Malicious Email Social Engineer Attack using Social Engineers Toolkit (SET)

hozarares · 03-09-2010, 09:01 AM

The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. Currently SET has two main methods of attack, one is utilizing Metasploit[1] payloads and Java-based attacks by setting up a malicious website that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering. SET was created by Rel1k for social-engineer.org.

This video created by loganWHD demonstrates how to use the Social Engineers Toolkit to perform an email attack using a maliciously encoded PDF. The first step is actually dumpster diving and finding an internal email list of the company. Then he creates a malicious PDF file vulnerable to the util.printf security bug. Then loganWHD uses the SET to create a spoofed email about an important memo to check out the attached PDF for more details. Once the victim opens the attachment, the exploit gets executed and of couse ... GAME OVER!

Nicely done!

[Doar userii inregistrati pot vedea linkurile. ]

Sursa : [Doar userii inregistrati pot vedea linkurile. ]

03-09-2010, 09:01 AM	#1 (permalink)
hozarares Registered user Bautor de whiskey Join Date: Nov 2009 Location: cluj-napoca Posts: 302 Rep Power: 1	Malicious Email Social Engineer Attack using Social Engineers Toolkit (SET) hotel regim hotelier hotel yahoo domain The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. Currently SET has two main methods of attack, one is utilizing Metasploit[1] payloads and Java-based attacks by setting up a malicious website that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering. SET was created by Rel1k for social-engineer.org. This video created by loganWHD demonstrates how to use the Social Engineers Toolkit to perform an email attack using a maliciously encoded PDF. The first step is actually dumpster diving and finding an internal email list of the company. Then he creates a malicious PDF file vulnerable to the util.printf security bug. Then loganWHD uses the SET to create a spoofed email about an important memo to check out the attached PDF for more details. Once the victim opens the attachment, the exploit gets executed and of couse ... GAME OVER! Nicely done! [Doar userii inregistrati pot vedea linkurile. ] Sursa : [Doar userii inregistrati pot vedea linkurile. ] __________________ Decat sa traiesti pentru nimic mai bine sa mori pentru ceva !