Phishing and Social Engineering Techniques 2.0
Ahmed Mohamed May 22, 2013
This is the second part of the phishing and social engineering techniques series. In the , we have discussed what phishing is, as well as different types of phishing. We made a demo of a phishing attack using an email spoofing method to convince our victims to click on our links, and finally we had an overview about the Social Engineering Toolkit.
Today we are going to talk in detail about the social engineering toolkit configuration, which allows us to customize our configuration according to the attack scenario. So being familiar with the configuration options will give you a view about the full features of SET to use these features to launch attack against our victims to convince them to provide the attacker all information that the attacker needs for further attack.
What is social engineering? According to Wikipedia:
Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. This is a type of confidence trick for the purpose of information gathering, fraud, or computer system access. It differs from traditional cons in that often the attack is often a mere step in a more complex fraud.
Social-Engineer Toolkit
The Social-Engineer (SET) was created and written by David Kennedy (ReL1K) and is an open-source python-driven tool that focuses solely on attacking the weakest link in the information security chain —the human element. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.
The Social-Engineer Toolkit(SET) is included in the latest version of the most popular Linux distribution focused on security— BackTrack. It can also be downloaded through GitHub using the following command:
git clone .
Social Engineering Toolkit Update
The first step that we should take after installing BackTrack is updating the Social Engineering Toolkit. To do so, open the terminal and change directory to the SET directory, then enter the following command:
Social Engineering Toolkit configuration
The power of SET is in its configuration file. SET using its default settings works perfectly for most users, but advanced customization will help us to make sure that the attack vectors run without problems. So after updating SET, it’s time to edit the SET configuration file. So let’s walk through it.
To open SET configuration file, Open the terminal and change the directory to config folder under the SET directory, you will find the configuration file called set_config. Open it in any text editor.
While looking through the configuration file, you can change any option to get the desired result. In the first option, you can change the path of where Metasploit is located. SET uses Metasploit for the payload creations, file format bugs, and for the browser exploit scenarios. By default, the Metasploit location is /opt/metasploit/msf3.
In this option, you can choose which database Metasploit will use. By default, PostgresSQL is the default database.
In this option, you can specify how many times Metasploit should encode the payload using the standard Metasploit encoding option. By default, it encodes four times before sending the payload.
In this option, you can set auto_migrate option to on/off. ON means that the Meterpreter session will migrate to a different process. For example, if we got a Meterpreter session through a browser attack and the victim closed the browser, then the session will be dead. But if auto_migrate set to ON, the Meterpreter session will migrate to another running process so if the attacker closes the browser, the session is still live.
In this option, you can determine which executable will be used for Metasploit encoding. By default, it’s set to legit.binary, which is calc.exe.
In the next option we will determine if we want to keep the executable working. We specify this at custom_exe, which by default is calc.exe.
Here, we can run multiple Meterpreter scripts once a session is active. We can turn it off/on in the next option and specify these scripts.
In this option, we can choose which commands will be run once a Meterpreter session has been established. If you want multiple commands, you can separate them with a semicolon “;”.
You can use this to determine which port will be used for the iFrame injection while using the Metasploit browser attacks. By default, it will use port 8080. It’s better to change it to a popular port like 2153, etc.
### Define to use Ettercap or not when using website attack only - set to ON and OFF
ETTERCAP=OFF
### Ettercap home directory (needed for DNS_spoof)
ETTERCAP_PATH=/usr/share/ettercap
### Specify what interface you want ettercap or DSNiff to listen on, if nothing will default
ETTERCAP_INTERFACE=eth0
Ettercap is a free and open source network security tool for man in the middle attacks on a LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols.
The Ettercap options can be used when an attacker is on the same subnet as his victims and he wants to perform DNS poison attacks against a subset of IP addresses. When this flag is set to ON, it will poison the entire local subnet and redirect a specific site or all sites to your malicious server. There are three options for Ettercap. The first is used to allow SET to use Ettercap, and the second sets the path, and the third is to identify the interface on which Ettercap will listen.
Dsniff is a set of password sniffing and network traffic analysis tools written by security researcher and startup founder Dug Song to parse different application protocols and extract relevant information. Dsniff passively monitors a network for interesting data (passwords, e-mail, files, etc.) In this option, you can allow the use of dsniff by setting it On/Off but take in your mind that Ettercap will automatically be disabled.
Sendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer and -delivery methods, including the Simple Mail Transfer Protocol (SMTP) used for email transport over the Internet.
By setting sendmail flag to ON, Sendmail can spoof source email addresses. Sendmail must be installed before set it to ON. It’s installed by default in back track 5.
If we set this option to ON, It will allow us to sign the java applet with whatever the name that we want. For example, if we are targeting a company called “XYZ”, you can sign the java applet with “XYZ” to make it look more believable. By default the java applet is signed by Microsoft this will require you to install java’s jdk.
If we set this option to ON, SET will use the Apache web server to handle the web requests because it will increase the speed of the attack. By default SET will use Python web server and you should set the Apache root directory —which is /var/www by default.
If you are targeting a website that uses “HTTPS” protocol for communication, it’s better to make your website use “HTTPS” too, Fortunately SET allows you to incorporate SSL based attacks with it so you will need to turn the webattack_ssl to ON. And set the second option to ON if you want to use self-signed certificates and the third and fourth options should refer to the location of the client and server certificates.
Conclusion
The Social Engineering Toolkit is a powerful tool that allows the penetration tester to use against his victims to convince his victims to provide him with the required information for further attack. SET has many features that you can customize to help you to for your attack scenario.
References:
1.
2.
Source:
Ahmed Mohamed May 22, 2013
This is the second part of the phishing and social engineering techniques series. In the , we have discussed what phishing is, as well as different types of phishing. We made a demo of a phishing attack using an email spoofing method to convince our victims to click on our links, and finally we had an overview about the Social Engineering Toolkit.
Today we are going to talk in detail about the social engineering toolkit configuration, which allows us to customize our configuration according to the attack scenario. So being familiar with the configuration options will give you a view about the full features of SET to use these features to launch attack against our victims to convince them to provide the attacker all information that the attacker needs for further attack.
What is social engineering? According to Wikipedia:
Social engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. This is a type of confidence trick for the purpose of information gathering, fraud, or computer system access. It differs from traditional cons in that often the attack is often a mere step in a more complex fraud.
Social-Engineer Toolkit
The Social-Engineer (SET) was created and written by David Kennedy (ReL1K) and is an open-source python-driven tool that focuses solely on attacking the weakest link in the information security chain —the human element. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.
The Social-Engineer Toolkit(SET) is included in the latest version of the most popular Linux distribution focused on security— BackTrack. It can also be downloaded through GitHub using the following command:
git clone .
Social Engineering Toolkit Update
The first step that we should take after installing BackTrack is updating the Social Engineering Toolkit. To do so, open the terminal and change directory to the SET directory, then enter the following command:
Social Engineering Toolkit configuration
The power of SET is in its configuration file. SET using its default settings works perfectly for most users, but advanced customization will help us to make sure that the attack vectors run without problems. So after updating SET, it’s time to edit the SET configuration file. So let’s walk through it.
To open SET configuration file, Open the terminal and change the directory to config folder under the SET directory, you will find the configuration file called set_config. Open it in any text editor.
While looking through the configuration file, you can change any option to get the desired result. In the first option, you can change the path of where Metasploit is located. SET uses Metasploit for the payload creations, file format bugs, and for the browser exploit scenarios. By default, the Metasploit location is /opt/metasploit/msf3.
In this option, you can choose which database Metasploit will use. By default, PostgresSQL is the default database.
In this option, you can specify how many times Metasploit should encode the payload using the standard Metasploit encoding option. By default, it encodes four times before sending the payload.
In this option, you can set auto_migrate option to on/off. ON means that the Meterpreter session will migrate to a different process. For example, if we got a Meterpreter session through a browser attack and the victim closed the browser, then the session will be dead. But if auto_migrate set to ON, the Meterpreter session will migrate to another running process so if the attacker closes the browser, the session is still live.
In this option, you can determine which executable will be used for Metasploit encoding. By default, it’s set to legit.binary, which is calc.exe.
In the next option we will determine if we want to keep the executable working. We specify this at custom_exe, which by default is calc.exe.
Here, we can run multiple Meterpreter scripts once a session is active. We can turn it off/on in the next option and specify these scripts.
In this option, we can choose which commands will be run once a Meterpreter session has been established. If you want multiple commands, you can separate them with a semicolon “;”.
You can use this to determine which port will be used for the iFrame injection while using the Metasploit browser attacks. By default, it will use port 8080. It’s better to change it to a popular port like 2153, etc.
### Define to use Ettercap or not when using website attack only - set to ON and OFF
ETTERCAP=OFF
### Ettercap home directory (needed for DNS_spoof)
ETTERCAP_PATH=/usr/share/ettercap
### Specify what interface you want ettercap or DSNiff to listen on, if nothing will default
ETTERCAP_INTERFACE=eth0
Ettercap is a free and open source network security tool for man in the middle attacks on a LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols.
The Ettercap options can be used when an attacker is on the same subnet as his victims and he wants to perform DNS poison attacks against a subset of IP addresses. When this flag is set to ON, it will poison the entire local subnet and redirect a specific site or all sites to your malicious server. There are three options for Ettercap. The first is used to allow SET to use Ettercap, and the second sets the path, and the third is to identify the interface on which Ettercap will listen.
Dsniff is a set of password sniffing and network traffic analysis tools written by security researcher and startup founder Dug Song to parse different application protocols and extract relevant information. Dsniff passively monitors a network for interesting data (passwords, e-mail, files, etc.) In this option, you can allow the use of dsniff by setting it On/Off but take in your mind that Ettercap will automatically be disabled.
Sendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer and -delivery methods, including the Simple Mail Transfer Protocol (SMTP) used for email transport over the Internet.
By setting sendmail flag to ON, Sendmail can spoof source email addresses. Sendmail must be installed before set it to ON. It’s installed by default in back track 5.
If we set this option to ON, It will allow us to sign the java applet with whatever the name that we want. For example, if we are targeting a company called “XYZ”, you can sign the java applet with “XYZ” to make it look more believable. By default the java applet is signed by Microsoft this will require you to install java’s jdk.
If we set this option to ON, SET will use the Apache web server to handle the web requests because it will increase the speed of the attack. By default SET will use Python web server and you should set the Apache root directory —which is /var/www by default.
If you are targeting a website that uses “HTTPS” protocol for communication, it’s better to make your website use “HTTPS” too, Fortunately SET allows you to incorporate SSL based attacks with it so you will need to turn the webattack_ssl to ON. And set the second option to ON if you want to use self-signed certificates and the third and fourth options should refer to the location of the client and server certificates.
Conclusion
The Social Engineering Toolkit is a powerful tool that allows the penetration tester to use against his victims to convince his victims to provide him with the required information for further attack. SET has many features that you can customize to help you to for your attack scenario.
References:
1.
2.
Source:
Verified & Trusted WesternUnion | MoneyGram | Bank - Transferring [299$ BTC for 2000$ WU]
Verified & Trusted Electronics Carding, Carding iPhone, Samsung Carding, MacBook Carding, Laptops Carding