1
00:00:01,700 --> 00:00:07,850
As an exercise will we use the meadow split platform or more precisely one of its components called

2
00:00:07,850 --> 00:00:12,420
Set choose exploration tools.

3
00:00:12,690 --> 00:00:15,840
Then in the section social engineering tools you'll find the app

4
00:00:20,570 --> 00:00:25,040
set facilitates social engineering attacks.

5
00:00:25,200 --> 00:00:28,860
When you convince the user to start a program they get from you.

6
00:00:28,970 --> 00:00:36,100
You then have to send them the program since to be the hardest part to set.

7
00:00:36,120 --> 00:00:39,200
This can be largely automatic.

8
00:00:39,270 --> 00:00:41,130
You have to make just a few clicks.

9
00:00:44,430 --> 00:00:47,730
By pressing one you choose social engineering attacks.

10
00:00:53,160 --> 00:00:55,620
So it will help us create a malicious payload.

11
00:00:57,310 --> 00:01:01,430
We'll use it to then send very personalized emails to specific people.

12
00:01:04,470 --> 00:01:09,780
Social engineering toolkit creates programs that establish a callback connection with a specific computer

13
00:01:12,000 --> 00:01:16,710
when the addressee of the automatically generated e-mail opens the message.

14
00:01:16,710 --> 00:01:23,440
It will start a program that will establish a connection with your computer this in turn will give us

15
00:01:23,440 --> 00:01:27,760
remote access to the victim's computer with the same user privileges as the victim has

16
00:01:30,760 --> 00:01:39,830
choosing the third option from the list will generate a program that can be saved to a memory stick.

17
00:01:39,870 --> 00:01:44,400
The program has two obstacles to overcome.

18
00:01:44,410 --> 00:01:49,530
The first is an end of virus scanner running on a targeted computer.

19
00:01:49,650 --> 00:01:51,180
The firewall is the second

20
00:01:54,590 --> 00:02:01,370
the network firewall is usually set to issue a warning in the case of any outgoing connection such warning

21
00:02:01,370 --> 00:02:03,900
messages are meaningless for the average user.

22
00:02:05,370 --> 00:02:09,610
It's as if they were saying something's trying to interrupt you.

23
00:02:09,800 --> 00:02:11,540
Would you like to continue trying.

24
00:02:12,410 --> 00:02:16,650
It's obvious that the user will choose an option that will ensure no more interruptions.

25
00:02:18,290 --> 00:02:24,700
Just in case to conduct the attack we'll choose the first option provided by set.

26
00:02:24,820 --> 00:02:30,900
That is file format exploits.

27
00:02:30,990 --> 00:02:34,770
This will utilize a program already installed on the victim's computer.

28
00:02:36,080 --> 00:02:38,690
The program will establish a callback connection with us

29
00:02:42,100 --> 00:02:44,190
after choosing an appropriate option.

30
00:02:44,200 --> 00:02:50,760
We have to type the public IP address of the computer which will be used to conduct the attack this

31
00:02:50,760 --> 00:02:55,770
of course will not be the address of our computer but have some public server which we've already gained

32
00:02:55,770 --> 00:02:58,360
control over.

33
00:02:58,500 --> 00:03:03,050
It must be a public IP address otherwise the attack will be unsuccessful.

34
00:03:06,260 --> 00:03:10,570
We typed one hundred one hundred one hundred one hundred.

35
00:03:10,580 --> 00:03:17,510
This is of course a non-existent address.

36
00:03:17,530 --> 00:03:22,420
The next step is to select one of the payloads which is a functionality allowing us to establish a remote

37
00:03:22,420 --> 00:03:24,830
callback connection.

38
00:03:24,900 --> 00:03:30,510
You can choose from a list of errors pertaining to well-known programs such as the Adobe suite and mess

39
00:03:30,510 --> 00:03:31,970
office suite.

40
00:03:32,280 --> 00:03:35,910
Or you can choose a solution created by the offers of the set framework

41
00:03:39,630 --> 00:03:41,250
let's choose option number one

42
00:03:45,540 --> 00:03:48,230
all of this will result in the remote callback connection.

43
00:03:49,100 --> 00:03:51,060
It can be a TCAP connection.

44
00:03:52,050 --> 00:03:59,470
That is a Windows command line or met a split console or other solutions presented in the picture.

45
00:04:02,230 --> 00:04:06,190
Option number 2 is usually preferred but we will choose option number one.

46
00:04:08,770 --> 00:04:12,900
Most likely we managed to get past the firewall.

47
00:04:13,020 --> 00:04:19,690
We still need to be at the antivirus having convinced the victim to take our memory stick and take a

48
00:04:19,690 --> 00:04:22,690
look at our exquisitely interesting pictures.

49
00:04:22,780 --> 00:04:26,100
We don't want an end or virus message to run our efforts.

50
00:04:27,450 --> 00:04:29,730
This could make the victims suspicious.

51
00:04:32,310 --> 00:04:37,670
We have to encrypt the payload so that the virus won't detect it.

52
00:04:37,690 --> 00:04:42,040
We can choose out of 16 encryption mechanisms.

53
00:04:42,110 --> 00:04:43,940
Let's choose number 16.

54
00:04:48,970 --> 00:04:53,660
Then we have to choose the part of the listener.

55
00:04:53,740 --> 00:04:58,870
The files are being generated.

56
00:04:59,030 --> 00:05:02,890
We will now start a program that will enable us to check the results of our work.

57
00:05:06,570 --> 00:05:09,390
Let's open the exploit directory in the Penn test folder

58
00:05:12,110 --> 00:05:15,320
in the Sent folder a new directory order run was created

59
00:05:19,490 --> 00:05:21,200
our payload is almost generated

60
00:05:26,460 --> 00:05:35,780
we still have to choose the attack method we will choose option one that is Windows Address Book we

61
00:05:35,780 --> 00:05:37,040
will choose the default name.

62
00:05:37,040 --> 00:05:41,330
Open this and we will compress the file into a rar archive

63
00:05:53,780 --> 00:05:57,810
jotter one folder now has all the files we need to copy on the memory stick.

64
00:05:59,080 --> 00:06:05,030
Now you just have to give the memory stick to the victim.

65
00:06:05,240 --> 00:06:11,240
If you find a memory stick near a school university or a company connecting it to your personal computer

66
00:06:11,240 --> 00:06:12,730
is not the best idea.

67
00:06:14,090 --> 00:06:18,940
It takes about five minutes to generate a malicious payload and copy it on a memory stick.

68
00:06:22,390 --> 00:06:27,630
In the middle of 2010 such files were found on brand new memory sticks manufactured in China.

69
00:06:29,180 --> 00:06:36,330
If you plugged one into a computer it started an auto run IMT file containing a malicious payload.

70
00:06:36,380 --> 00:06:38,190
It was a wide scale issue.

71
00:06:39,580 --> 00:06:43,900
The memory sticks couldn't have been infected with malicious files generated by the crew of the cargo

72
00:06:43,900 --> 00:06:45,640
ship by means we've just presented

73
00:06:48,870 --> 00:06:53,190
it must have been done either at the factory where the memory sticks were manufactured or by one of

74
00:06:53,190 --> 00:06:57,220
the distributors.

75
00:06:57,220 --> 00:07:01,390
This shows that not every opportunity is as favorable as it may seem.