Hi. Welcome back to Module three. And Cyber is crafting the perfect female course. In our last video, we did clone our victim website, which was the cyber log in page. And we sent our phishing email to the user. So we're gonna go ahead and hop back into the lab and watch the attack unfold from the user's point of view.
Once we do that, we will verify
that we captured the credentials using the social engineer tool kit.
All right, so we are back in our lab. You can see our listener is still running here, So let's go ahead and open up our Internet browser
and you can see we've received the email, and that was urgent Cyber Server update. So the user clicks out. You can see the cyber logo so far looks legitimate. Hello? Users were updating our new cyber a server to the news version in order to keep our data safe. So this just makes the user feel
more secure. Their being proactive in trying to help keep that data see,
Please log in and update your credentials to meet the new password requirements. If you do not meet the pastor requirements, your account will not be migrated.
And that's just invoking that fear. Um, nobody wants to lose their account over the ability to log in to a website. As you can see here included some real quick password requirements. Looks like a little bit of best practice. And here's the Link update password. So the user clicks that
and look, it takes it to the cyber log in page. This is where if you were not in a lab environment, you'd have your own domain hosted and it wouldn't just be on the local host here. But let's say Cy Berry, Dustin's trying to log in. It's his secure password. 123 Enter.
I never want to save them.
Nothing happened. Oh, but it looks like I just went back to the library log in page. So
I mean, he thinks that he entered the wrong password of the website. Just reloaded. So let's go ahead and hop back into our social engineers, took it and see what we've got.
As you can see, we got a hit. So it printed the output for the 1st 1 parameter log equal cyberia dot Dustin. So it found a parameter that was passed to the website called Log with the
text cyber dot Dustin and from our experience, we know that that's probably the user name
there. It looks like there was also a possible password field found
in the text 100 into that was secure Password 123
It was submitted to log in and then it redirected to the regular cyber website. So when you're finished, hit control C to generate a report will go ahead and do that says control scene.
It looks like
file has been exported to, and I like to copy this HTML final
so we can open it up. So it's got an accent out of the Social Engineers tool kit with exit. And again, I like to clear. Just so we're clean.
All right, So what's going on? Coffee. That file
here C p is copy
and we will pace that.
And if you didn't know what that till this short
shortcut for the user's home directory.
We want that on the guest top.
As you see,
s e t underscore results stop html
and looks like a space. And any time there's a space you want to make sure you do quote that as a single variable, so you don't get any errors
Now, our file was copied to the desktop called S C T results dot html. So it's gonna minimize this
here. We've got a results file will open that up,
and this is a sample social learning tool kit report. And so it tells the report was generated by the social centre tool kit. That's something you could give to an executive team or whoever is in charge of hiring you for your penetration test or just improving security
for that company.
So it tells you a little bit about the report. What was found? Um,
the tools used for good, not evil. So statistics. So the credential harvester keeps track of how many individuals visited the site and those who actually fell for the attack. So in our attack, it looks like one individual visited the site. Based on that visit, there was one victim that successfully fell for the attack.
And this is where it come in real handy.
If you sent this out to 100 people, you can see that maybe 50 of them visited the site and 10 of them entered their credentials. That's really good to have when you're trying to help improve the security of an organization.
So under this, we do have a report, findings below,
and we'll see. So report findings here for the website. It looks like we did find one user name, one password, and that user was redirected to cyber dot i t.
So we can see that was a successful attack.
All right, we're going to end this module with just a real quick quiz.
So the first question is, which module can you use to grab credentials by cloning a website?
Yeah, that was a credential harvester in the website attack tools and a social engineer tool. Kim.
So question number two, how can you send a single email address with social engineer tool kit?
And this one is a little confusing at first until you just get a little more familiar with the tool. So it is under the mass mailer attack,
and then the
it is the first option email attack, single email address.
All right. Can you send or how can you send multiple e mails with Social Jr Tolkien
and this one we didn't talk about, But you may have seen the menu option. So again, it is under the mass Miller attack, which is number five. And then you're gonna enter the email attack mass Mailer number two,
and I'll go ahead and show you that the lab real quick since we didn't go over that
don't minimize this
way, will launch our social system Can
number one for social engineering attacks. So, as you can see, that was option number five, the mass mailer attack.
And here's where you have the two options. A single email address or an actual mass mailer mass. Miller is number two.
And as you can see, it wants you to direct it to a file. And this is where exporting in the C S. V
from some of our other tools would come in handy because you'd have all those email addresses already. You point the social engineer toolkit to that file, and it would then parse through those and send an email to all of the email address is in that file.
All right, coming up. So now we've prepared and sent our phishing emails and you've seen how that can work. What can we do to stop them