Evilblog

Cybercriminals have done a lot of damage to organization through Social Engineer Attack from FireEye to Cisco & recently Uber they all were hacked because of social engineering. This reminds me of my own internal pentesting in one of my organization which I did in 2021, I used social engineering technique to deliver and execute my payload. I was asked to check if I can gain access to any of our employee's computer using any method I can think of.  In this blog, I will simulate the same attack and will try to show how I gained initial access by using a social engineering technique.   Attack Phase 1: Information gathering As it was from internal network i decided to compromise one employee. Here the person is a network engineer. Before attacking the target i started the attack with information gathering. The first thing I started with checking all open port in my network range. To do this I used masscan, so i used command masscan -p445  192.168.7.1/24 --rate=1000           I foun