1
00:00:01,020 --> 00:00:06,720
If I switch back to my Linux box and come back to the terminal window that's still running the social

2
00:00:06,720 --> 00:00:10,350
engineering tool kit, you will see a lot more information.

3
00:00:10,350 --> 00:00:17,100
And right here is the Wilma Flintstone dotcom and password, Fred, that I just entered a moment ago.

4
00:00:18,180 --> 00:00:22,680
And it's not sent any of these credentials to Facebook yet, because if you remember, it pulled up

5
00:00:22,680 --> 00:00:24,600
the Facebook dotcom login.

6
00:00:24,990 --> 00:00:30,360
So Facebook is still sitting there and the user thinks, well, I thought I had my password correctly.

7
00:00:30,360 --> 00:00:31,770
I'll just enter it one more time.

8
00:00:32,080 --> 00:00:38,040
Unfortunately, they sent their username and password to this Calli Linux computer running at ten point

9
00:00:38,340 --> 00:00:45,960
nine four, even though the Web address that we used was something more like this Facebook dotcom at

10
00:00:46,260 --> 00:00:51,150
and some integer or at the number ten point nine to four it gave us.

11
00:00:52,180 --> 00:01:00,940
Our fake Calli Linux log in instead, and so I can switch back to my terminal using the alt tab key

12
00:01:01,390 --> 00:01:05,560
or I can switch back to Chrome or to Firefox, ESR, either one is fine.

13
00:01:07,390 --> 00:01:09,700
If I enter a new username and password.

14
00:01:11,270 --> 00:01:11,990
Barney

15
00:01:14,390 --> 00:01:16,040
at Flintstone.

16
00:01:17,240 --> 00:01:18,140
Blackcomb.

17
00:01:19,560 --> 00:01:21,210
With the password of Betty.

18
00:01:23,530 --> 00:01:27,340
And try to log in on this ten point ninety four address.

19
00:01:29,360 --> 00:01:34,430
It'll look like it just failed and tried to again, but it's actually sent me to the real Facebook dot

20
00:01:34,430 --> 00:01:38,810
com address and if I enter my user information here, that would actually log me into Facebook.

21
00:01:39,590 --> 00:01:43,520
But if I switch back to the terminal window, I can use alt tab and Linux.

22
00:01:48,190 --> 00:01:52,810
I will see Barney Flintstone dotcom with a password of Betty.

23
00:01:53,320 --> 00:01:59,410
Now, the whole time that I leave this terminal window running with social engineer toolkit in the background,

24
00:01:59,680 --> 00:02:04,110
I will be collecting usernames and passwords from this phishing email.

25
00:02:04,540 --> 00:02:10,960
If you're doing this inside an organization, again, with the express written consent of the CEO and

26
00:02:10,960 --> 00:02:16,780
or CIO, the chief information officer or the chief executive officer or the owner, the president of

27
00:02:16,780 --> 00:02:17,380
the business.

28
00:02:18,580 --> 00:02:24,100
Then what will you do after we get these usernames would be to go educate those individuals and just

29
00:02:24,100 --> 00:02:29,320
let them know, hey, you're not in any trouble, but you just fell for an inside phishing attempt?

30
00:02:29,330 --> 00:02:30,940
We were doing some fishing training.

31
00:02:31,510 --> 00:02:36,670
We sent you an email that looked just like Facebook, but unfortunately, you clicked through a bad

32
00:02:36,670 --> 00:02:37,380
Web address.

33
00:02:37,630 --> 00:02:39,010
Let me show you how to spot those.

34
00:02:39,010 --> 00:02:42,040
And you show them the same kind of things that we just went through.

35
00:02:42,580 --> 00:02:48,340
Malicious attackers will take these usernames and passwords and immediately try them not just at Facebook,

36
00:02:48,730 --> 00:02:53,150
but at Flintstone dotcom or at Gmail dotcom.

37
00:02:53,440 --> 00:03:00,400
That's one reason you should never use the same username and password for multiple Web sites, especially

38
00:03:00,400 --> 00:03:01,600
for your email.

39
00:03:02,530 --> 00:03:08,260
Log in, if someone has your e-mail log in, then they can reset all of your other passwords because

40
00:03:08,260 --> 00:03:11,740
they typically just send an email with a link to your email address.

41
00:03:12,220 --> 00:03:19,450
And so if Barney Flintstone dotcom is using Betty as his password, both at Facebook and Gmail, then

42
00:03:19,450 --> 00:03:23,260
someone can go to Gmail, login using Barney and Flintstone Dotcom.

43
00:03:23,260 --> 00:03:28,570
And Betty is the password and reset Barney's Facebook account reset.

44
00:03:29,940 --> 00:03:35,430
His username and password to his bank accounts, there are lots of dangerous things that are possible

45
00:03:35,430 --> 00:03:36,090
with this attack.

46
00:03:36,120 --> 00:03:37,910
That's why you need to understand phishing.

47
00:03:37,920 --> 00:03:39,020
It's why it's so important.

48
00:03:39,030 --> 00:03:42,030
It's not just your Facebook account out there that's at risk.

49
00:03:42,030 --> 00:03:46,160
It's every account that you have that uses the same login information.

50
00:03:46,620 --> 00:03:50,700
So let's see what the social engineers toolkit does with as a report.

51
00:03:50,880 --> 00:03:53,550
If I hit control, see to finish.

52
00:03:53,550 --> 00:03:55,140
So you've run your phishing test.

53
00:03:55,500 --> 00:04:02,700
On average, you'll see about 23 percent of employees click through and maybe even log in to a fake

54
00:04:02,700 --> 00:04:04,220
phishing email like this.

55
00:04:04,620 --> 00:04:09,030
And then you've got some people that you can go follow up with, do a little extra training, make sure

56
00:04:09,030 --> 00:04:13,410
you make phishing part of your annual or quarterly or monthly.

57
00:04:14,610 --> 00:04:20,820
Information security training regimen, your employees, your family needs to know about this, but

58
00:04:20,820 --> 00:04:25,620
I will hit control, see to generate the report and stop running the fishing harvester.

59
00:04:26,070 --> 00:04:27,840
And it says it created a report.

60
00:04:27,840 --> 00:04:31,800
The file was exported to route set reports.

61
00:04:32,220 --> 00:04:34,530
And so let's see what that looks like.

62
00:04:34,980 --> 00:04:40,620
First of all, you can just copy this address and paste it directly into a browser.

63
00:04:41,650 --> 00:04:43,300
On your call, Linux, Xbox.

64
00:04:45,270 --> 00:04:51,780
And it's going to tell you that the social engineering toolkit ran this well, let's scroll down and

65
00:04:51,780 --> 00:04:54,990
see what some of the user names and information might have been.

66
00:04:56,520 --> 00:05:01,210
You can do a search for email and pass, I'll make this larger.

67
00:05:01,980 --> 00:05:07,920
We can see the first victim was Fred Flintstone dotcom and his password was this space is space a bad

68
00:05:07,920 --> 00:05:08,430
password?

69
00:05:08,640 --> 00:05:10,320
Space is get turned into Plus's.

70
00:05:10,950 --> 00:05:15,480
We scroll down a little bit more and we'll find Wilma or Fred Flintstone dotcom.

71
00:05:15,480 --> 00:05:17,040
He changed his password to Wilma.

72
00:05:17,550 --> 00:05:22,500
Scroll down a bit more and we'll find that Wilma Flintstone dotcom uses a password of Fred.

73
00:05:22,890 --> 00:05:31,920
If you want to get this even faster or you have to do is control F and control F will find so passe

74
00:05:32,850 --> 00:05:33,600
equals.

75
00:05:34,140 --> 00:05:37,740
And that will let you jump from one to the next to the next.

76
00:05:37,740 --> 00:05:40,080
And we can see all the email addresses and passwords.

77
00:05:40,410 --> 00:05:44,580
We've got a total of four of those out of this quick phishing attempt.

78
00:05:44,880 --> 00:05:46,050
All of those were me.

79
00:05:46,260 --> 00:05:51,570
Again, do not use this to get someone else's username and password.

80
00:05:51,570 --> 00:06:00,270
You are stealing those pieces of ID from that user only use this to train your family, your friends,

81
00:06:00,450 --> 00:06:08,490
your co-workers and your employees so that they can spot phishing emails before they happen in the workplace.

82
00:06:09,090 --> 00:06:16,080
The other way you can look at these passwords is just to go to this address in your file system so I

83
00:06:16,080 --> 00:06:20,970
can either use the terminal, start a new terminal window, getting out of social engineering toolkit

84
00:06:21,180 --> 00:06:30,660
and surf to that location in a new window by saying KD space and then paste that long address minus

85
00:06:30,660 --> 00:06:32,070
the HTML at the end.

86
00:06:35,930 --> 00:06:37,370
And then I can more.

87
00:06:42,880 --> 00:06:48,940
And just to add tab, because it's a long time stamp and choose the dot html tab.

88
00:06:50,200 --> 00:06:53,770
And I can more through that document just by hitting the space bar.

89
00:06:57,010 --> 00:06:58,390
And I'm coming down to.

90
00:06:59,740 --> 00:07:06,800
My first username and password, Fred Flintstone, Fred Flintstone Dotcom with his first password.

91
00:07:06,820 --> 00:07:08,020
This is a bad password.

92
00:07:08,440 --> 00:07:09,640
Go down a little further.

93
00:07:10,980 --> 00:07:19,020
And I'll find another password, another username, you can also just open up your file explorer, so

94
00:07:19,020 --> 00:07:24,350
I go to files and I can come to home and I'll change my properties here.

95
00:07:24,360 --> 00:07:31,410
I'm going to show those hidden files because that dot set set is a social engineer tool kit folder.

96
00:07:31,710 --> 00:07:37,710
And then under their reports and then I can find my HTML file and if I double click on that, it'll

97
00:07:37,710 --> 00:07:38,250
open it up.

98
00:07:40,380 --> 00:07:42,660
And that's how I can get in on my report as well.

99
00:07:43,350 --> 00:07:49,710
Let's do a quick review and then we'll see how to stop fishing in your organization as a final bonus.

100
00:07:49,720 --> 00:07:50,100
Listen.