Time
3 hours 55 minutes
Difficulty
Advanced
CEU/CPE
5

Video Description

In this lab, Subject Matter Expert Dean Pompilio demonstrates Scythe, an interesting account enumerator tool that allows you to do account harvesting. You will use this tool to find out where your target has accounts on various Web sites.

You install Scythe into your Kali instance from GitHub using the following steps:

· Go to www.GitHub.com

· Enter Scythe into the site's search function

· Choose ChrisJohnRiley/Scythe from the list that is returned

In this lesson, you will learn: - how to run the program and understand the list of modules it supports

  • what the current settings are
  • how to set a directory for where all the modules are located
  • about the different modules
  • how to search on user name and/or email address
  • how to edit the account file
  • about options you can specify, such as the list option, directory for the modules, sorting by category
  • how to specify the ability to run threads
  • how to specify the retry time
  • how to specify how the summary is shown
  • how to specify how to save the output

SME Pompilio demonstrates the system with two different sets of specifications and notes that the summary gives information on where the accounts are located on all the various Web sites. He notes that it is important to consider the value of aggregation – that a Social Engineer gathers bits and pieces about the target from various places around the Internet and then may be able to infer certain information about their target's interests. This can provide fodder for engaging in Social Engineering techniques such as phishing and spearphishing.

Video Transcription

00:04
Hello, everyone.
00:06
This is Dean Pompilio, and we are going to do a demo
00:10
for the social engineering class.
00:13
Our next tool that we're going to be looking at is called Seif
00:18
and site This Ah,
00:20
pretty interesting tool. It actually allows you to do a count enumeration or count harvesting.
00:27
And
00:29
what we can do is install this tool into your instance of Cali
00:34
and go to the get hub dot com website
00:40
on this website, you can do a simple search for Seif
00:48
and the one you're interested in Is this right here? Chris John Reilly
00:52
account the numerator.
00:56
So there's information here. There's documentation
01:00
and the software itself so you can go ahead and download the Zip archive
01:06
for the Seif tool
01:08
and just follow the instructions for how to get that on to your Callie system.
01:17
I've put seif into my
01:19
user share
01:22
folder
01:26
and we can see here that
01:29
it comes with a default account file dot text.
01:33
I'll cover that in just a moment,
01:37
but the
01:38
main thing we weren't are concerned with as the python script saythat P y
01:46
all right, So the first thing I'd like to do is
01:51
run the program
01:53
and show the list
01:57
of modules
01:59
that it supports.
02:07
Notice that it will tell you the current settings by default. It'll look for this account. Filed a text.
02:14
You can set a directory for all of the modules where those are located,
02:24
and what it's doing is extracting the information about all the modules and knows about.
02:30
So we're gonna go ahead and
02:34
move for just a little bit.
02:36
And what we can see here
02:38
is all the modules. So there's
02:40
section for
02:43
media websites,
02:45
things like YouTube and flicker.
02:47
Funny or die.
02:51
There's some commerce websites,
02:53
he bay and etc. And caboodle.
02:55
Several forms
03:00
get Hub even makes an appearance as a software development website.
03:05
Notice that
03:07
some of the websites shown
03:09
you're able to search for a user name. Others also support searching for an email address.
03:16
So this is important because
03:22
the reason you're using this tool to begin with us to try to find out where your target
03:28
as part of your social engineering pen test,
03:30
where that target has accounts on various other systems websites.
03:36
We have all of our popular social networking Web sites here.
03:40
Email websites,
03:43
Yahoo hush male Gmail,
03:46
several blogging Web sites and even some gaming sites.
03:53
So this is this is useful.
03:55
Now we want to do is think about how
04:00
you're going to try to discover where your target has accounts.
04:06
So one of the first things we want to do is
04:12
at it the account file.
04:15
So I'm gonna go ahead and
04:17
use V I,
04:19
and you'll notice one account per line
04:24
and we've got some some default
04:28
Loggins here.
04:30
I can go ahead and add some more
04:38
Jack and Jill,
04:41
Jerry
04:44
and cover it.
04:47
We can also add some other ones like
04:53
Kevin one
04:56
two
04:57
or Bill
04:59
78
05:01
again. These are just names
05:03
for Loggins
05:05
As part of your social engineering pen test, you would want to accumulate thes these names so that you could then
05:13
put them into this file. So I'm gonna go ahead and save that,
05:17
and what I can do now
05:20
is ah, run Saif
05:23
with the help screen
05:25
so I can review some of the options
05:34
so we can specify Dash air dash dash account file for the FOB with names that we just looked at.
05:42
The dash al option or dash dash list showed all of the module names
05:47
you could specify a directory for the modules as well.
05:53
You can use a single module or you can do them by category,
05:57
So the categories are things like Commerce Forum social email Blog's ous were saw when I was reviewing the list of modules.
06:09
You can also specify
06:11
the ability to, uh,
06:14
run threads. We're not gonna bother with that option for this demo.
06:18
A retry time.
06:20
Sometimes websites will time out when you're when the tool is trying to
06:26
to probe that looking for these accounts so you can tinker with ae ri. Try setting in order to get better results.
06:32
And another option that's useful is
06:35
showing the summary at the end of the work.
06:40
You can also save the output
06:42
into a separate file
06:44
so that you can capture this
06:46
and loaded into
06:47
some of the other tools that will look at, like basket and greatest.
06:54
These are tools that let you
06:56
collect all of your information as you're doing your social engineering pen test
07:00
so that you can keep all your data organized.
07:08
Okay, so
07:10
we've edited our file. We've got her list of names
07:13
now. What I'd like to do is
07:15
run the command
07:18
and I'm going to specify
07:20
a category
07:24
of social,
07:28
and I'm also going to tell it were
07:30
my account file is actually, I don't need to do that, because by default, it will use the file that I've created. But if you do
07:40
want to create a different account file, you could have several of these in the same folder than you would specify that here,
07:47
our next
07:49
option that we'd like to specify is the summary.
07:54
And I'm also going to spell
07:56
specify an output file.
07:59
Salt is called that out filed, not text,
08:03
so we'll go ahead.
08:09
It's like it made near there.
08:22
Oh, it's dash out, dash out. Put my mistake. Okay,
08:30
so we'll change that really quick.
08:31
Well, go ahead and run the tool,
08:33
and it'll ask you
08:37
if you want to run all the, uh,
08:39
testing all the accounts that are in this account filed out text
08:45
tells me that my category social
08:48
I'm also going to be capturing a summary, and I've got an output file specified, so I'll go ahead and click Hi, Free for yes.
08:58
And this will start to tell me because I've got a lot of names in that
09:01
in that account file.
09:03
And because the social category has a fair number of sites,
09:07
it tells me that there is going to be 288 test cases.
09:13
So as it goes through this list, which will take a little while,
09:16
we can see I've already found one account example. User exists on slide share dot net.
09:24
Otherwise we'll see some error messages. These these red exclamation points would tell us that that particular website either did not respond
09:33
properly or the the information does not exist there.
09:39
So I'm gonna go ahead and applause the recording here because this will take a little while to run.
09:54
Okay, So the script finally completed its run.
10:00
I took, uh, probably about 10 minutes by my my reckoning
10:05
scroll back up here
10:07
so it can review the output.
10:13
All right, so if you remember, we saw that we had 288 test cases,
10:16
and as we go through the list, we can see that quite a few accounts were located
10:22
everywhere we see a green X.
10:24
So the account test user was located in several sites.
10:28
You can't test
10:33
test 123 was also located in various places. Blawg spot.
10:39
We have the account. Chris. Bill. Bob,
10:43
Jimmy,
10:48
Peter.
10:50
We have Jack
10:54
and we see some periodic staffs reports here 25% 50% 75%. So
10:58
it gives you an idea of how long this script is? Is continuing toe work as the information's being gathered.
11:09
And then we see Kevin
11:11
being located. Kevin 12 being located.
11:16
Bill 78 also located.
11:22
So 46 total matches found,
11:24
and then the summary
11:28
then shows us which websites were
11:31
We're part of the
11:33
the enumeration activity.
11:37
Remember, I chose the social category.
11:41
So that will tell us the summary will tell us where these accounts were located on all the various websites.
11:50
And we also
11:52
saved this information in an output file.
11:58
So that shows the raw data again
12:01
in in a simple text file format.
12:07
So we can we can do a different test here. We know that. Let's see,
12:13
uh, the user test exists on slide share dot net.
12:20
So instead of creating an output file,
12:24
I'm gonna go ahead and move that
12:26
and going to remove category, and I can specify single
12:31
for a
12:33
US A, um,
12:37
single website that I'd like to check
12:39
so I could just look at slide share dot net. Let's say
12:48
so. This is only 16 items, but maybe this particular website is interesting. For some reason, it's got
12:54
a lot
12:54
a fair number of people that were discovered there,
12:58
a fair number of identity ideas rather that would that were discovered there.
13:03
And we could already see that several of the
13:07
the names inside the account filed a text
13:11
are showing up on slide share dot net.
13:13
If you don't specify any category or any single website
13:18
than every
13:20
category in all of the modules will be attempted.
13:24
So that's your your your widest net. If you want to think about it that way,
13:30
and then you would obviously try to narrow things down
13:33
as you get closer to identifying those websites where these particular accounts exist.
13:45
Well, let this run for just a little while longer,
13:48
and we see that
13:48
just about all of the names in that
13:52
account file exists on slide share dot net.
13:58
Another thing to consider. Well, while we're doing this kind of work is the value of aggregation,
14:05
so trying to to gather little bits and pieces of information about the target
14:11
from
14:11
different different places on the Internet. In this case,
14:18
if this person has an account on slide share dot net and they have an account on Twitter and some other places, you might be able to infer certain information about
14:28
what kinds of interests this person has. And that could help
14:31
in creating things like phishing emails, spear phishing emails.
14:39
Okay, so that concludes the
14:41
Seif demo.
14:43
I hope you enjoyed it. And we'll see you next time.
14:46
Thank you.

Up Next

Social Engineering and Manipulation

In this online, self-paced Social Engineering and Manipulation training class, you will learn how some of the most elegant social engineering attacks take place. Learn to perform these scenarios and what is done during each step of the attack.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor