1
00:00:00,120 --> 00:00:03,480
‫Social engineering toolkit is set.

2
00:00:05,920 --> 00:00:11,050
‫The social engineering toolkit set was created by trusted assessee.

3
00:00:11,440 --> 00:00:18,100
‫It is an open source, python driven, specifically designed tool to perform advanced attacks against

4
00:00:18,100 --> 00:00:19,090
‫the human element.

5
00:00:19,570 --> 00:00:23,230
‫It's a standard tool in a penetration testers arsenal.

6
00:00:23,950 --> 00:00:29,500
‫The attacks built into the tool kit are designed to be targeted and focused attacks against a person

7
00:00:29,740 --> 00:00:33,820
‫or organisation used during a pen test or ethical hacking.

8
00:00:34,870 --> 00:00:40,090
‫You can download set from trusted sex, GitHub and use any platform you want.

9
00:00:40,360 --> 00:00:43,690
‫And it's already embedded in Cali and ready to use.

10
00:00:45,250 --> 00:00:51,010
‫The tree on the slide shows the attack types under the social engineering attacks branch of the main

11
00:00:51,010 --> 00:00:51,820
‫menu set.

12
00:00:52,850 --> 00:00:57,260
‫And the green layer shows the methods of website attack vector options.

13
00:00:57,890 --> 00:01:01,910
‫I mean, there are many more methods in attack vectors in the toolkit.

14
00:01:04,000 --> 00:01:10,780
‫Let's see one of the attack methods of the social engineering toolkit credential harvester attack in

15
00:01:10,780 --> 00:01:11,500
‫this attack.

16
00:01:12,300 --> 00:01:17,250
‫First, we should choose a Web site which has a log in sequence that the victims often visit.

17
00:01:18,210 --> 00:01:22,590
‫The toolkit prepares the clone of that web site and serves it at the server.

18
00:01:23,040 --> 00:01:27,810
‫Our trap is ready and starts to collect the inputs of the victims.

19
00:01:29,330 --> 00:01:35,600
‫When a victim visits our website, he or she will face exactly the same page that he or she visits often.

20
00:01:36,630 --> 00:01:40,170
‫The victim enters the credentials and we collect them.

21
00:01:41,530 --> 00:01:42,760
‫Let's do it together.

22
00:01:43,420 --> 00:01:47,080
‫Social engineering toolkit is installed and ready to use in Cali.

23
00:01:47,620 --> 00:01:49,200
‫It's defined in the paths.

24
00:01:49,210 --> 00:01:53,320
‫You can start the toolkit anywhere using Set Tool Kit Command.

25
00:01:54,220 --> 00:02:00,550
‫Choose social engineering attacks option in the main menu that's number one as the attack vector.

26
00:02:00,760 --> 00:02:03,730
‫Select website attack vectors.

27
00:02:03,880 --> 00:02:08,830
‫That's number two, and our attack method is the credentialed harvester.

28
00:02:09,160 --> 00:02:09,880
‫Number three.

29
00:02:10,990 --> 00:02:14,920
‫This menu is the list of the fishing website creation methods.

30
00:02:15,370 --> 00:02:18,490
‫Let's choose Site Cloner number two.

31
00:02:19,630 --> 00:02:23,290
‫We need to have a website where the victims visit and log in often.

32
00:02:23,800 --> 00:02:26,710
‫I want to find a login page for the NHS.

33
00:02:27,950 --> 00:02:30,890
‫Googling for NHS and log in keywords.

34
00:02:38,170 --> 00:02:40,960
‫Email Dot NHS Dot Net seems good.

35
00:02:43,170 --> 00:02:47,850
‫Post back IP address is used for what IP the server will post to.

36
00:02:51,820 --> 00:02:53,770
‫Now, this is the URL to clone.

37
00:02:54,160 --> 00:02:56,800
‫I use email dot, NHS Dot Net.

38
00:02:57,910 --> 00:03:01,450
‫The version of the toolkit I use is seven point six point one.

39
00:03:01,810 --> 00:03:07,780
‫And when I want to clone a website, I get a zip importer error and the method does not continue.

40
00:03:08,700 --> 00:03:14,640
‫When I Google the error message, I found a solution for this problem in the issues section of the GitHub

41
00:03:14,640 --> 00:03:17,040
‫page on the social engineering toolkit.

42
00:03:18,320 --> 00:03:24,260
‫Go to slash Etsy slash C toolkit slash set dot config file.

43
00:03:31,250 --> 00:03:35,390
‫In line 95, turn off to on.

44
00:03:47,130 --> 00:03:49,140
‫And save the file before closing.

45
00:03:49,950 --> 00:03:56,820
‫Now run the SC toolkit again, follow the menus again one two three two.

46
00:03:57,820 --> 00:04:02,080
‫Enter the IP address of our calling machine as Postbank IP address.

47
00:04:03,210 --> 00:04:07,440
‫Enter email dot NHS dot net as the URL to clone.

48
00:04:08,540 --> 00:04:10,880
‫The same error message is here again.

49
00:04:11,210 --> 00:04:18,020
‫But now the program continues and asks for starting Apache server if it's not running at the moment.

50
00:04:19,490 --> 00:04:23,210
‫Answer why for yes, and the trap is ready.

51
00:04:23,720 --> 00:04:30,770
‫The site's cloned Apache server has started and the credential harvester is listening to the inputs.

52
00:04:30,800 --> 00:04:31,430
‫Now.

53
00:04:33,270 --> 00:04:36,600
‫As the victim when we visit the malicious website.

54
00:04:44,010 --> 00:04:50,760
‫We will see exactly the same page with emailed NHS staff, then enter the username and password, click

55
00:04:50,760 --> 00:04:51,330
‫sign in.

56
00:04:52,550 --> 00:04:59,600
‫Our malicious website redirected the victim to the original page, emailed NHS Dot Net.

57
00:05:00,140 --> 00:05:01,190
‫It's a good idea.

58
00:05:01,640 --> 00:05:04,460
‫The victim will not be in any doubt about the fraud.

59
00:05:05,300 --> 00:05:11,690
‫Turn back to the attacker system Cally, and you'll see the credentialed information entered by the

60
00:05:11,690 --> 00:05:12,200
‫victim.

61
00:05:13,400 --> 00:05:14,990
‫You can leave this command window.

62
00:05:15,320 --> 00:05:18,830
‫Everything is still running and logging under your web directory path.

63
00:05:22,030 --> 00:05:26,320
‫Slash Vargas, WW W Slash HD and now.

64
00:05:35,840 --> 00:05:42,650
‫To make the credential harvester attack more realistic, you can use some tricks, for example, you

65
00:05:42,650 --> 00:05:48,140
‫can use the domain name of the target company as a sub domain name of your registered domain name.

66
00:05:48,950 --> 00:05:55,190
‫Suppose that you're the owners of X Y Z dot com domain, and the domain name of the target company is

67
00:05:55,190 --> 00:05:56,450
‫the company icon.

68
00:05:57,050 --> 00:06:02,390
‫You can prepare a URL like the company Dot X Y Z icon.

69
00:06:03,870 --> 00:06:09,930
‫Another way to make the attack more realistic is to buy a domain name similar to the domain of the company.

70
00:06:10,380 --> 00:06:13,590
‫For example, of the target domain is the company icon.

71
00:06:14,010 --> 00:06:17,040
‫You can try to buy the company with a double in.

72
00:06:18,030 --> 00:06:23,190
‫You can also use the URL crazy tool to find out the alternative Web site names.

73
00:06:23,760 --> 00:06:29,550
‫If you're an insider, you can try to match the domain name with your IP address to redirect the victims

74
00:06:29,730 --> 00:06:32,790
‫to your servers using DNS spoofing.