1
00:00:00,620 --> 00:00:06,470
Social engineering has become the most common attack method with these attacks.

2
00:00:06,500 --> 00:00:12,880
Hackers can use emails and Web sites to try to steal information from users.

3
00:00:14,100 --> 00:00:21,690
Phishing is a social engineering attack that uses emails to trick users into clicking on malicious links

4
00:00:21,750 --> 00:00:28,660
or attachments Let's hop into the Kelly lab and I'll demonstrate how an attacker could use a fishing

5
00:00:28,660 --> 00:00:31,420
attack.

6
00:00:31,430 --> 00:00:38,360
So what I'm going to demonstrate is how an attacker could create a fake Web site and use it to harvest

7
00:00:38,360 --> 00:00:39,440
credentials.

8
00:00:40,400 --> 00:00:49,610
So in Cali we'll go to applications social engineering tools and then the social engineering toolkit.

9
00:00:53,450 --> 00:00:55,630
Then we'll select option one.

10
00:00:56,090 --> 00:01:00,650
Here's a list of social engineering attacks you could do with Kelly.

11
00:01:00,680 --> 00:01:08,690
We're going to do web site attack of factors that almost like the option 3 and a site cloner.

12
00:01:08,900 --> 00:01:15,680
So the site cloner attack has the ability to actually clone a web site page which could then be used

13
00:01:15,830 --> 00:01:23,080
to direct people to your version of the web page which could be used to harvest credentials.

14
00:01:23,080 --> 00:01:29,350
So what I'm going to do in my lab I'm not doing this actually outside in the real world because I'm

15
00:01:29,350 --> 00:01:31,810
just doing this for demonstration purposes.

16
00:01:31,810 --> 00:01:40,000
I'm going to clone the Facebook log in page and then I'll access that page put in my credentials and

17
00:01:40,000 --> 00:01:47,060
then show you how you can see what credentials are entered into the fake web page in Kalya.

18
00:01:47,070 --> 00:01:47,910
So let's get started.

19
00:01:47,910 --> 00:01:49,420
We'll go to you site cloner.

20
00:01:49,700 --> 00:01:56,830
So now he wants us to put in the IP address that we will want to direct people to for this web page.

21
00:01:56,880 --> 00:02:04,300
So I'm just going to use the local IP address of my Kelly box.

22
00:02:04,400 --> 00:02:06,590
I'm only going to be testing it locally.

23
00:02:08,390 --> 00:02:12,460
I had someone to copy my Kayley IP address

24
00:02:16,150 --> 00:02:21,090
close this window paste that in.

25
00:02:21,430 --> 00:02:27,550
Now we just need to put in the you are l of the Web site that we want to clone which in my case is going

26
00:02:27,550 --> 00:02:28,380
to be Facebook

27
00:02:33,380 --> 00:02:35,790
hit enter.

28
00:02:35,790 --> 00:02:43,260
So at this point if I were to browse to the IP address of my call box I should get the Facebook log

29
00:02:43,260 --> 00:02:44,830
in page.

30
00:02:44,990 --> 00:02:49,780
I'll put in credentials and then we'll be able to see which credentials were entered.

31
00:02:49,860 --> 00:02:52,230
So minimize this pull up a web browser

32
00:02:56,620 --> 00:03:02,830
and I'll put in the IP address of this Kelly box and there you go.

33
00:03:02,830 --> 00:03:06,020
I have a Facebook logon page so this looks legitimate.

34
00:03:06,100 --> 00:03:12,070
To be honest if I was redrafted to this page regardless of the you are all being different I would probably

35
00:03:12,070 --> 00:03:15,100
look at this and just put in my credentials.

36
00:03:15,100 --> 00:03:24,710
So let's do that let's put in Kaylie at gmail dot com and then on password I'll just use Cisco and log

37
00:03:24,710 --> 00:03:26,520
in.

38
00:03:27,400 --> 00:03:31,890
And then it just fails and takes you directly to the Facebook page.

39
00:03:31,900 --> 00:03:38,110
So what what happened here is the victim would put in their credentials get redirected to the actual

40
00:03:38,110 --> 00:03:43,330
Facebook page log in and not know the difference they would have no idea that they just entered their

41
00:03:43,330 --> 00:03:45,520
credentials on a fake Web site

42
00:03:48,550 --> 00:03:53,180
so let's minimize this and go back to our terminal.

43
00:03:53,580 --> 00:03:55,800
And here you go.

44
00:03:55,880 --> 00:04:01,120
I now have harvested the council's our answer on that log in page.

45
00:04:01,220 --> 00:04:06,300
So you might be thinking to yourself well that's a great attack attacker could just launch this locally.

46
00:04:06,410 --> 00:04:11,510
But an attacker would have to do to make this actually work in the real world would be to create some

47
00:04:11,840 --> 00:04:19,820
hyperlink e-mail to you have the e-mail tied back to Facebook somehow they click on that link and then

48
00:04:19,820 --> 00:04:24,010
be connected to the fake web page.

49
00:04:24,050 --> 00:04:25,880
So please do not use this in the real world.

50
00:04:25,880 --> 00:04:32,480
I am only showing you this so that you understand what attackers can do and how easily they could use

51
00:04:32,480 --> 00:04:35,390
a fishing attack to steal somebody's credentials.