Description: <div style="text-align: justify;">In this video, loganWHD from Social-Engineer.org demonstrates how to conduct a Client side attack using a combination of Metasploit and Social Engineering. The idea is to first gain the trust of the victim, by sending him an email coming from a source he trusts. In order to do this, we first go dumpster diving and find the name and email addresses of the company's support team. Then loganWHD proceeds to create a malicious PDF using the Metasploit framework and then sends it as an attachment to the victim in a spoofed email. He then patiently waits on the Meterpreter prompt for a reverse connect to him :) The victim opens the email, and being "aware" of malicious attachments, proceeds to scan the file with the AV on his machine. The AV is unable to detect any viruses and malware, so the victim confidently opens the file, which triggers the exploit and subsequently the payload executes, and connects back to the Meterpreter waiting on loganWHD's computer. Logan then proceeds to migrates the shell to another process, before the victim can kill the PDF viewer process, which looks as if it has hung. Once the migration is done, loganWHDÂ activates the keylogger and grabs the victim's keystrokes and uncovers the username / password of the victim. GAME OVER! :) <br><br>As firewalls and IDSs are becoming more and more sophisticated, the easiest entry point for hackers into a company's network are it's employees. This is why in recent times, we have seen a huge spike in Client side attacks. This video goes to show how gullible employees can put their company's secrets at risk! <br><br>Social-Engineer.org recently released the SET framework for conducting social engineering attacks in a more structured and systematic way. I would highly recommend downloading the kit from their site and trying it out. It's already a part of my arsenal :) <br><br>Thanks go out to loganWHD from Social-Engineer.com for posting this video on SecurityTube! <br><br><br></div><br><style type="text/css"> body { background: #FFF; } </style>
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.