Wubi Posted August 13, 2012 Report Posted August 13, 2012 In one of our recent posts, you must have read about the Social-Engineer Toolkit being updated. This post is about a newer social engineering tool – phemail.py. As of now, this tool is not as advanced as SET is, but it was built to overcome the problem of SET payloads being flagged by antiviruses. Phemail.py is a short for Python Phishing EMAIL. It is an open source social engineering tool that helps you perform security reconnaissance. So, with SET you send a phishing email containing a malicious URL. This URL will then redirect the user to a webserver managed by Metasploit, launching several exploits in order to exploit the victim’s web browser, ultimately gaining a Meterpreter shell. The problem of this approach is that most of the time Meterpreter will be detected by antivirus software running on the victim’s machine. So exploitation is not going to be successfully completed. Moreover so far SET doesn’t have any option to prove who clicked on the phishing email without using Meterpreter. The main purpose of phemail.py is to detect who clicked on the phishing email without attempting to exploit the web browser but collecting as much information as possible. For this reason it will be 100% undetectable by any antivirus and it will obtain sufficient data to have an initial proof of concept for the client which you can later build upon to launch further attacks. Steps to use Phemail.py:Find corporate email addresses: Phemail has an option for harvesting corporate email addresses and save them to a file. Phemail.py leverages Google to search for LinkedIn specific corporate e-mail targets. Create a phishing email template: You get to create your own custom phishing templates. Do not forget to add the string “{0}” in each URL as the script will replace this string with the correct URL automatically. Host/upload a single PHP file: This file contains JavaScript code which attempts to collect web browser information and save it in a log file in /tmp directory. Run the php file as shown in the following example:# phemail.py -e test-emails.txt -f "Tax report " -r "Tax Report " -s "Important information about your tax" -b body.txt -w http://YOUR-WEBSITE.com All you then you need to wait and hoping for the victim to click on the phishing email, allowing you to gain some web browser information from the victim as below. When it comes to Python dependencies, the open source phemail.py requires pyDNS, BeautifulSoup in addition to smtplib, base64, os, sys, getopt, urllib2 and re. Download Phemail.py: Phemail.py version 0.6 – phemail.zipSursa:PenTestIT — Your source for Information Security Related information! Quote
