Social Engineering: The Most Powerful Hack

The Most Powerful Hack

Social Engineering: The Most Powerful Hack

Social Engineering was mentioned a few times here on Null Byte, but not very many explained what it is, or how to do it. I love this quote because it's true:

Image via slidesharecdn.com

Social Engineering is the key to carrying out client side attacks, and all you need is a little creativity!

Social Engineering Toolkit

OTW did a general tutorial on using SEToolkit, which by the way is a fantastic tool, so I would like to go on to that.

SEToolkit is a program by TrustestSEC that has many features from stealing credentials, so carrying out Metasploit payloads. If you don't have it already, go to TrustedSEC's website for downloads.

Step 1: Starting SEToolkit

Once you have installed SEToolkit, open up bash and type setoolkit. You will be presented with a question. I recommend answering "yes", but that's your choice. Next, you be presented with a menu with options:

For this tutorial, we will use the Social-Engineering Attacks menu. Type 1 and press [Enter] key to continue.

Step 2: Choosing an Attack Vector

We will be greeted with a screen similar to this that has many different attacks.

I'll be guiding you through one of the most effective options: Website Attack Vectors. Pretty much everyone who has used a computer has used the Internet, and pretty much everyone on the Internet will click on a link (am I right?). Social Engineering is a society like Facebook or Twitter, but can also be as simple as, well, a link. SEToolkit helps you abuse that trust people have on the Internet, so not only do you have over 5 billion targets, but you can also recognize attacks like these.

Type 2 and press [Enter] to continue.

Step 3: What Do You Think?

We now have a list of 7 different attack vectors, all very effective. The 3 most effective vectors are the Credential Harvester, Metasploit Browser, and Java Applet Attack. Let's say that you want to get your friend's Facebook login. By choosing Credential Harvester Attack Method, SEToolkit will copy any website you want and add a credential stealing code to the HTML. Let's do that, shall we?

If you go to Web Templates, you will find that SEToolkit has a Facebook login page template built into it. But first, let's enter our IP address for SEToolkit to report back to. You can use your external IP if you are doing this over the Internet. But make sure you port forward port 80 to your local IP.

Step 4: Copy the Facebook Page

After you enter your IP, you will be presented with some of SEToolkit's web templates. Because you want to get your friend's Facebook login, we should probably use the Facebook template...

Type 3 and press [Enter]. NOTE: You must have Apache installed. Kali and Backtrack come with it, but some other distros don't. To install it if you don't yet have it, type sudo apt-get install apache2.

After you choose your template, you should get a screen like this:

Step 5: Send It to a Friend

Now that it's already to go, just send your friend an email with your IP address as the link, but disguise the text. For example: instead of sending "http://____yourIP____/ " you would send "Facebook.com" with your IP embedded as the link.

Next we'll try to exploit web browsers/computers with SEToolkit and Metasploit.

C|H of C3

12 Comments

As always, I love social engineering posts.
+1

How do I know when they sign in to get information?

It will automatically show up on your terminal.

No, because SEToolkit doesn't continually run.

You just have to check the file in every once in a while. You could setup a script to continually look for new credentials, though.

I have a question:

In case the user types in his e-mail and password, what will happen? I mean, will he log in facebook or a message will appear ("Incorrect password", for instance) and they will be redirected?

~Funest~

The user will login and his/her credentials will be harvested, the page will refresh to the main facebook login page for him to access after the harvest.

my question is,

how can i use similiar url or redirected url so that the person you are attacking wont suspect a thing. No one will login to ip url

You can change their DNS or their hosts file to direct 'facebook.com' to your IP. But you'd need to get access.

Thanks for answering my question, by the way.

Share Your Thoughts

  • Hot
  • Latest