diff_months: 14

NTW600 Social engineering attacks Assessment

Download Solution Now
Added on: 2023-04-25 11:29:52
Order Code: clt316472
Question Task Id: 0
  • Subject Code :

    NTW600

  • Country :

    Australia

Social engineering attacks are one of the top techniques used against networks today. Why spend days, weeks, or even months trying to penetrate layers of network security when we can just trick a user into running a file that allows us full access to their machine and bypass antivirus, firewalls, and many intrusion detection systems? This is most commonly used in phishing attacks today, craft an e-mail or create a fake website that tricks user into running , malicious file that creates a backdoor into their system. Kali Linux includes one of the popular social engineering attack toolkit available, Devid kennedy's Social Engineering Toolkit (SET). Devid's team is very active on SET, there are always new features and attacks being added, More recently several non-social engineering tools have been also added to SET making it a very robust attack tool.

type following command in a terminal :

cn1-1682413332.jpg

The Screenshot is following :

ntw600_img3-1682420893.jpg

We can see the Social-Engineering Attacks in the top of the menu, so we choose number 1 and hit Enter. Then we will be displayed social engineering options as we can see in the following screenshot:

cn3-1682413331.jpg

Here in this lab we choose options 5. That is Mass Mailer Attack.

One way a Social Engineer will attack a network is to send out a flood of e-,ails to company address and see who will respond or run the malicious attachment we sent with it.

After entering in option 5 in SET we got two options

  1. E-mail Attack single E-mail Address
  2. E-mail Attack Mass Mailer

The screenshot is following:

ntw600_img3-1682420893.jpg

For this example let's just send one. We press 1 and hit "Enter". Then we enter a target e-mail address. See the following screenshot :

For this example, let's just send one. We press 1 and hit "Enter". Now we select option 1 to use a Gmail account or another server. For this lab we will use a fake Gmail account. The Gmail address and password must be correct.

Then we choose a spoofed name to use for the 'from' line of the message. Let's use "supporrt@google.com" so it look that it's from Google. Pay special attention to this field, as this where the real social engineering takes place. Now SET asks for the password of the Gmail account.

Then we press yes at the prompt "Flag this message/s as high priority ?" We don't want to attach any malicious file so we choose "no" when prompt "Do you want to attach a file ?"

Next enter an e-mail subject line. What about "Important update"

Enter "p" when prompted to "Send the message as html or plain ?" Now type-in a fake message, preferably one that will entice our victim to click on a malicious link included or entice them surf to a malicious web page. In actual defense practice this could just be a test webpage that records the IP address of those who were tricked to surf to the page. That way as a security expert we know who in our organization needs to be better educated on the risks of malicious e-mails.

ntw600_img6-1682421164.jpg

When finished we type "END" in the last line. Just like following screenshot.

Then press "Enter" and SET will send out the e-mail to victim. The message in above screenshot is obviously a silly fake, but something like this (With a much more believable message ) could be used to test employee's ability to detect, resist and report phishing attempts.

So far we have just sent a fake e-mail that could redirect someone to a bogus site. But if we could make a fake site that offered up a booby script, and if the user allows the script to create shell with the user.

  • Uploaded By : Katthy Wills
  • Posted on : April 25th, 2023
  • Downloads : 0
  • Views : 215

Download Solution Now

Can't find what you're looking for?

Whatsapp Tap to ChatGet instant assistance

Choose a Plan

Premium

80 USD
  • All in Gold, plus:
  • 30-minute live one-to-one session with an expert
    • Understanding Marking Rubric
    • Understanding task requirements
    • Structuring & Formatting
    • Referencing & Citing
Most
Popular

Gold

30 50 USD
  • Get the Full Used Solution
    (Solution is already submitted and 100% plagiarised.
    Can only be used for reference purposes)
Save 33%

Silver

20 USD
  • Journals
  • Peer-Reviewed Articles
  • Books
  • Various other Data Sources – ProQuest, Informit, Scopus, Academic Search Complete, EBSCO, Exerpta Medica Database, and more