Phishing Attack Demo using the Social Engineering Toolkit

In this video, loganWHD from Social-Engineer.org demonstrates how to conduct a phishing attack on a company employees using the Social Engineers Toolkit (SET). He creates a professional looking website using SET and sends a link to the victim. Though in this example, email is being used to distribute the malicious website link, one could also have used XSS vulnerabilities or other social engineering techniques to get the victim to click the link and open it in his browser. Once the malicious site loads, it prompts the user to install a Java Applet, which seems to be from the "Microsoft Corporation". Though it is clearly visible that the origin of the applet is unknown, as the digital signature on the applet cannot be verified by the browser, most users will simply run it, as they see the "Microsoft Update" and "Microsoft Corporation" labels on it. Once the applet executes, it connects back to loganWHD's machine and gives him access to a command shell. GAME OVER!

This video once again demonstrates how a simple malware applet as in this case, can fool gullible users into running it by posing as a legitimate applet from a trusted source such as Microsoft.

We would recommend that you download the Social Engineering Toolkit and try this attack out yourself. Thanks to loganWHD for posting this video on SecurityTube!

Related Videos from: Social Enginnering Attacks using the Social Engineering Toolit (SET)


Malicious Email Social Engineer Attack using Social Engineers Toolkit (SET)	Client Side Attack using Social Engineering and Metasploit	You are Viewing this Video Now!	Java Applet Attack using the Social Engineering Toolkit	Aurora Attack Demo using Social Engineer Toolkit
4522 views	3788 views	6227 views	2483 views	1988 views

Author