SOCIAL ENGINEERING:
I was very confused about the term social engineering but now I will clear this term in simple way. Social engineering means “to understand a specific society” but in case of hacking it means “to understand our victim”. In case of hacking, it is related to “personality of our victim” in which we test the ability, mind power and mind weakness of our victim. Moreover, we get some details of our victim by using different talking techniques or by other people having relation with our victim. Let’s discuss some examples related to social engineering.
EXAMPLE 1:
Let consider that John is your victim and you want to access everything like system, accounts etc. of John. Now what you will do first? First you will try to make him your friend and then you will test his mind. You talk to him and find that he has no strong mind and he is normal in mind. So, it means that his (password) will not be strong. His password will be normal that he can keep in his normal mind easily. It was your first social engineering.
EXAMPLE 2:
Now you are friend of John and he did not know that you are a hacker. Then as a friend you will ask some favorite things of John. For example, John likes battle movies, Indian dramas, honey, ice cream, pepsi etc. But what is role of favorite things in hacking. The role is that the password of John may be the name of his favorite movie or drama or other thing that he likes. It was your second social engineering.
EXAMPLE 3:
After some time you realize that John is greedy. He likes free internet offers, money earning games, free mints and useful links. So knowing that you can send easily a phishing link, email with payload fie etc. named as (free MBs) or (earning games chance) etc. to hack his computer easily.
So, all these techniques are called social engineering. Now I think you are clear about social engineering. So, let’s start our post.
Social Engineering Toolkit (SET):
It is very powerful hacking tool of Kali Linux that is used for different attacks in Kali Linux. You can say this tool as “Father of the hacking tools”. It is written in python language and every hacker uses it for different attacks for example SMS spoofing attack, Mass mailer attack, Wireless access point attack etc. It has link with Metasploit. It can do any attack which a hacker wants. So, a hacker must learn it deeply. It is pre-installed in Kali Linux so we can use it directly.
MAIN MENU OF SET:
The main menu of social engineering toolkit is consist of following options as shown in the figure.
Menu of setoolkit
1) SOCIAL ENGINEERING ATTACKS:
All the options of main menu of social engineering toolkit are important but first option is very important because it is used by hackers. To open the different (social engineering attacks) type (1) and press (Enter) and all attacks will show as shown in the figure. We will discuss main attacks.
a) SPEAR PHISHING ATTACK:
It is the powerful social engineering attack in which we send a mail email to our target victim with a file having payload and as victim will open the payload file his/her computer will hack and hacker can take the complete access on the computer of victim. So, it is a dangerous attack.
To do this attack send mail function should be enable in SET to send email to victim. To do that go to folder (etc) and then (set). Here on the file (set.config) change the (SENDMAIL=OFF) into (SENDMAIL=ON).
Then open the SET and select (1), again select (1), again select (1), then select any attachment file as (1) for (zip or rar file). Then enter the IP address of your kali Linux as (192.168.8.4). Then select your payload as (1) for reverse shell. Then select your reverse port or you can leave it default. Then again select your payload as (1) for (windows meterpreter reverse TCP). Then select the (file extension) as (1) for (windows address post). Then enter the file name for attachment or you can leave it default. Then select the file type as (1) for (Rar file) or (2) for (Zip file). Then type (yes) and press (Enter). Then select (1) to do not change the file name. Then select (1) to send a single email message to single victim. Then select (1) to use default template or line massage on email like (email from google security) or other or you can use your own template by selecting (2). Best is to select (1) for default template. Then select your template name as (9) for (status report) then type the email address of your victim as (victim@gmail.com). Then select (2) to use your own server for email. Then enter any email
or your own address to send an email to your victim as (example@gmail.com). Then write the name of email sender as (Barber Jay) or any name. then type (yes) and press (Enter) for (High Place) on (inbox) of victim. Then type (no) and press (Enter) to not use the TLS support. Then email will send and as victim will open our email then our file and as will run our payload then (meterpreter) will open on our Kali Linux and we will take the full control of our victims computer. We can send (key loggers) or any virus. We can make changes in our victim’s computer or any device. So, it powerful and dangerous attack that can hack our victim’s machine easily. So, best of luck for spear phishing attack on wrong, fake and sexy websites.
b) WEBSITE ATTACK VECTOR:
It is also a very powerful attack that is mostly used to get the details of victim as his/her Facebook account details, G-mail details or any account details like username and passwords or emails etc. so it is similar to phishing attack but easy to do.
To do this attack open the SET and select (1) and select (2) for website attack vector. Then select (3) for (credentials harvester attack method). Then select (2) for (site cloner). Then type the IP address of your Kali Linux as (192.158.8.4). Then type the link of website you want to clone as (https://www.facepost.com/). Now as victim will type your IP address a (login) page of Facebook will open in the browser of victim. As victim will (Enter) his/her details in login page details will; capture in your Kali Linux that you can use for your own benefit. So in this way it is very powerful attack to hunt down the social media accounts as Facebook, twitter, LinkedIn etc.
c) INFECTION MEDIA GENERATOR:
It is very powerful attack of SET in which we hide a virus in any file, video or photo and send it to our victim by USB or email or WhatsApp etc and the computers or mobiles of one or more victims will hack and hacker can control them easily.
For this attack open (SET) and then select (1) and then (3). Then select (2) for (Standard Metasploit Executable). Then select (2) for (windows meterprete reverse TCP) for access of victim’s PC. Then type the IP address of your Kali Linux as (192.168.8.4). Then select your port as 4444. Then our payload will save in folder (root) in (.set) as the (payload.exe). Copy it and send it to your victim by USB or email etc. As he/she will run your payload his/her computer will hack and you can control it by (meterpreter shell). Type (yes) in SET and (meterpreter will start. Now you can control your victim’s PC and can do anything you want. So, best of luck for infection media generator attack by SET.
d)CREATE PAYLOAD AND LISTENER ATTACK:
It is also a powerful attack in which a payload is created and sent to victim by USB, email or message. As victim will run our payload his/her computer will hack and we can control it.
To do this attack select (1) in SET, then select (4) and then select your payload as (2) for (windows meterpreter reverse TCP). Then type the IP address of your Kali Linux as (192.168.8.4). Then select your port as (4444) for reverse connection. Then our payload will save in folder (root) in (.set)a s the name (payload.exe). Type (yes) in SET. Then copy your payload and send it to your victim by email, message or USB and as he/she will run it his/her Windows PC will hack and you can control it by (meterpreter shell).
e) MASS MAILER ATTACK:
It is one of the powerful attack of SET in which a mail is sent to multiple people to access their computers and you can find the details of some accounts like Facebook, twitter and other accounts you want but you cannot obtain a reverse shell. So, it is used for phishing attack by easy method. You can follow the instructions of SET or you can take help from YouTube for this attack. So, best of luck for mass mailer attack.
f) ARDUINO BASED ATTACK VECTOR:
It is also a very powerful attack in which we need a Arduino based USB and we prepare it for our victim. Now as victim will insert it in computer then all information about his/her computer or mobile will save in this USB in case of normal attack. You can also prepare USB to completely access the computer of your victim, and USB will set the PC of victim according to your programming in USB. So, it is a dangerous attack and you can take online help for this attack. So best of luck for this attack.
g SMS SPOOFING ATTACK VECTOR:
It is one of the most powerful attack of SET for mobile in which we can send SMS to our victim from any number not only from our number. We can send payload or phishing link with our message to victim. So it is best way to attack on mobile of victim. So in this way it is a dangerous attack to hack any mobile.
To do this attack open SET and select (1), then select (7). Then select (1) to (perform a SMS spoofing attack). Then select (1) to send (SMS to a single person). Then type the (phone number of your victim). Then select (1) to (set a template), select your template or (message title) as (2). Then select service for SMS as (1) for (sohos), other are paid services. Then SMS will send to your victim and as he/she will receive it with payload his/her mobile will hack and you can control it by (meterpreter shell). But you must insert your payload in your SMS to hack mobile. So, best of luck for SMS spoofing attack.
h WIRELESS ATTACK VECTOR:
It is one of the best attack to connect your victim to your network. In this we generate a free WiFi access point and as victim will try to go to any website he/she will redirect to hacker’s machine and hacker can perform any attack on victim’s PC or mobile having connection.
To do this attack open SET and select (1), then select (8) for this attack. Then select (1) to start SET wireless access point attack. Then select your interface as (wlan0). Now as victim will try to open any website in his/her browser after connecting to your WiFi access point he/she will redirect to hackers machine and hacker can hack computer of victim easily. So best of luck for this attack. So these were some basic attacks of SET but it has lot of attacks that you can perform on your victim’s machine. You can take more help from YouTube or online websites for SET.