Pwning a person using basic Red team techniques and social engineering Attack



This time I have decided not to phish the user’s password instead I will pwn his device. I will generate persistent spyware which will log target’s keystrokes, screenshots and webcam snapshots (if the user has a webcam)

STEP1: Gathering information

This step is about to gather information about my target, as my target does not has any computers
knowledge coming from arts medium (from his Facebook profile) it is easy to phish him, but first I am going to gather information about what OS is he using, what version of the operating system he is running. So to do this I created an IP tracer that will gather his user-agent info, his current location(if he gives access), what device is he using.


When he opens the link I got all the information I required to prepare my attack and saved everything on the log file. Below is a snapshot of his device details.

 

Now I know he is using windows 10 operating system so I can prepare my spyware keeping this
information in mind.

STEP2: Building the malware

As I said above I am going to prepare spyware. There are a lot of dependencies need to install for this so I will put only that information which is needed to complete this report.
There is a lot of ways to to make your own spyware but for this case, I am going to use an spyware written on java for a windows machine ( I will make separate post for this spyware and evading antivirus), why am I using this? the reason is I don't want a Metasploit listener to activate access or a front gun server this works independently and useful for pentesters. 

After installing dependency I ran it.




In the next step, it will ask for your Gmail login details which are needed for delivering the compromised data on your inbox. So I gave my temporary mail credentials.


Confirmed everything


The malware compiled and generated


Now I will generate md5 hash to check on virus total if there is any antivirus which is identifying this
malware so that I can modify to evade detection.


Great, I got no match (at that time of scan)



Giving access to less secure mail on my Gmail account ( not personal account) so that the malware can send me those compromised details.



STEP3: Delivering the malware

I am going to use the social engineering framework’s java applet attack. What this attack does is it will embed my binary link inside the HTML document which will generate popup on clicking automatically install the binary on the user system.

So I choose java applet attack





I used my own malware here


Select no in port forwarding and inserted my own IP address


Then I use the built-in set applet



Cloned Google because of fewer elements so that the target can easily notice the popup without much
distraction



Now the server has started


Again I used ngrok for tunneling


This how the page gonna look like, the popup above is generated by me when user will click my binary will be loaded ( my malware does nothing on executing but behind it will start the logging activity)



Now texted him by saying it’s a modified version of Google I made, but with animation. Below is the
chat. (I know this was a bad social engineering way to lure victim but this was enough for my current target as I know about him.) 




After little wait Now I can see that the person has visited on ngrok logs and setoolkit logs that he has
clicked on the popup and after some minutes I got mail



Here is the some compromised data which I got through the malware


Above the keystroke is in the body part and in the text file



Here is the screenshot which the malware captured on his PC
(Some messages and other things are hidden due to privacy reason)

This attack is old and something needed to update in case of using the above technique

The above attack was done with the person ( who is the victim here and also my friend) to demonstrate the threat. So always take permission from authority or from the person before doing such attack

Final Words

This was a basic attack, in an advanced attack the attacker has to bypass EDR, AV, IDS or IPS. Spoofing the email etc.

Comments

Popular posts from this blog

USB forensic : Find the history of every connected USB device on your computer

Crawling pastebin to find specific pastedump

Hack WinRAR password by using Brute force attack

Fileless malware Analysis with Cuckoo sandbox

Web application penetration testing: Tools and Techniques for web security auditing