1 hour 1 minute
Hi, everyone. Welcome back to the course. So in the last video, we went over that fake social media profile. Now, again, don't go stalking anybody online, But I didn't want to just show you what kind of information people are putting out there for you to go grab a za penetration tester.
So in this video, we're gonna go over fishing. So we're just gonna do a quick fishing lab with a tool called the Social Engineering Tool kit. Now, there's a lot of features and things to play around with. With that particular tool, however, we're just gonna go kind of step by step and do our specific goal. So our goal today is just going through
crafting a phishing email are essentially what it's going to be using a pre built one.
But we're gonna be using a phishing email. We'll send it to the victim, which in this case will actually be ourselves, will click on it, open it up, and then from there we'll be able to open a command ship.
So let's go ahead and get started. So you should already be loved to the side very website and all you're gonna do now is. Just go to the search box here and just type in the word fishing. So it's gonna be fishing with a P H. Not in half.
All right. So once you find that, just click on the fishing lab right there,
and then click the launch button to launch the lab.
Then you're gonna have one more item here. You have to click on. So the launch item button and that's actually gonna open the lab in a separate tab. Now it just take about 30 or 40 seconds to actually pull up something. A pause, a video. Briefly, it pulls up on my side.
All right, welcome back. So you'll see that my Callie machine and everything is booted up. So I'm inside my lab environment here. Now, I'm just gonna click the next button and then okay, but in to close this little problem here. You're welcome to read through that, but we don't particularly need that for this lab,
so it's gonna take you to the Cali machine first. We're just gonna log in here with the standard Callie log in, which is root for the user. Names are hello. T
turn the keyboard or click the next button, and then we're just gonna use the word route backwards. We're gonna do t.
Oh, are all over case.
So if you weren't familiar with Callie clinics at all, what you kind of should be for this course is kind of a prerequisite. But if you weren't familiar with Callie, Lenin said, all that's using they were passed her by default for that particular operating system.
Now you'll see here that we've gone ahead and we've looked for a fishing lab in and you'll see we're booting up our Callie mission in the background. There we would have loved into our Callie machines were here it Step eight. We just log in with Root and then tour as I mentioned T o r route backwards.
The next thing we're gonna do here on the Cali machine is open a terminal window. So there's a couple ways you can do that. But the way we're going to use just the traditional script kiddie top away where we just click on the terminal icon right here on the left side, this little black box and that's gonna open the terminal window for us.
Now we want to go ahead and launch the SC SC tool kit for a social engineering tool kit. So here in step 11 we're gonna go ahead, just type in SC Tool kit.
So it's not that in all their case, press center on the keyboard there, it's gonna give you a message about set being out of date. Just go ahead and click the enter button again and you'll get another prompt here, basically asking you to agree to the terms of service.
Just type of why they're in press enter.
All right, so now that's taking us into the actual tool itself.
So what you're gonna see here is we've got several options. We're obviously gonna be doing a social engineering attack today, So fishing is a social engineering type of attack. You'll notice that there's a lot of different options in there as well. And as we continue going through this tool, you're gonna notice that we have many options to choose from. Is I kind of mentioned before?
So I encourage you to play around with this tool. Obviously do it, you know, attacking like yourself for systems that you own.
And don't go out there trying to attack somebody else's stuff, Because it at least in most jurisdictions, it would be a crime
again. I'm not an attorney. You know all that good. You know, disclaimer stuff. But you get the general idea. You don't wanna get in trouble and be stuck in a jail cell with no computer. That's no fun.
All right, so we're here it Step number 15. So we're getting a head start selecting our different options here. So we're gonna select option number one. We'll just type in a one. There were to do the social engineering attack, so just type in a one and press enter.
We're gonna be selecting the spear Phishing attack vector. So again, it's option one again impressing enter,
and then we want to perform the mass email attack. So we're gonna press one yet again. And press enter
are So we've got several different ways we can do this. Our choice today at least is gonna be this adobe, pdf embedded Execute herbal. So we're just gonna type in 16 there and press enter.
Let's go back to our lab documents. You could seem kind of where we're at. So we've gone through steps 15 16 17 and we just did Step number 18 where we chose Theodore B. Pdf with the embedded execute herbal.
So now we're here, It's step number 19.
So we want to use a built in blank pdf for the attack. We don't wanna go ahead and upload one now. Obviously, if you were doing this for real, you would want to craft your own stuff as much as possible because I just makes it a little better and a little more difficult per se, at least for any type of defense system to detect.
All right, So you want to type in the number two here and then just press enter on keyboard.
So now it's gonna ask us, What kind of payload do you actually want to do here? Now, we're just gonna do number one option number one, The windows reverse TCP shell that would, you know, be sent back to the attacker, at least for this example. You'll see there's several different options here for you to open up different shells on, so it's kind of up to you as your practicing this what you actually want to do with it.
So we're just keeping things pretty simple in this lab is gonna press one there. And so, like that payload
Arsenal wants an i p. Address for the payload listening. So we're gonna use a 1 92 168.1 dot five. So it's right here in step number 22 were to enter this I P address right there and then just press enter on the keyboard.
So we're typing in 192.16 to 8
that 1.5 and then just press enter.
It's gonna ask you, you know, what poor do you want to connect back to you by default? It's gonna be a C TPS report for 43. We're just gonna leave that allowed on this press enter on the keyboard to accept that default port.
All right, so take some time to generate this payload, so I'm gonna I'm gonna stop the video there, and we'll pick things back up in the next video
We will explore some fake social media profiles, craft our very own phishing email and malicious payload using the Social Engineering Toolkit (SET) in Kali Linux, and play the “victim” by opening the malicious file.