EvilZone
Hacking and Security => Hacking and Security => Topic started by: l0n3r on January 29, 2014, 07:47:00 PM
-
This article just came about about 3 days ago, talking about Microsoft getting breached, supposedly via a spear phishing campaign, compromising the email accounts and social media accounts of Microsoft employees.
Article: http://securityaffairs.co/wordpress/21622/cyber-crime/spear-phishing-against-microsoft.html
My questions is regarding modern day phishing techniques. From my understanding, two/four years ago it was totally possible to do the standard:
1) copy web page
2) write credential grabbing php
3) upload to free web host
4) craft email
5) breach (capture credentials)
This sounds vague but I hope you guys get the point. The old ways of making phishing email is what im referring to, I think there is a post somewhere on here regarding what I was talking about.
But in 2013-2014, that isnt gonna fly obviously. Your more than likely to land a nice spot in the spam or junk box. My questions is what are some modern techniques in crafting these emails that are working these days?
Ive been reading that people would compromise a website/server, redirect victim to compromised server, and feed drive-by attacks to passerbys. And then there are stored xss (fairly rare now) breaches and CSRF attacks,etc. But without sounding to eager, but what are the BH tactics. As a penetration tester, I need to replicate and simulate a BH attack in ways. And phishing emails are crucial in attacks, but not dated attacks. My job currently audit website security. But I wanna expand to replicating APT attacks and leveraging user ignorance on my engagements. Just alot of the public info is dated....
-
I believe kali has a suite for it, but the name escapes me
-
I believe kali has a suite for it, but the name escapes me
SET (Social Engineering Toolkit). Never used it though.
-
SET (Social Engineering Toolkit). Never used it though.
That be the one. I experimented if for a little while.
https://www.trustedsec.com/downloads/social-engineer-toolkit/
tut on using SET phishing:
http://www.lokisec.com/?p=366
-
Ah thanks guys! I'm familiar with it, but for sure I will look deeper into the kit. thanks again
-
SET is a great tool, copy a login page on the fly in conjunction with DNS spoofing, you dont need to send any email, just wait for them to type the url.
-
dead/boring forum.
-
dead/boring forum.
This forum is rather like an interactive library. There' new content, questions, discussions, etc. Most importantly, as you probably noticed, the irrelevant stuff gets thrown out.
-
still boring/dead.. they ignore pples questions and request to help on tutorials.. i believe other hacking forums are better.. i miss devilzone.net hope they'll come back soon or create a new site.. this forum is dead!!!!
-
still boring/dead.. they ignore pples questions and request to help on tutorials.. i believe other hacking forums are better.. i miss devilzone.net hope they'll come back soon or create a new site.. this forum is dead!!!!
Just get the fuck out if you want spoonfeeding, wrong board kid.
-
still boring/dead.. they ignore pples questions and request to help on tutorials.. i believe other hacking forums are better.. i miss devilzone.net hope they'll come back soon or create a new site.. this forum is dead!!!!
Think he is claiming he knew the old EZ. If you have been around that long dude then you most notably should have had your knowledge base flowing. But if you are still at the level of asking for tutorials and probably hack this site for me, then you are no better than the complete NOOB i am.
I suggest you tuck your tail between your legs and run to your master or settle in, flow with the wave and you will discover the secret chamber of secrets. I am trying to do just that.
-
still boring/dead.. they ignore pples questions and request to help on tutorials.. i believe other hacking forums are better.. i miss devilzone.net hope they'll come back soon or create a new site.. this forum is dead!!!!
Haha mister
where do i buy a botnet and tutorials on how to use it for newbie??
What do you mean with dead? Ez has really valuable info.. If you wanna be a botmaster go on TF if you want people to spoonfeed you go on HF..
Cheers 8)
SET is a great tool, copy a login page on the fly in conjunction with DNS spoofing, you dont need to send any email, just wait for them to type the url.
How do you spoof the dns on someone else's lan?
-
Haha mister
What do you mean with dead? Ez has really valuable info.. If you wanna be a botmaster go on TF if you want people to spoonfeed you go on HF..
Cheers 8)
How do you spoof the dns on someone else's lan?
Its not just spoofing, basically its a race between the true DNS server on the network and you, whoever comes first.
Otherwise you would have to gain a mitm position in one way or another, plenty options there.
-
But don't you have to be on their network somehow?? I can't imagine how you would do it otherwise :P
-
But don't you have to be on their network somehow?? I can't imagine how you would do it otherwise :P
Makes it a hell of a lot easier.
But one could still somehow effect his dns configuration, viral or by weak passwords of modems and that kinda stuff, than alter the DNS config and point it to your own DNS server.
-
The whole idea behind Social Engineering is exploiting the person, not the tech. Get on the phone and call them. Pretend like your someone else, make them believe you. Do stuff to the person. You know how many times I've called in for shit with bills and all, and got at least a $10 credit on my account? I've even saved my self write-ups at work by posing as a higher-up. Put bosses in their place, then get an extra day off.
The best SE I've ever done was send someone a link [lulz my link] and tell them something like "lulz you look like a slut in this picture" or something. They click it from being mad and BAM they are mine. Abet, I was angry and it was a bad thing I did. But, when I call my "serves providers", they give me what I want.
The trick is, learn what your talking about. Be forgoing and after something. Get what your after then end it. You need to know people though. Know what makes them nervous or angry or spark some kind of emotion then exploit it. People are easy, learn to lie and lie well. And here is a small secret, you need to believe what your saying is true, you are a guy with three kids that needs his water clean, or Mr. Durden from corporate that's not happy with sales and would like your password to review your work more closely.
Social Engineering is exploiting the Person.
-
FU CK YOU ALL AND FU CK THE ADMIN!!!!
Lol, u mad bro?
-
OP, I haven't really noticed any new methods in phishing myself. The old ways seem to still work fine.
I actually saw on tv this morning that a phishing attempt went out to get people to download malware by ripping off a funeral home site. I think it's safe to say that as long as the tried and true methods work, we will still see them.
-
i'm not f ucking mad.but you'll are nothing without helping showing people what they don't fucking understand when it comes to hack world
-
i'm not f ucking mad.but you'll are nothing without helping showing people what they don't fucking understand when it comes to hack world
Lol. You seriously made an account just for that?
-
i'm not f ucking mad.but you'll are nothing without helping showing people what they don't fucking understand when it comes to hack world
Tits or gtfo kid.
-
i'm not f ucking mad.but you'll are nothing without helping showing people what they don't fucking understand when it comes to hack world
It sounds like your mad bro.
-
like i said you all are fucking crazy.. to hell with ya'll..... fu ck this forum! i wont stop speaking my mind :D
-
like i said you all are fucking crazy.. to hell with ya'll..... fu ck this forum! i wont stop speaking my mind :D
(http://i.imgur.com/ELp9dQr.gif)
-
Thread closed.
Reason: Off topic.