1 / 15

Social Engineering Toolkit

Computer Science Innovations, LLC. Social Engineering Toolkit. Crack Systems. SET toolkit from Backtrack. First attach is a Social Engineering Attack. Copy a web-site (mine). Get someone to go to the site. Get on their machine. Go to your backtrack machine.

rsandy
Download Presentation

Social Engineering Toolkit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Science Innovations, LLC Social Engineering Toolkit

  2. Crack Systems • SET toolkit from Backtrack. • First attach is a Social Engineering Attack. • Copy a web-site (mine). • Get someone to go to the site. • Get on their machine. • Go to your backtrack machine. • Control Alt T (for a terminal). • Command cd /pentest/exploits/

  3. Steps • Video – Backtrack 5 Applet Attack method • Terminal – cd /pentest/exploits/set; ./set • Update your metasploit and backtrack • Trial and Error is involved. It is not shrink wrapped. • Setup your server --- which is the backtrack payload. • Get someone to your machine... send an email - Chris for a hot time select girls Girls <a href=”http://10.10.1.x”>Girls</a>

  4. Getting Someone to Your Backtrack • Phishing email. • Overwrite the DNS Server – so it thinks Facebook is you. • Overwrite the DHCP Server and make you …. the DNS.

  5. Watch Video Again This time pausing it. Step one... Forget the nmap stuff. Step two... Go to set Step three... Java Applet Attack Vector Step four.... Facebook template Step five... www.scottstreit.com copy the site.

  6. What We Do • Java Applet Attack • Site Cloning www.scottstreit.com • Use www.facebook.com • Use ????? • Next step.... get credentials. • Practice for test …. you guys running it. .

  7. Credential Harvesting – Do It Credential Harvesting Attach, on your teammate. Do this via set in two ways. 1) Template 2) Site Clone. Use and email to launch

  8. Mail Mail: Google has a sender and receiver. Convention: There is nothing in SMTP (Simple Mail Transport Protocol) that says the from has to be real. Mail in Unix you could specify the from. So you send an email and make the from --- the President. Write an application program.

  9. ISPs have Turned of 25 That means you cannot send mail from your computer as a server. Why do you think they did this. Stop Spammers.

  10. ARP Poisoning Application Presentation Session Transport Network Datalink --- worked at -------- Physical

  11. Solution All routers --- all... now prevent MAC Flooding and any type of poisoning. The tools, ettercap, wireshark... they will attempt To impact the Datalink Layer, but to no avail. They will report --- no success.

  12. History We used to have Bridges... one piece of hardware and Routers … another piece of hardware... and Interconnection (FIOS, cable modem) that was yet a third piece of hardware. There were distinct attacks on all three. What has happened since. Now, everything is integrated, you essentially get countermeasures and update automatically.

  13. Lab – We Don't Believe Scott Ettercap wireshark Start with ettercap.. you run it … startx Command: ettercap -G you have to run this as root. So if you go to plugins and check poison, you will see it did not work.

  14. More Ettercap Additionally, the sniffing on a switched network shows nothing. So you need a broadcast network. So where do we have a broadcast network.

  15. Lab Problem Problem: 1) You have a virus on a Windows box in the boot sector, you cannot get to the network and you want to get your data files off. How? 2) You forgot the root password on your Unix box, you want to use rainbow tables to find it. Same answer for both, how do you do this?

More Related