1
00:00:00,600 --> 00:00:06,690
In the previous videos, we have seen how to use different tools and techniques in order to gain access

2
00:00:06,690 --> 00:00:12,980
to our target computer system, but in this lesson we will see how to hack humans.

3
00:00:13,470 --> 00:00:13,820
OK.

4
00:00:14,400 --> 00:00:17,430
And yes, I'm talking about social engineering techniques.

5
00:00:18,090 --> 00:00:22,950
So hacking a human mind is easier than hacking a computer system.

6
00:00:23,430 --> 00:00:23,790
Right.

7
00:00:24,330 --> 00:00:32,940
So there are some experts out there who claims that playing with human emotions in order to trick them

8
00:00:32,940 --> 00:00:40,620
to do what we want them to do is much easier than hacking into his computer system.

9
00:00:41,160 --> 00:00:41,460
Right.

10
00:00:42,330 --> 00:00:46,090
So we will see that different methods of social engineering.

11
00:00:46,710 --> 00:00:55,050
So let's move to applications and go to social engineering tools and select social engineering toolkit

12
00:00:56,070 --> 00:01:00,600
right now, which says, do you agree to terms of service?

13
00:01:00,630 --> 00:01:01,580
Yes, we agree.

14
00:01:04,370 --> 00:01:13,610
So we will going to create a fake email and we'll also see how to create some phishing mills or fake

15
00:01:13,610 --> 00:01:15,420
websites, etc., right.

16
00:01:15,710 --> 00:01:20,660
So the social engineering toolkit is a very famous method of doing this.

17
00:01:21,620 --> 00:01:26,510
So I will select the first option, which is social engineering attacks.

18
00:01:26,750 --> 00:01:27,110
Right.

19
00:01:27,560 --> 00:01:32,900
So there are various aspects out there, but we will see the first one for now.

20
00:01:35,180 --> 00:01:35,630
OK.

21
00:01:40,700 --> 00:01:42,640
Now it's learning, so we have to.

22
00:01:42,700 --> 00:01:50,030
OK, so here are some other options, but we will use the fifth one, which is Mazmanian attack.

23
00:01:50,060 --> 00:01:56,570
OK, so in this video, we're going to use fake emails, right?

24
00:01:57,700 --> 00:01:59,360
So select five.

25
00:02:00,620 --> 00:02:02,540
Now there are two options.

26
00:02:02,560 --> 00:02:06,270
First one is imminent attack for an individual.

27
00:02:06,460 --> 00:02:10,180
If you are targeting an individual person, then select the first one.

28
00:02:10,390 --> 00:02:12,920
And if you are targeting multiple, then use the second one.

29
00:02:13,300 --> 00:02:19,020
So for now, I will go with the first option announces send e-mail to.

30
00:02:19,480 --> 00:02:22,900
So enter the e-mail address of your target.

31
00:02:23,530 --> 00:02:27,940
So let's say target zero zero one.

32
00:02:28,390 --> 00:02:32,740
OK, and direct Gmail dot com.

33
00:02:33,330 --> 00:02:37,620
OK, now I don't know whether this email already exists or not.

34
00:02:37,630 --> 00:02:40,780
I'm just showing you for the purpose of demonstration.

35
00:02:41,770 --> 00:02:49,060
So and mouses use a Gmail account for your email attack.

36
00:02:49,060 --> 00:02:53,620
OK, that is from which account you want to send this email.

37
00:02:53,890 --> 00:02:54,300
Right.

38
00:02:54,760 --> 00:02:58,260
Or if you have your own server then you can use it as well.

39
00:02:59,380 --> 00:03:01,230
So I will go with the first option.

40
00:03:01,690 --> 00:03:04,470
Now it says your e-mail address.

41
00:03:04,970 --> 00:03:05,650
See you guys.

42
00:03:06,250 --> 00:03:13,150
I'm not going to enter my real email address here because in the next step it asked me for the real

43
00:03:13,150 --> 00:03:13,750
password.

44
00:03:13,870 --> 00:03:17,860
OK, so let me give a fake email again.

45
00:03:18,010 --> 00:03:25,420
So Hacker at the rate, let's say.

46
00:03:27,860 --> 00:03:31,070
OK, let's do one thing and let's play.

47
00:03:35,560 --> 00:03:44,560
Customer care team and the red Facebook, or should I say?

48
00:03:47,680 --> 00:03:48,790
Gmail dot com.

49
00:03:48,970 --> 00:03:55,170
OK, so we pretend that we are from customer care team of Gmail.

50
00:03:55,900 --> 00:04:02,830
OK, now it says take the name from which you want to send email and your target will able to see it.

51
00:04:03,220 --> 00:04:04,900
OK, so let's give it a name.

52
00:04:06,950 --> 00:04:11,870
Support did not ask for email password.

53
00:04:12,950 --> 00:04:20,690
So if anything, now it says, do you want to flag this message as high priority?

54
00:04:20,870 --> 00:04:27,900
Yes, we want and we want to identify and see if you can attach a malicious file here.

55
00:04:27,920 --> 00:04:30,440
OK, but for now, iSelect.

56
00:04:30,440 --> 00:04:30,830
No.

57
00:04:32,640 --> 00:04:42,990
Again, no, not ask for e-mail subject, so let's see, armed security alert.

58
00:04:45,430 --> 00:04:54,640
Send the message, it's our bling bling out, says, enter the body of the message and type and capitalise

59
00:04:54,940 --> 00:04:55,630
when finished.

60
00:04:55,660 --> 00:04:58,630
OK, so let's type your main message here.

61
00:04:59,050 --> 00:05:00,970
So let's suppose a.

62
00:05:04,130 --> 00:05:04,630
Hello.

63
00:05:05,130 --> 00:05:06,680
In the name of your target.

64
00:05:10,900 --> 00:05:12,880
We found that.

65
00:05:14,400 --> 00:05:19,190
Someone is trying to access from.

66
00:05:20,510 --> 00:05:30,710
Access to your Gmail account, kindly reset your password.

67
00:05:32,450 --> 00:05:36,080
The details are attached.

68
00:05:40,180 --> 00:05:47,650
But this may be OK, something like that, and I your many issues right there.

69
00:05:47,770 --> 00:05:52,320
So we're actually trying to trick our target to click on that malicious file.

70
00:05:52,340 --> 00:05:52,690
Right.

71
00:05:52,840 --> 00:05:57,340
That many just find could be anything, let's say your undetectable back door order.

72
00:05:59,260 --> 00:06:03,040
OK, so next round of body, nothing.

73
00:06:03,700 --> 00:06:06,040
Just tape and in capital letters.

74
00:06:07,830 --> 00:06:11,660
Right now, let me stop this process, OK?

75
00:06:18,650 --> 00:06:29,530
OK, because after pressing enter, this system will try to send an email to that e-mail.

76
00:06:30,290 --> 00:06:34,610
OK, it actually tries to send a real email there.

77
00:06:34,770 --> 00:06:42,050
OK, so I have disconnected my computer system from Internet connection because I don't want to send

78
00:06:42,200 --> 00:06:45,020
an email because there is no Emeline exist.

79
00:06:45,620 --> 00:06:45,990
Right.

80
00:06:46,640 --> 00:06:52,820
So this is how we can use social engineering toolkits in order to create an fake email.