SOCIAL ENGINEERING TECHNIQUES

The main goal of social engineering is to entice a target to perform some illicit  action that enables you to either exploit their system or to collect information from them.

Social engineering most of the time uses email based attacks through vectors that target client side vulnerabilities,  which are exploitable through vectors that only a local user can reach.  These attacks usually leverage file format exploits client side and to target the information and perform a USB key drop. Some of the most common social engineering methods are listed in  the following categories to at least show some of the types to be noted at this point in time.

10% Off with Code CJ10! Abba Patio Provide You High Quality Outdoor Products! Free US Shipping!

Phishing 

Phishing is the social engineering technique that attempts to acquire sensitive information, such as username, password, and credit card information from human targets and receives a bogus email disguised as an authentic email from a trusted source, like a financial institution.

The email contains a link to open a fake webpage that looks nearly identical to the official site.  The style logo and image d may appear exactly as they are on the real website. If the phishing attack is successful, the human target will fill out the web from and provide sensitive data that you can use to further compromise their system.

To set up a phishing attack in Metasploit pro, you need to create a campaign that contains the following components.

  •       Email component: defines the content that you want to send in the email body, and the human targets that you want to receive the phishing attack. Each campaign can only contain one email component.
  • Web page component: Defines the web page path, HTML content, and the redirect URL –The web page that you create must contain a form that a human target can use to submit information. 

application  stored on a victim’s local machine or phishing scams to gather information from human targets.  

    For example,  you can attach a PDF that contains an exploit,  like the Cooltype exploit, to an email and send the email to a group of people. When the recipient opens an infected PDF, it can create a session on their machine if it’s vulnerable to the cooltype exploit. 

Advertisements
American Drew Cherry Grove 45th Anniversary Landscape Mirror, 54 in. W x 5 in. D x 48 in. H American Drew Cherry Grove 45th Anniversary Landscape Mirror, 54 in. W x 5 in. D x 48 in. H
Canabidol CBD Rescue Cream (250mg - 500mg) (Strength: 500mg) Canabidol CBD Rescue Cream (250mg – 500mg) (Strength: 500mg)

The method that you choose depends on the intent and purpose of the social engineering attack. For example, if you want to see how well an organization handles solicitation emails, you can set up a phishing attack.  If you want to gauge how well an organization follows security best practices,  you can generate a standalone executable file , load it onto a USB key, and 

Client- Side Exploits

A client-side exploit attacks vulnerabilities in client software. Such as web browsers, email applications and media players. In a client side exploit, the victim must visit a malicious site in order for the exploit to run. A client side exploit is different from a traditional exploit because it requires the victim to initiate the connection between their machine, Traditional exploits, on the other hand, do not require human interaction.

When a human target visits the web page that contains the exploit, a session opens on the target machine and gives you shell access to the target’s system is vulnerable to the exploit. Using the session, you can do things like capture screenshots , collect password files, and pivot to other areas of the network.

To set up a file format or client side exploit in metasploit pro, you need to create a campaign that contains the following components.

  • Email component

Web Page component (Optional)

Prepared by: Eyasu Esayas (Jesse)

HOMCOM Leather Recliner and Ottoman Set Swivel Lounge Chair With Storage Footrest Wood Base Living Room Furniture Brown
HOMCOM Leather Recliner and Ottoman Set Swivel Lounge Chair With Storage Footrest Wood Base Living Room Furniture Brown

HOMCOM Leather Recliner and Ottoman Set Swivel Lounge Chair With Storage Footrest Wood Base Living Room Furniture Brown

Settle into comfort with this recliner and ottoman set. This set features thick padded cushions and a beautiful exposed wood frame. Wrapped in high quality PU leather soft in touch and easy to clean. Pick up your favourite book and start enjoying your leisure time with this luxury set.

Features
  • ? Relax in style with this sophisticated recliner and ottoman set. Ideal for home and office use
  • ? Strong solid wood frame for durable use. Offers a 360 degree swivel for great flexibility
  • ? Thick padding on the seats armrests and ottoman for extra comfort
  • ? Wrapped in PU leather upholstery for a modern and elegant appearance
  • ? The ottoman includes a hidden storage compartment for your books magazines remote controllers and more
  • ? A knob is conveniently located under the arm to recline the chair up to 145�

Specification
  • ? Material: Wood Frame PU Sponge
  • ? Net Weight: 46.2lbs
  • ? Colour: Brown
  • ? Recliner Dimension: 31.5″Wx33.9″Dx39″H
  • ? Ottoman Dimension: 18.5″Lx16.5″Wx17.7″H
  • ? Seat Size: 19.7″Wx20.5″D
  • ? Seat Height: 18.5″
  • ? Maximum Reclining Angle: 145�
  • ? Reclining Dimension: 31.5″Wx42.1″Dx37.8″H
  • ? Storage Compartment Size: 15.7″Lx13.4″Wx2.4″H
  • ? Recliner Max Load: 264lbs
  • ? Ottoman Max Load: 220lbs