general people like magic, and are fascinated buy it. The best bit was the debrief the next day with the company, they couldn’t believe the chain of events, and of course again I have to show them one of the tricks.

So I have posted the basics of this due to requests, but also to demonstrate a key thing when social engineering. Use what you know, and what you have available to you and think out of the box.

Be Sociable, Share!

    About the Author

    Dale Pearson
    has worked in IT since 1998, Infosec since 2004, and studied and performed hypnosis, mentalism etc since 2009. Dale is a full time Red Teamer with a love of social engineering and qualified hypnotherapist. He spends a great deal of time researching the various skills and techniques that make up the art and science of Social Engineering.

    One Comment

    1. trashy cat

      My brown cigarillo is my trademark. LOL.

      I have done the same but with tarot cards. People are almost immediately curious about it and as a side benefit they drop all kinds of info – a good reader lets the person being read for basically fill in all the blanks.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Time limit is exhausted. Please reload CAPTCHA.

    This site uses Akismet to reduce spam. Learn how your comment data is processed.