1
00:00:00,120 --> 00:00:03,740
Social engineering toolkit set.

2
00:00:05,920 --> 00:00:11,010
The social engineering toolkit set was created by trusted s.E.C.

3
00:00:11,440 --> 00:00:18,100
It is an open source, python driven, specifically designed tool to perform advanced attacks against

4
00:00:18,100 --> 00:00:19,090
the human element.

5
00:00:19,570 --> 00:00:23,260
It's a standard tool and a penetration testers arsenal.

6
00:00:23,950 --> 00:00:29,560
The attacks built into the tool kit are designed to be targeted and focused attacks against a person

7
00:00:29,740 --> 00:00:33,850
or organization used during a pen test or ethical hacking.

8
00:00:34,870 --> 00:00:42,040
You can download set from trusted sex GitHub and use any platform you want, and it's already embedded

9
00:00:42,040 --> 00:00:43,720
in Caleigh and ready to use.

10
00:00:45,280 --> 00:00:51,040
The tree on the slide shows the attack tapes under the social engineering attacks branch of the main

11
00:00:51,040 --> 00:00:51,850
menu set.

12
00:00:52,820 --> 00:00:57,290
And the green layer shows the methods of website attack vector options.

13
00:00:57,890 --> 00:01:01,910
I mean, there are many more methods in attacked vectors in the toolkit.

14
00:01:04,000 --> 00:01:09,940
Let's see, one of the attack methods of the social engineering toolkit credential harvester attack

15
00:01:10,510 --> 00:01:11,500
in this attack.

16
00:01:12,300 --> 00:01:18,870
First, we should choose a website which has a login sequence that the victims often visit the toolkit

17
00:01:18,870 --> 00:01:22,610
prepares the clone of that website and serves it at the server.

18
00:01:23,010 --> 00:01:27,840
Our trap is ready and starts to collect the inputs of the victim's.

19
00:01:29,360 --> 00:01:35,630
When a victim visits our website, he or she will face exactly the same page that he or she visits often.

20
00:01:36,600 --> 00:01:40,190
The victim enters the credentials and we collect them.

21
00:01:41,530 --> 00:01:48,580
Let's do it together, social engineering toolkit is installed and ready to use in Kawi, it's defined

22
00:01:48,580 --> 00:01:55,600
in the path so you can start the tool kit anywhere using set tool kit command, choose social engineering

23
00:01:55,600 --> 00:01:57,210
attacks, option in the main menu.

24
00:01:57,220 --> 00:02:03,840
That's number one as the attack vector select website attack vectors.

25
00:02:03,880 --> 00:02:04,660
That's number two.

26
00:02:05,350 --> 00:02:09,910
And our attack method is the credentialled harvester number three.

27
00:02:10,990 --> 00:02:18,490
This menu is the list of the fishing website creation methods, let's choose site Kloner number two.

28
00:02:19,630 --> 00:02:25,660
We need to have a Web site where the victims visit and log in, often, I want to find a login page

29
00:02:25,660 --> 00:02:26,740
for the NHS.

30
00:02:27,950 --> 00:02:30,920
Googling for NHS and in keywords.

31
00:02:38,170 --> 00:02:40,990
Email dort, NHS dot net seems good.

32
00:02:43,170 --> 00:02:47,880
Post back IP addresses used for what IP the server will post to.

33
00:02:51,850 --> 00:02:56,830
Now, this is the you are to clone, I use email, NHS dot net.

34
00:02:57,910 --> 00:03:03,750
The version of the toolkit I use is seven point six point one and one, I want to clone a website.

35
00:03:03,760 --> 00:03:07,810
I get a zip importer error and the method does not continue.

36
00:03:08,700 --> 00:03:14,670
What I Google the error message, I found a solution for this problem in Issues section of the GitHub

37
00:03:14,670 --> 00:03:17,070
page on the social engineering toolkit.

38
00:03:18,320 --> 00:03:24,260
Go to slash etsi, slash C toolkit, set dot config file.

39
00:03:31,250 --> 00:03:35,390
In line 95, turned off to on.

40
00:03:47,100 --> 00:03:54,480
And save the file before closing, now, run the SC tool toolkit again, follow the menus again.

41
00:03:54,510 --> 00:03:56,850
One, two, three, two.

42
00:03:57,790 --> 00:04:02,110
And to the IP address of our machine as postbag IP address.

43
00:04:03,210 --> 00:04:07,440
Enter email, dot, nhs dot net as the you are allowed to clone.

44
00:04:08,570 --> 00:04:15,770
The same error message is here again, but now the program continues and asks for starting Apache's

45
00:04:15,770 --> 00:04:18,050
server if it's not running at the moment.

46
00:04:19,490 --> 00:04:28,190
Answer why for yes, and the trap is ready, the sites cloned, patchy service started, and the credential

47
00:04:28,190 --> 00:04:31,460
harvester is listening to the inputs now.

48
00:04:33,240 --> 00:04:36,630
As the victim when we visit the malicious website.

49
00:04:43,950 --> 00:04:51,120
We will see exactly the same page with email, NHS dot net, enter the username and password click sign

50
00:04:51,120 --> 00:04:51,360
in.

51
00:04:52,520 --> 00:05:00,710
Our malicious Web site redirected the victim to the original page email, NHS dot net, it's a good

52
00:05:00,710 --> 00:05:08,000
idea the victim will not be in any doubt about the front turn back to the attacker system, Caleigh,

53
00:05:08,270 --> 00:05:12,230
and you'll see the credentialled information entered by the victim.

54
00:05:13,370 --> 00:05:18,440
You can leave this command window, everything is still running and logging under your Web directory

55
00:05:18,440 --> 00:05:18,860
path.

56
00:05:22,000 --> 00:05:26,380
Maggie Voigt w w w slash HTML.

57
00:05:35,870 --> 00:05:42,680
To make the credential harvester attack more realistic, you can use some tricks, for example, you

58
00:05:42,680 --> 00:05:48,170
can use the domain name of the target company as a subdomain name of your registered domain name.

59
00:05:48,930 --> 00:05:54,710
Suppose that you, the owners of X, Y, Z, dot com domain and the domain name of the target company

60
00:05:54,710 --> 00:05:56,470
is the company dot com.

61
00:05:57,050 --> 00:06:02,390
You can prepare a URL like the company dot, x, y, z, dot com.

62
00:06:03,840 --> 00:06:09,960
Another way to make the attack more realistic is to buy a domain name similar to the domain of the company,

63
00:06:10,380 --> 00:06:13,600
for example, of the target domain is the company dot com.

64
00:06:13,980 --> 00:06:17,070
You can try to buy the company with a double in.

65
00:06:18,000 --> 00:06:23,220
You can also use the euro crazy tool to find out the alternative website names.

66
00:06:23,820 --> 00:06:29,580
If you're an insider, you can try to match the domain name with your IP address to redirect the victims

67
00:06:29,730 --> 00:06:32,850
to your servers using DNS spoofing.