Lets Go Phishing
by andy

Have you ever received one of those emails telling you to log into hotmail.com NOW
otherwise Microsoft will delete your account!

Ever followed the link and been presented with what looks to be the hotmail website?
Ever wonder how they do it and what happens when you enter your details!!!

Enter the world of Phishing! 

Phishing is what’s known in the security industry as Social Engineering, or human
hacking. The basic idea is to try and get someone to tell you something they
shouldn’t, like hotmail logon details!

While many years ago this was mostly done over the phone it’s now done via email.
The bad guy sends you an email that looks like it’s come from the company or website
in question. Contained within that email will be a link to a site that will help you
stop Microsoft from deleting your account.

The site is normally a clone of the original site and the only clue you might have
that this isn’t hotmail.com  is that the URL in the browser will be wrong.

If you enter your details and click the logon button most of the time it will do one
of two things, drop you back to the same fake site OR redirect you to the real
website.

What you are not seeing is that your logon details are being reported back to a
server and recorded by the bad guys for use later.

How is this all done I hear you ask! Well it’s quiet simple.

The Social Engineering Toolkit  

The Social Engineering Toolkit was created to help the good guys (white hat hackers)
and security folks to perform pentesting and educate users about not just clicking
on any old link.

The kit has been integrated in to Backtrack linux for ease of use. The following is
a quick example of how to use it to create a fake site and record user log on
details.

You will need Backtrack 5. I am not going to hold your hand while you download it
and set it up.

BIG FAT WARNING : Only do this in a test lab! DO NOT DO THIS ILLEGALY! 

Step One:

Open a terminal window and change directory to ‘/pentest/exploits/set’

Step Two :

Execute set by running ./set . You should see the following screen:



 Step Three:

We want to enter the ‘Social-Engineering Attacks’ section so type 1 and press enter.

Step 3:

We are going to use the ‘Website Attack Vector’ so enter 2 and press enter.


Step 4:

The screen will now change to display a heap of very useful info, I suggest that if
this is your first time that you read it. 


Step 5:

From this screen we want to use the ‘Credential Harvesting Attack Method’. As the
name suggests it allows us to collect people’s credentials. So select option 3 and
hit enter.

Step 6:

You can now choose between cloning a site, using a template or creating a custom
site for the attack. I suggest that for now you just use one of the templates, it
nice and easy and has a good success rate. Select 1 from the list.



Step 7:

As you can see you can pick from some of the biggest sites on the web! For the demo
we will use Gmail, it’s a nice simple interface and it clones well. Select 2 from
the list.


Step 8: 

Press enter when it asks and presto you should now have webserver running on your
local machine attached to port 80.



Step 9:

Open up your browser and point it at http://{yourip}:80 all going well you should
see what looks like the Gmail logon screen.

Now have a look at the terminal screen… you will notice that stuff has started to be
recorded, this is the browser asking for the website.

Test out what happens when you enter some FAKE details into the website and hit Sign
In… 


As you can see in my screenshot here the username returned was bob@gmail.com and the
password was thisismypassword

Bingo! We have a users logon details and now we can read Bob’s email!!!

Defence

The best way to defend against this is education and care! You need to be educated
that these attacks are happening! Keep your eyes open and be a little sus about
things sent to you. 

Take care not to just click on links in emails, even if you think it’s from someone
you know or a company you deal with.

If you get an email asking you to log into your email or online banking don’t follow
the link, type the URL of your online bank or email provider in….

Comments Off

Photo

January 18th

14:24
Uncategorized
May 2012
M T W T F S S
« Jan    
 123456
78910111213
14151617181920
21222324252627
28293031  

Recent posts