Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hacker tooltalk: Social Engineering Toolkit (SET)


Published on

For years security professionals have been telling us not to follow links or open attachments from untrusted sources, not to click “Ignore” on your browser’s security pop-ups, and not to insert untrusted thumb drives into your USB ports. Do you want to see what can happen with your own eyes? This lunch hour session will show you how to download, install, configure, and use the basic features of Dave Kennedy’s open source hacker tool, the Social Engineering Toolkit.

Published in: Spiritual, Technology

Hacker tooltalk: Social Engineering Toolkit (SET)

  1. 1. Hacker tool talk: SETThe Social Engineering Toolkit “Or how I learned to put tape over my webcam” Chris Hammond-Thrasher chris.hammond-thrasher <at> Fujitsu Edmonton Security Lab December 2011 Fujitsu Edmonton Security Lab 1
  2. 2. Agenda• Why are we here?• What is social engineering?• Setting up a security lab• About SET and its dependencies• Installing SET• SET demo• What’s next? Fujitsu Edmonton Security Lab 2
  3. 3. Why are we here? Fujitsu Edmonton Security Lab 3
  4. 4. Ethics and motives“Every single scam in human history hasworked for one key reason; the victim didnot recognize it as a scam.”- R. Paul Wilson Fujitsu Edmonton Security Lab 4
  5. 5. What is social engineering? Fujitsu Edmonton Security Lab 5
  6. 6. Social science definition• “Social engineering is a discipline in political science that refers to efforts to influence popular attitudes and social behaviors on a large scale, whether by governments or private groups… For various reasons, the term has been imbued with negative connotations. However, virtually all law and governance has the effect of changing behavior and can be considered "social engineering" to some extent. Prohibitions on murder, rape, suicide and littering are all policies aimed at discouraging undesirable behaviors. In British and Canadian jurisprudence, changing public attitudes about a behaviour is accepted as one of the key functions of laws prohibiting it. Governments also influence behavior more subtly through incentives and disincentives built into economic policy and tax policy, for instance, and have done so for centuries.” - Wikipedia (“social engineering (political science)” 26 October 2011) Fujitsu Edmonton Security Lab 6
  7. 7. Information security definition• “We define it as the act of manipulating a person to accomplish goals that may or may not be in the “target’s” best interest. This may include obtaining information, gaining access, or getting the target to take certain action.” - Chris Hadnagy ( Fujitsu Edmonton Security Lab 7
  8. 8. Setting up a security lab Fujitsu Edmonton Security Lab 8
  9. 9. Security lab reqs• It’s actually pretty easy to setup – A network • Isolated from other networks • Any wired hub, switch, or router and cable; wireless is an option; or the virtual network created by virtualization tools is also OK. • Recommendation: Keep it simple and go wired if you can – Attack/dev box • Linux or Unix is generally the best option, OS X is getting better support, or Windows as the least desirable OS. • Recommendation: OS: Backtrack Linux, Packet tool: Wireshark – Target box • Recommendation: OS: Windows (any) and VMWare (or your favorite virtualization tool) – Logging/monitoring box (Optional) • Recommendation: OS: Any, Packet tool: Wireshark Fujitsu Edmonton Security Lab 9
  10. 10. Caution• This is not a game. Attacking machines with the tools in this presentation without permission is not only unethical, but is a criminal offense in many jurisdictions. Fujitsu Edmonton Security Lab 10
  11. 11. About SET Fujitsu Edmonton Security Lab 11
  12. 12. History• The Social Engineering Toolkit (SET) – An open source project lead by Dave Kennedy, Chief Information Security Officer of a Fortune 1000 company – Leverages the Metasploit Framework, FastTrack (another Dave Kennedy lead project), and other open source tools – Originally released in 2009 to coincide with the launch of – “The Social-Engineering Toolkit (SET) is a python- driven suite of custom tools which solely focuses on attacking the human element of pentesting. It’s main purpose is to augment and simulate social- engineering attacks and allow the tester to effectively test how a targeted attack may succeed.” - from the download page Fujitsu Edmonton Security Lab 12
  13. 13. Features• SET implements a variety of targeted attacks that fall into three main categories 1. Create malicious websites through site cloning or templates that launch Metasploit or Java applet attacks at clients 2. Create and send phishing and spearphishing emails 3. Create malicious files – PDFs, MS Office docs, EXEs, etc.• Free as in speech and beer Fujitsu Edmonton Security Lab 13
  14. 14. Legit uses of SET• Penetration testing – with or without social engineering in scope – “Can an attacker still get shell when my firewall, IDS, and antivirus are awesome?” – “Can an attacker get shell on privately addressed machines behind my NATed firewall?” – “How can I check if my staff can be fooled into doing something stupid and placing the entire enterprise and our clients at risk?” Fujitsu Edmonton Security Lab 14
  15. 15. h4X0r$• Provide the technical components of social engineering attacks – “I think I can trick the CEO/CFO/Financial Analyst/DBA into clicking on a link or opening a file attachment that I email to her, but how do I create an evil site or file for her to hit?” – “If I am going to drop USB thumb drives in the target’s parking lot, what evil file should I put on it?” – “How can I encode my evil payload to evade antivirus?” Fujitsu Edmonton Security Lab 15
  16. 16. Installing SET Fujitsu Edmonton Security Lab 16
  17. 17. Choices• Easiest: Get latest Backtrack (BT5R1)• Linux power user: Use svn to install the latest build (no compile required – it’s Python) svn co set/ and firefox & (grab the latest stable Metasploit release and follow installation instructions) Fujitsu Edmonton Security Lab 17
  18. 18. Configuration• Regardless of your installation method, open and edit the set_config file in the config directory of your SET installation (in Backtrack this is pentest/exploits/SET/config/set_config)• The configuration file is well commented – don’t be afraid Fujitsu Edmonton Security Lab 18
  19. 19. SET demoFujitsu Edmonton Security Lab 19
  20. 20. SET demo• Starting it up• Updating SET and Metasploit• Menu tour• The Java applet attack vector• A quick look at post exploitation (or why I have tape over my webcam lens) Fujitsu Edmonton Security Lab 20
  21. 21. 1. HTTP GET request on port 80 (initiated by the user) 2. HTTP RESPONSES with HTML and Java payload 3. Anti-Attacker’s Web Server virus? Victim’s Browser Victim’s Firewall 4. Run unsigned Java 4. Request TCP connection on port 443 applet? 5. Command and control session established Fujitsu Edmonton Security Lab 21
  22. 22. What’s next Fujitsu Edmonton Security Lab 22
  23. 23. Learn more• Read and listen to their podcast• Read Chris Hadnagy’s Social Engineering: The Art of Human Hacking Fujitsu Edmonton Security Lab 23
  24. 24. Act locally• At work – Show your colleagues how clicking on an innocent URL and then ignoring the Java applet warning can lead to their laptop turning into a spy-cam – Show your colleagues how scam emails can lead to your computer being compromised if you open attachments or follow links – even if you don’t reply to their pleas for financial help Fujitsu Edmonton Security Lab 24
  25. 25. Act locally• At home – My family used to ignore my warnings about strange email attachments and URLs. Then one day I fired up the SET Java applet attack and emailed my daughter a URL with a message to check out “something cool”. Two minutes later I called her over to my machine and showed her a picture of herself that I had captured through her laptop’s webcam. Not only will she never follow a strange link again but she has covered her webcam lens with masking tape. Fujitsu Edmonton Security Lab 25
  26. 26. Thank you! Want more presentations like this?Is there a particular tool or hack that you would like to see demoed? Fujitsu Edmonton Security Lab Chris Hammond-Thrasher Email: chris.hammond-thrasher <at> Twitter: @thrashor Yetunde Oladunni Email: Fujitsu Edmonton Security Lab 26
  27. 27. Fujitsu Edmonton Security Lab 27