Page 5 of 7
- Email And Websites
- In person and on the phone
- Social-Engineer Toolkit
Social engineering is a con game relying on influence, social skills, and human interaction, with a goal of obtaining information about an organization or computer systems. The Social-Engineering Toolkit is open source tool aimed at penetration testing using social engineering. You can download the toolkit or use it within Kali Linux. By using social engineering skills, we can get the victim to click on a link, open a file or go to a malicious website so they can install malware such as a rootkit, spyware, or a keystroke logger.
The Social-Engineering Toolkit provides the tools to build the bait. However, to complete the attack, you'll want to use Metasploit and create the exploit. What's really great is the Social-Engineering Toolkit has an ability to launch an attack that is in one of three main categories, phishing and spear phishing attacks, generating malicious files such as PDFs, Office documents, and executables.
Or create a malicious website, probably one that you've cloned from a legitimate site. Kali Linux has the tools built right in, so you can effectively clone an entire website. Now we'll take you to a couple of websites before we get started. And I'm going to give you a high-level overview of the Social-Engineering Toolkit. Here I've gone to, TrustedSec.com and you can see the Social-Engineering Toolkit is easily downloaded.
All you need to do is type the following command in Linux. And once you type that in Linux, it will install it. However, we're going to use Kali Linux and it will already be built in. Another thing is, I'll talk about phishing and spear phishing attacks. One of things you'll need to have is a number of email addresses I'm at this website here where you can see the Chrome webstore is an email address generator. I've clicked on this and this is actually something that we can add to Chrome, which I have.
And here's the extension I've added. I'll just go into email address generator. So I'm going to need to generate some email addresses. So we need a suffix, we'll put Jasper, at, we'll put one of our fictitious companies, Kinetecoinc dot com, and then generate. You can use any other tool that you like, but as I said, you'll need to have some emails to generate them and create a generated file in order for you to launch an effective attack.