Top
Search n00bz.net
  • South Florida Security Resources
    • HackMiami.org
      HackMiami is made up of information security professionals, hardware engineers, network administrators, students, and those who simply enjoy technology.
    • South Florida ISSA
      The Information Systems Security Association is, "the pre-eminent trusted global information security community".
  • PenTest Solutions
    • Rapid7 Metasploit Express
      Metasploit Express is an affordable, easy-to-use penetration testing solution that provides full network penetration testing capabilities, backed by the world’s largest, fully tested and integrated public database of exploits.
    • Core Impact PRO
      Core Impact is designed to evaluate the whole of the security in an office ecosystem. It allows the user to probe for and exploit security vulnerabilities in computer networks, endpoints and web applications.
« #MoSH Day 5 | Main | DLL Hijacking with Metasploit Express »
Wednesday
Sep152010

Social Engineering using Metasploit Express

DateWednesday, September 15, 2010 at 2:37PM

In honor of the release of the findings from Defcon 18 Social Engineering CTF ‐ "How Strong Is Your Schmooze” as well as the weekly update from Metasploit Express I will walk through a Social Engineering attack using Metasploit Express.

Step 1: Under Modules, pick your exploit.  I am using the Adobe CoolType SING exploit.  (We don't want to leave out Windows Vista and Windows 7.)


Step 2:  Leave every option as the default and launch the attack.

Step 3:  We could just have our target browse to the web address however we are going to use a different attack vector.  Go and Find a USB drive and load up FireFox with NoScript enabled.  Browse to the target URL and save the PDF.  NoScript will stop it from executing on your machine.

Step 4: Rename the file something sneaky.  I chose HR.pdf.  Copy this to your thumb drive.

Step 5: Take your USB Drive and drop it off somewhere.

Step 6: Wait for the finder of the USB drive to open and click the evil HR.pdf.  Gotcha!  Time to give Mr. X a lesson on Social Engineering and how we don't use thumb drives we find in the bathroom.

 

Authorn00bz Network | Comment2 Comments | Reference7 References |
tagged , in

References (7)

References allow you to track sources for this article, as well as articles that were written in response to this article.
  • Response
    Response: Hi
    by Hi at Hi on May 30, 2013
    Hi
  • Response
    Response: Cheap Panthers Jerseys
    at Cheap Panthers Jerseys on October 17, 2013
    NFL is definitely a single of the largest sports in America. It has a main following.
  • Response
    Response: Ugg Bailey Button Boots 5803
    at Ugg Bailey Button Boots 5803 on October 31, 2013
    UGG Boots get extremely effectively known for becoming the makers of high excellent footwear
  • Response
    Response: system provides
    at system provides on May 20, 2014
    Social Engineering using Metasploit Express - Blog - n00bz Network
  • Response
    Response: marketing dissertation help
    by lfasoe at lafseo on July 2, 2014
    Social engineering in the connection of data security, alludes to mental control of individuals into performing movements or disclosing secret data. A kind of certainty trap with the end goal of data social occasion, misrepresentation.
  • Response
    Response: xovilichter feuerwerk
    at xovilichter feuerwerk on July 20, 2014
    Social Engineering using Metasploit Express - Blog - n00bz Network
  • Response
    Response: summarizing and paraphrasing powerpoint
    by Brody at Brody on August 1, 2014
    Pretty clear instructions, I like how everything is painted in detail here! All the same, people who work with proxy servers very much!

Reader Comments (2)

I have been really glad after reading this blog as the knowledge which has been given via this blog is simply tremendous. I would congratulate and appreciate the blogger for doing this much hard work.

January 7, 2011 | Unregistered CommenterAffordable Computers

Thanks

May 30, 2013 | Unregistered Commenterhi

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Notify me of follow-up comments via email.