Ethical Hacking

4. Social Engineering Tools & Techniques

Scanning & Exploitation

Metasploit is one of those programmes that crosses boundaries. It can be used as a scanning tool to discover weaknesses or vulnerabilities in computers. It also contains a useful database of exploits or methods of taking advantage of weaknesses in operating systems discovered by a thriving community of users.

The framework also comes with a wide variety of 'payloads' which are sections of code that can de delivered by the exploit being used. The choice of exploit used, depends upon the vulnerabilities detected in the scan and the operating system.

The payload delivered depends upon the exploit being used and what the hacker's goals are. These may vary from 'owning' the machine to quietly listening and spying on the user.

Metasploit
Using Social Engineering Tools

The use of scanning tools like Maltego and especially The Harvester demonstrated how easy it is to collect email addresses on a big scale. These can be used to deliver 'spam' emails or used in a more subtle way as part of social engineering attacks.

Social engineering is more than sending spam mail. It includes all techniques attacking the weakest link in the security chain, the user. Attacks can vary from simple targeted phishing attacks, to cloning web sites to deceive visitors into believing they are on a genuine site so that their credentials can be collected.

There is extensive range of social engineering tools that come with Kali Linux, a few of which we are going to look at. All of them are invaluable tools for pen-testers who attempt to engineer entry into target machines.

  1. Social Engineering Toolkit (SET): As the name implies, this is an extensive framework of very powerful modules which can be called up and activated through the terminal
  2. Ghost Phisher: A powerful GUI programme that can be used to launch man in the middle attacks (MITM) by setting up your VM as a fake server.
  3. Backdoor-factory(BDF): A useful program for preparing 'patches' which if delivered to a target machine create back doors that will allow remote access a hacker.
  4. U3-pwn: A popular tool based on Metasploit for creating 'payloads' for memory cards and USB devices which can be used to deliver payloads to exploit vulnerabilities in machines, perhaps by leaving it on a desk.
Social Engineering
Tasks
More Metasploit

Using the command show exploits after Metasploit has been started, reveals there are over a thousand exploits available for use on a variety of operating systems. Viewed in a full screen msfconsole window shows more information about the exploit and the chances of success. It is way beyond the scope of this course to go through every one but we are going to practice using a few more.

Watch the video. It's quite short, but goes through about 1 exploit per minute so you will have to use the stop, rewind, pause and play controls.

For each exploit, in your notebook

  1. Explain the vulnerability to be exploited.
  2. Broadly describe how the exploit works.

Exploits used in the video include

  • exploit/unix/ftp/vsftpd_234_backdoor
  • exploit/multi/http/php_cgi_arg_injection
  • exploit/linux/misc/drb_remote_codeexec
  • exploit/multi/samba/usermap_script
  • exploit/unix/misc/distcc_exec
  • exploit/multi/misc/java_rmi_server
Introducing Armitage

Armitage is basically Metasploit with a graphical user interface. Allegedly it is disliked by 'real' hackers because it's 'point and click' instead of being terminal and command based. Real hackers can remember commands!

Really, the main reason is because it is very much slower than Metasploit by itself. If you can put up the delay, Armitage is well worth getting to grips with, and as increased use makes the commands more familiar the graphical version can be dropped in favour of the more command based version.

To see how to use Armitage watch and work along with the video. Once Metasploitable has been compromised by Armitage, take a screen shot and include it in your notebook.

Pivot on This

Even with the 'snobbish' disdain of hardcore hackers Armitage is well worth learning.

  1. It's very good for visualising large networks.
  2. Provides a neat way of seeing how attacks can be mounted by so called Pivot attacks where one compromised computer can be used to mount an attack on others.
  3. Has an easy way of filtering out exploits appropriate to the service and host.
  4. Provides an easier menu based options of interacting with the compromised machine taking control of its cameras, keyboards, mics and so on.

So let's do a Pivot attack where control is gained over one machine in a network and this powned machine is used as a platform for attacking others in the network. So:-

  1. Create a clone of Metasploitable to give another virtual box to attack.
    1. Right click on Metasploitable, choose clone and setup as the image shows.
    2. Clone Metasploitable
  2. Launch VirtualBox, the two copies of Metasploitable to simulate a small network and the Kali Linux box.
  3. Kali Linux box will be used to 'hack' one Metasploitable box and this will be used to attack another under a pivot attack. Remember use ifconfig terminal command to reveal the IP address of each box.

Watch and work along with the video. Once Metasploitable has been used to compromise the Metasploitable Clone box using Armitage, take a screen shot and for evidence and include it in your notebook.

Two Note Swivel

Pivot attacks are not just restricted to Linux boxes. They can be conducted through Windows systems and even mixed network systems that include Apple, Windows and Linux boxes.

Time to see how it's done through a Windows box. Download a Windows VM. Like Metasploitable this version of Windows is an earlier unpatched version made available for pen-testing. Because of it's many loopholes it should not be exposed to the wider world.

  1. Download a copy of Metasploitable2.
  2. Move it into the c:/Installs/Computing Vm folder.
  3. Open Oracle VirtualBox and add it to the list of Virtual Machines
  4. Start Kali Linux, the Metasploitable2 and the Metasploitable boxes
  5. Find the IP address of the Metasploitable and Metasploitable2 boxes.
  6. Follow the steps in the movie to first compromise the Metasploitable box, then pivot through this to attack a Metasploitable2 machine.
  7. Once accomplished, take a screenshot and include it in your notebook.
SET - Facebook

Credential Harvesting or getting User-names and Passwords from users is an easy thing to do with the SET toolkit.

A popular way of doing this, is to clone a website that involves logging in. Wait for users to visit the 'cloned' page and capture their credentials as they log in before passing them onto to the genuine site.

The video shows the process with Facebook. If you can, try this with Facebook. If Facebook is inaccessible user your Glow log in page.

SET - Redirecting Mail

Redirecting email is a good trick. The aim here, is to send emails pretending to come from one person, preferably from someone in authority and get them to respond to a genuine email address to capturing their ID.

This is similar to credential harvesting but is more proactive in that it involves targeting specific individuals. Essentially this is a spear phishing attack

  1. Watch and work along with the video. There is no voice commentary and it's really quick, so prepare to pause and rewind..
  2. Set up your own phishing email and send it to others in the class. If you get one, respond and then change your password to prevent any further compromise
    • If you want to use a pre-prepared phishing mail you can use this text.
    • Spear Phish Mail
  3. On your own machine, see what you capture. Take a screenshot and include it as evidence in your notebook.
You should be able to:-
  • Describe the goal of social engineering in a pen-testing context.
  • Use Social Engineering Tools for Pen-testing
  • Give the aims of hackers for specific pen-testing hacks e.g. credential harvesting.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee