SecurityTubeBeta Watch ... Learn ... Contribute |
 |
 |
 |
 |
 |
  |
|
Client Side Attack using Social Engineering and Metasploit
In this video, loganWHD from Social-Engineer.org demonstrates how to conduct a Client side attack using a combination of Metasploit and Social Engineering. The idea is to first gain the trust of the victim, by sending him an email coming from a source he trusts. In order to do this, we first go dumpster diving and find the name and email addresses of the company's support team. Then loganWHD proceeds to create a malicious PDF using the Metasploit framework and then sends it as an attachment to the victim in a spoofed email. He then patiently waits on the Meterpreter prompt for a reverse connect to him :) The victim opens the email, and being "aware" of malicious attachments, proceeds to scan the file with the AV on his machine. The AV is unable to detect any viruses and malware, so the victim confidently opens the file, which triggers the exploit and subsequently the payload executes, and connects back to the Meterpreter waiting on loganWHD's computer. Logan then proceeds to migrates the shell to another process, before the victim can kill the PDF viewer process, which looks as if it has hung. Once the migration is done, loganWHD activates the keylogger and grabs the victim's keystrokes and uncovers the username / password of the victim. GAME OVER! :)
As firewalls and IDSs are becoming more and more sophisticated, the easiest entry point for hackers into a company's network are it's employees. This is why in recent times, we have seen a huge spike in Client side attacks. This video goes to show how gullible employees can put their company's secrets at risk!
Social-Engineer.org recently released the SET framework for conducting social engineering attacks in a more structured and systematic way. I would highly recommend downloading the kit from their site and trying it out. It's already a part of my arsenal :)
Thanks go out to loganWHD from Social-Engineer.com for posting this video on SecurityTube!
As firewalls and IDSs are becoming more and more sophisticated, the easiest entry point for hackers into a company's network are it's employees. This is why in recent times, we have seen a huge spike in Client side attacks. This video goes to show how gullible employees can put their company's secrets at risk!
Social-Engineer.org recently released the SET framework for conducting social engineering attacks in a more structured and systematic way. I would highly recommend downloading the kit from their site and trying it out. It's already a part of my arsenal :)
Thanks go out to loganWHD from Social-Engineer.com for posting this video on SecurityTube!
Related Videos from: Social Enginnering Attacks using the Social Engineering Toolit (SET)
.jpg) |  |  |  |  | |
You are Viewing this Video Now! | |||||
4961 views | 4430 views | 6879 views | 2853 views | 2231 views |
Author
Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net
©2007 Freak Labs |