Sunday, July 11, 2010

Demo-ing the power of SET (Social Engineering Toolkit) framework

Social Engineering Toolkit Demo **part 1** ....

This demo will show you how you can easily gain user credentials (username and passwords) from popular social websites, in our example today, www.gmail.com

The steps involved as outlined in my video are simple to follow

1. launch SET framework and make the necessary selections for th etype of attack that you're tryna accomplish

2. Goto the victim machine and browse to the attackers IP (or more realistically, you can force a user to come to you when they attempt to goto gmail.com themselves with a combination of arp poisoning and dns spoofing)

3. On attackers machine analyze results and see what information was obtained


Social Engineering Toolkit Demo (Credential Harvester) from aerokid240 on Vimeo.


Social Engineering Toolkit Demo **part 2** ....

This demo will show you how you can combine the use of self signed java applets and payloads to gain remote access of a system.

Note: User must accept or run the java applet in order for this to work which 98% of users do anyways.


Social Engineering Toolkit (java applet) from aerokid240 on Vimeo.


Resources/Good Reading:
http://www.secmaniac.com/
http://www.offensive-security.com/metasploit-unleashed/Social-Engineering-Toolkit