Article Directory
Social Engineering Experiment-An informal fishing test
About SET: short for Social-engineering toolkit, social engineering toolkit. It contains many tools for social engineering attacks.
Social Engineering
Social engineering usually extracts the secrets of the user system from legitimate users by means of conversation, deception, impersonation, or spoken language. Skilled social engineers are practitioners who are good at information gathering. A lot of information that appears to be useless on the surface will be used by these people to infiltrate. For example, a phone number, a person's name, or a job ID number may all be used by social engineers.
Attack vector of penetration test in SET
Enter "setoolkit" in the kalii terminal to enter the following interface
1) Phishing attack
2) Penetration test, which is mainly used for quick attacks.
3) Third-party module, attack based on google analytics
4) The option is to update and upgrade the set, here is no demonstration
5) The option is to update the setting of the set, here is not a demonstration
6) The options are mainly some help menus, instructions, etc., here Do not demonstrate
Here we first enter 2 and press Enter. This is a penetration test, mainly for quick attacks. Because we mentioned that the main purpose of set is for social engineering phishing attacks. Phishing requires patience and may take a long time. In contrast, penetration testing is faster. So before practicing phishing, let’s take a look at penetration testing
Option 2) Penetration test-quick attack. As
you can see in the above figure, there are many attack vectors to choose from. We enter 2 here and choose a custom exp
to see that the artifact 08-067 is also there, we don’t need it, just change it. For example, you can reuse the UAF exp after the release of dos, select 4 and press Enter.
Next, enter the ip of the target machine we want to attack. After the attack starts, the target will have a blue screen and restart. At this time, the target machine cannot be accessed. You can also try to open a window to ping 10.1.1.101
Third-party modules in SET
Next, I will introduce the 3 options after startup (the experimental environment cannot be operated in this step, just an introduction)
We select 3 and press Enter to use a third-party module, as shown in the figure below
It can be seen that there is only one module currently available. This module is
used to evaluate the return on investment of advertising based on Google analytics attacked by Google analytics, and to track your Flash, video, and social networking sites and applications, most of which are delivered It exists on advertising sites, and it can be seen that the scope of the attack is still very wide.
We select 2, and press Enter.
Mode select automatic mode, enter automatic
Next, enter the target site to start the automatic attack process.
Reference material: https://zonksec.com/blog/social-engineering-google-analytics/ (this link is no longer valid)
Social engineering attack
Finally, we practice the most typical usage of a set-phishing attack, using the 1 option after startup (ie social engineering attack).
We can see a welcome interface and some attack options. We choose 1 here and press Enter. , Which means a social engineering attack.
In the options displayed next, we enter 2 and press Enter to indicate the web attack vector
Then enter 3, credential collection attack method (meaning that we can use this method to obtain sensitive information such as the victim's username and password through a phishing website)
Next, we select 1, the web page template. The advantage of this is that the phishing page we made uses the existing web page template provided by set.
In the options below, we can see that the websites of big companies such as google, facebook, twitter, yahoo can be cloned for us, we choose Yahoo, so enter 5 and press Enter.
Then enter the ip of our attacker and start phishing.
At this time, when we open the ip of the attacker on the target machine, the login interface of Yahoo will be displayed, as shown in the figure below. Of course, anyone who is a little cautious about this approach will notice that the result of entering a local area network ip opens Yahoo, and may be suspicious. This is for the convenience of the demonstration effect. The computer demonstration is used. In practice, we can open it with a mobile phone. It can be hidden.
Once the drone enters our phishing page, it will naturally enter the user name and password to log in.
(Friendly reminder: pay attention to the prompts after the attack starts. The setoolkit version will be slightly different. Versions above 7.0 will be consistent with the screenshots. The experimental environment is version 6.5. According to the prompts, the relevant files will be copied to the /var/www directory, and the password will also be It will be saved in a file named harvester_date.txt in apache_dir, so here we have to do an operation, vi /etc/apache2/sites-enabled/000-default.conf change DocumentRoot, which is the root directory, to /var/ www and then execute service apache2 restart to restart the apache service, setoolkit also restarts again to normal experiment)
Here we simulate that the victim entered 1234 and 5678 on the phishing page. You can see that there will be an echo on the attacker, in the red font login and passwd
After the victim clicks to submit on the phishing page, the phishing page will automatically be redirected to Yahoo. This is also the place to use set phishing wisely. After being phished, they will be redirected to Yahoo’s real website, which reduces the risk of being caught phishing. (The picture below is a screenshot when there is an internet connection. In order to visually show that the normal page is redirected, the target machine will show that it cannot be connected)
Since the experimental environment is not connected to the Internet, the following steps cannot be done. You can perform operations in accordance with your actual environment. The
previous steps are still the same as above, but we choose site cloning this time.
Fill in the address of kali as required
and then fill in the URL to be cloned. Here we take the oa system of xx school as an example.
Next, enter the Kali URL in the browser to
enter the username and password respectively as aa and bb. After the
victim submits the information, it will automatically jump to the correct login page. The
attacker can see the username and username in red font when they return to Kali. userpassword