DEEP DIVE INTO SOCIAL ENGINEERING ATTACKS | PART 1

Social Engineering Toolkit (SET):  

        Social engineering toolkit is an open-source tool designed especially for social engineering. The kit contains a number of tools to perform advance attacks against human behaviour.

How hackers use social engineering toolkit for attacking targets ?

The toolkit offers many functionalities as shown :

1) Spear Phishing attack :

          Spear phishing attack is a social engineering attack in which attacker uses human vulnerabilities for their good, by sending fake messages which may trick the target to expose or reveal sensitive information back to attacker or release malicious softwares like malware on target’s machine. Spear phishing is a little different from phishing as it is designed to get a single target.

The phishing attack can be executed in three ways : 

1) Mass E-mail attack :

              Mass e-mail attack is a type of social engineering attack where a larger amount of mails are sent to the target, intention to crash their mail box. This attack is generally performed to hide a important mail that is going to arrive on target’s side. 

              In many times, hackers need to target a group of people like company employees or more than one individual. In this case they use a email’s list. Email list can be created easily by using methods like webscrapping, etc.

           Mass email attack can be easily executed using social engineering toolkit(SET). Now let’s see how a hacker performs mass email attack using SET.

• Open up the terminal and type setoolkit and hit enter or search ‘social engineering toolkit’ in application drawer.
• Now select option 1 i.e Social engineering attack then you will see options like : 

• Select option 5 for mass mailer attack.
• Now select option 1 for attacking single target. We will select option 2 
• Give the path to the the email list : for eg : root/emails.txt. Hit enter.
• Select option 1 for a gmail account, you can also use a server for this
• Answer the questions as asked : email, password, attachment, etc.

• You get a option to send plain text or html email.

• After that type body of mail you want to send, hit enter type “END”, hit enter again 
• It will now start sending mails to targets specified in the emails.txt file.

2) File Format Payload Attack :

             A payload is a malicious file (eg: photo.png) which may cause harm to victim in various ways. 

   Like :

• Data theft

It particularly includes stealing of sensitive information such as bank details or sensitive information through various types of Data Breaches.

• Activity monitoring

A malicious payload which is executed can be used to monitor the activity of user for wrong purposes eg. Blackmailing, spying, etc.

• Displaying advertisements

Some payloads work to show unwanted ads and pop-ups.

• Deleting or modifying files

The attacker can modify or delete the contents of your system which will affect the behaviour of your computer system or mobile. 

• Downloading new files

Some malicious files are very small to get downloaded. But once they are downloaded, they further try to get larger files installed in your system.

• Running background processes

A payload can be programmed to run in background without the user noticing about it. 

How do we stop Malicious payloads?

      An Anti- virus should be used and the downloaded files should be scanned even if it is from a trusted source. Awareness should be spread in order to be cautious against such attacks. A Network security provider should be contacted immediately if you feel suspicious about anything happening with your system.

3) Lets see how a attacker use SET to steal usernames & passwords :

• Open terminal and hit setoolkit.
• Select from menu : 1) Social Engineering Attacks, then 2) Website Attack Vectors, then 5) Web Jacking Attack Methods. Now see the pictures below for reference.
• Then option 2) Site Cloner 
• It will ask you for the site to be cloned (Please enter full web address of the website) as shown :
• It will clone the website. The attacker may send these link by means of email, sms, etc. When the user visits these cloned website he/she will experience these content :
• When the user visits these link shown in the picture it will look like a facebook page, and as soon as user enters username and password, it is sent back to the attacker.
• On the attackers side : he can view username and password in path root/.set//reports/2021–12–27 08:03:52.640607.html (or something like, it may be a xml file also):