00:06
This is Dean Pompilio, and we are going to do a demo
00:10
for the social engineering class.
00:13
Our next tool that we're going to be looking at is called Seif
00:20
pretty interesting tool. It actually allows you to do a count enumeration or count harvesting.
00:29
what we can do is install this tool into your instance of Cali
00:34
and go to the get hub dot com website
00:40
on this website, you can do a simple search for Seif
00:48
and the one you're interested in Is this right here? Chris John Reilly
00:52
account the numerator.
00:56
So there's information here. There's documentation
01:00
and the software itself so you can go ahead and download the Zip archive
01:08
and just follow the instructions for how to get that on to your Callie system.
01:17
I've put seif into my
01:26
and we can see here that
01:29
it comes with a default account file dot text.
01:33
I'll cover that in just a moment,
01:38
main thing we weren't are concerned with as the python script saythat P y
01:46
all right, So the first thing I'd like to do is
02:07
Notice that it will tell you the current settings by default. It'll look for this account. Filed a text.
02:14
You can set a directory for all of the modules where those are located,
02:24
and what it's doing is extracting the information about all the modules and knows about.
02:30
So we're gonna go ahead and
02:34
move for just a little bit.
02:36
And what we can see here
02:38
is all the modules. So there's
02:45
things like YouTube and flicker.
02:51
There's some commerce websites,
02:53
he bay and etc. And caboodle.
03:00
get Hub even makes an appearance as a software development website.
03:07
some of the websites shown
03:09
you're able to search for a user name. Others also support searching for an email address.
03:16
So this is important because
03:22
the reason you're using this tool to begin with us to try to find out where your target
03:28
as part of your social engineering pen test,
03:30
where that target has accounts on various other systems websites.
03:36
We have all of our popular social networking Web sites here.
03:43
Yahoo hush male Gmail,
03:46
several blogging Web sites and even some gaming sites.
03:53
So this is this is useful.
03:55
Now we want to do is think about how
04:00
you're going to try to discover where your target has accounts.
04:06
So one of the first things we want to do is
04:12
at it the account file.
04:15
So I'm gonna go ahead and
04:19
and you'll notice one account per line
04:24
and we've got some some default
04:30
I can go ahead and add some more
04:47
We can also add some other ones like
05:01
again. These are just names
05:05
As part of your social engineering pen test, you would want to accumulate thes these names so that you could then
05:13
put them into this file. So I'm gonna go ahead and save that,
05:17
and what I can do now
05:23
with the help screen
05:25
so I can review some of the options
05:34
so we can specify Dash air dash dash account file for the FOB with names that we just looked at.
05:42
The dash al option or dash dash list showed all of the module names
05:47
you could specify a directory for the modules as well.
05:53
You can use a single module or you can do them by category,
05:57
So the categories are things like Commerce Forum social email Blog's ous were saw when I was reviewing the list of modules.
06:09
You can also specify
06:14
run threads. We're not gonna bother with that option for this demo.
06:20
Sometimes websites will time out when you're when the tool is trying to
06:26
to probe that looking for these accounts so you can tinker with ae ri. Try setting in order to get better results.
06:32
And another option that's useful is
06:35
showing the summary at the end of the work.
06:40
You can also save the output
06:42
into a separate file
06:44
so that you can capture this
06:47
some of the other tools that will look at, like basket and greatest.
06:54
These are tools that let you
06:56
collect all of your information as you're doing your social engineering pen test
07:00
so that you can keep all your data organized.
07:10
we've edited our file. We've got her list of names
07:13
now. What I'd like to do is
07:18
and I'm going to specify
07:28
and I'm also going to tell it were
07:30
my account file is actually, I don't need to do that, because by default, it will use the file that I've created. But if you do
07:40
want to create a different account file, you could have several of these in the same folder than you would specify that here,
07:49
option that we'd like to specify is the summary.
07:54
And I'm also going to spell
07:56
specify an output file.
07:59
Salt is called that out filed, not text,
08:09
It's like it made near there.
08:22
Oh, it's dash out, dash out. Put my mistake. Okay,
08:30
so we'll change that really quick.
08:31
Well, go ahead and run the tool,
08:37
if you want to run all the, uh,
08:39
testing all the accounts that are in this account filed out text
08:45
tells me that my category social
08:48
I'm also going to be capturing a summary, and I've got an output file specified, so I'll go ahead and click Hi, Free for yes.
08:58
And this will start to tell me because I've got a lot of names in that
09:01
in that account file.
09:03
And because the social category has a fair number of sites,
09:07
it tells me that there is going to be 288 test cases.
09:13
So as it goes through this list, which will take a little while,
09:16
we can see I've already found one account example. User exists on slide share dot net.
09:24
Otherwise we'll see some error messages. These these red exclamation points would tell us that that particular website either did not respond
09:33
properly or the the information does not exist there.
09:39
So I'm gonna go ahead and applause the recording here because this will take a little while to run.
09:54
Okay, So the script finally completed its run.
10:00
I took, uh, probably about 10 minutes by my my reckoning
10:07
so it can review the output.
10:13
All right, so if you remember, we saw that we had 288 test cases,
10:16
and as we go through the list, we can see that quite a few accounts were located
10:22
everywhere we see a green X.
10:24
So the account test user was located in several sites.
10:33
test 123 was also located in various places. Blawg spot.
10:39
We have the account. Chris. Bill. Bob,
10:54
and we see some periodic staffs reports here 25% 50% 75%. So
10:58
it gives you an idea of how long this script is? Is continuing toe work as the information's being gathered.
11:09
And then we see Kevin
11:11
being located. Kevin 12 being located.
11:16
Bill 78 also located.
11:22
So 46 total matches found,
11:24
and then the summary
11:28
then shows us which websites were
11:33
the enumeration activity.
11:37
Remember, I chose the social category.
11:41
So that will tell us the summary will tell us where these accounts were located on all the various websites.
11:52
saved this information in an output file.
11:58
So that shows the raw data again
12:01
in in a simple text file format.
12:07
So we can we can do a different test here. We know that. Let's see,
12:13
uh, the user test exists on slide share dot net.
12:20
So instead of creating an output file,
12:24
I'm gonna go ahead and move that
12:26
and going to remove category, and I can specify single
12:37
single website that I'd like to check
12:39
so I could just look at slide share dot net. Let's say
12:48
so. This is only 16 items, but maybe this particular website is interesting. For some reason, it's got
12:54
a fair number of people that were discovered there,
12:58
a fair number of identity ideas rather that would that were discovered there.
13:03
And we could already see that several of the
13:07
the names inside the account filed a text
13:11
are showing up on slide share dot net.
13:13
If you don't specify any category or any single website
13:20
category in all of the modules will be attempted.
13:24
So that's your your your widest net. If you want to think about it that way,
13:30
and then you would obviously try to narrow things down
13:33
as you get closer to identifying those websites where these particular accounts exist.
13:45
Well, let this run for just a little while longer,
13:48
just about all of the names in that
13:52
account file exists on slide share dot net.
13:58
Another thing to consider. Well, while we're doing this kind of work is the value of aggregation,
14:05
so trying to to gather little bits and pieces of information about the target
14:11
different different places on the Internet. In this case,
14:18
if this person has an account on slide share dot net and they have an account on Twitter and some other places, you might be able to infer certain information about
14:28
what kinds of interests this person has. And that could help
14:31
in creating things like phishing emails, spear phishing emails.
14:39
Okay, so that concludes the
14:43
I hope you enjoyed it. And we'll see you next time.