SecurityTubeBeta Watch ... Learn ... Contribute |
 |
 |
 |
 |
 |
  |
|
Malicious Email Social Engineer Attack using Social Engineers Toolkit (SET)
The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. Currently SET has two main methods of attack, one is utilizing Metasploit[1] payloads and Java-based attacks by setting up a malicious website that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering. SET was created by Rel1k for social-engineer.org.
This video created by loganWHD demonstrates how to use the Social Engineers Toolkit to perform an email attack using a maliciously encoded PDF. The first step is actually dumpster diving and finding an internal email list of the company. Then he creates a malicious PDF file vulnerable to the util.printf security bug. Then loganWHD uses the SET to create a spoofed email about an important memo to check out the attached PDF for more details. Once the victim opens the attachment, the exploit gets executed and of couse ... GAME OVER! :) Nicely done!
Thanks to loganWHD from Social-Engineer.org for submitting this video to ST! We would highly recommend visiting their site and to try out SET!
This video created by loganWHD demonstrates how to use the Social Engineers Toolkit to perform an email attack using a maliciously encoded PDF. The first step is actually dumpster diving and finding an internal email list of the company. Then he creates a malicious PDF file vulnerable to the util.printf security bug. Then loganWHD uses the SET to create a spoofed email about an important memo to check out the attached PDF for more details. Once the victim opens the attachment, the exploit gets executed and of couse ... GAME OVER! :) Nicely done!
Thanks to loganWHD from Social-Engineer.org for submitting this video to ST! We would highly recommend visiting their site and to try out SET!
Related Videos from: Social Enginnering Attacks using the Social Engineering Toolit (SET)
.jpg) |  |  |  |  | |
You are Viewing this Video Now! | |||||
4962 views | 4430 views | 6880 views | 2853 views | 2231 views |
Author
Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net
©2007 Freak Labs |