begood Posted March 3, 2010 Report Posted March 3, 2010 The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. Currently SET has two main methods of attack, one is utilizing Metasploit[1] payloads and Java-based attacks by setting up a malicious website that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering. SET was created by Rel1k for social-engineer.org.This video created by loganWHD demonstrates how to use the Social Engineers Toolkit to perform an email attack using a maliciously encoded PDF. The first step is actually dumpster diving and finding an internal email list of the company. Then he creates a malicious PDF file vulnerable to the util.printf security bug. Then loganWHD uses the SET to create a spoofed email about an important memo to check out the attached PDF for more details. Once the victim opens the attachment, the exploit gets executed and of couse ... GAME OVER! Nicely done!Thanks to loganWHD from Social-Engineer.org for submitting this video to ST! We would highly recommend visiting their site and to try out SET!Malicious Email Social Engineer Attack using Social Engineers Toolkit (SET) Tutorial Quote
neox Posted March 3, 2010 Report Posted March 3, 2010 mai multe videouri pe pagina oficialaSocial Engineering Tools, Videos and How-Tos Quote
