welcome. The module three in Cyber is crafting the perfect email course. Now that we're familiar with the use and navigation of the social Engineers tool kit, we're gonna go ahead and finish our attack.
First off, I do want to say in this video we are going to perform an actual phishing attack using the social Engineers tool kit. So we do need to remember this course and lab are for learning purposes only.
What I'm about to show you is intended to expand your knowledge and skills to make you better. Penetration tester in cybersecurity Expert. I'm not responsible if you decide to break the law.
So in order to perform our attack, we're gonna need to do a little bit of preparation. The first thing you want to do is clone our target website. And that's where we're trying to capture credentials from in this lab. We're going to use cyber. His log in page cyber dot i t slash w p dash log in
to capture the credentials and we're gonna use the social Engineers tool Kit credential harvester in order to clone that website.
Once we get that done, we're going to prepare our email, and we need to remember the keys to a good phishing email. So the 1st 1 is tthe e email address or the senator.
In the real environment, you would want to use a fake domain to spoof email addresses. Since this is just the lab, we're going to use an email address that I have
in the subject. You need something that's catchy but not too suspicious
in the details. We're going to need to use timing, relevance and name drops. Help convince the victim that the user
the the the email is legitimate. So we can use current scams, a package delivery invoice, things like that. We're gonna want to use official logos. Those were really easy to find on the Internet.
And lastly, we're gonna need emotional by in. We're gonna need to get the user emotionally involved.
This will help limit their rational thinking. Um, for one example, we could use there's been unusual activity on your account. Please click here to log in, interview the details,
and then we're going to need to send the email.
So again, we need to remember this is just a lab environment in the real world. You'd have your own server hosting the clone website seeking capture more than just the credentials. You would also want to set up your own domain so you can have your email dresses and things like them.
So one of the best ways to capture credentials by cloning a website and you can use social engineers tool kit to do this and capture any input into that website.
So after launching the Social Engineers tool kit, you'll need to select number two website attack vectors. So let's go ahead and hop into our lab here,
And we will open the terminal
and we're gonna launch the Social Engineers tool kit with that S e t o l k I t.
All right. We're gonna wanna go one to go into our social engineering attacks
and then again to website attack vectors.
And what we're gonna want to do in this lab is capture credentials. So we're gonna do number three. They keep credential harvester attack method,
and we're gonna clone a website
which is number two
Oh, right. So the you are all we would like to clone was H T t P s colon slash slash www dot cyber eri got i t
slash w p dash log in dot PHP
and it will take just a minute here. Um, there is a little note. It says you may need to copy the directory files into var www dot html depending on your directory structure for hosting that listening port and website. Being this is Callie clinics. We should be fine, so we will press enter.
All right, so now that that is running
are cloned website. Let's go ahead and
minimize this cause we will need to leave that up and going.
Let's go ahead and go back to your slide show real quick.
And so our website is now cloned. It's running. We've got our listening port on our county box. So now we're gonna need to send our phishing email, and we're gonna direct that tour target directing them
it to our log in page. So let's hop back in our lab
and we're gonna open another terminal. He can right click
and do new window.
As you can see, this opens on new terminal
and we're gonna want to launch that social engineers tool kit
again. One social engineering attacks and this time we're gonna want to send out an email. So the one we're gonna do is number five, the massive mass mailer attack.
And we're just going to send it to a single address. You can bulk send phishing emails from here as well, but that single email is number one.
All right, And we're going to send the email to
one of my test emails. That's just sigh berry
dot Dustin got test and Gino come
and we're going to use our own Gmail account for that email attack, which is number one
and the one I'm gonna send it from one who sent it from the same one since this is just a lab
and the from name the usual. See, let's make this a little bit smaller here. I've prepared all this for us,
so it looks like we're going to send this email from the cyber ery security team.
And this is where you'll need to enter the email password for that Gmail account.
Press enter. We don't want to flag. It is high priority. Um, you can do that,
but this is just a regular email here. We're not gonna attach any file. So no
So the subject of the e mail,
we're going to use
something. Catch the attention. Attention. And that's urgent
You were gonna want to send this in HTML, since I did type it all out.
And here is my test email,
and I've just got it in. Ah, no, Pat here. You can't control C To copy.
Click back over your terminal,
right, Click and paste.
And then when you're done, you just type in the word end
and there you go. So you see, the social engineering tool kit has finished the sending
of the email
and that will go to our victim with Link in order to capture, could enter
home rights. Let's go back to our slide show.
And that is all for this video in the next video were actually going to watch the attack unfold and see how it looks from the user's point of view.
Students will send a phishing email using the Social Engineering Toolkit. Students will then impersonate ...
Phishing Skill Assessment
Phishing is the act of attempting to obtain confidential/personal information and/or funds about the target ...