In the "Ethical Hacking - Phishing Email" lesson, I will harness the power of Kali Linux VM to delve into the world of social engineering through the Social Engineering Toolkit. This hands-on session will guide me in creating convincing phishing emails using legitimate email services. Moreover, I will gain valuable insights into IP address masking techniques and how to apply them effectively to enhance the authenticity and effectiveness of phishing emails. By the end of this lesson, I will be well-equipped to understand, identify, and defend against phishing attacks, a critical skill in the realm of cybersecurity.
Launching Social Engineer's Toolkit on Kali Linux VM
Open up Kali Linux on the Oracle VM Application
Click on the top left corner of the VM for application > Scroll down to 13. Social Engineering Tools > SET: social engineering toolkit (root)
Social Engineering Toolkit Navigation
3. Terminal will open:
- Type in your password and enter
- Type in: y and enter to accept the term of service
Cloning Facebook and Harvesting User Passwords
1. Select from menu 1) Social-Engineering Attacks
2. Select from menu 2) Website Attack Vectors
3. Select from menu 3) Credential Harvester Attack Method
4. Select from menu 2) Site cloner
5. Check if your Kali Linux can get a connection to the internet
- Using the ping command; ping www.google.com
6. Enter the URL to clone:
- Type in: www.facebook.com
7. Go on the Firefox Browser
- On the URL type in: localhost or 10.0.9.4
- The website will be a clone of Facebook login page
8. Enter the email and password
9. Terminal will capture the possible username and password
Terminal Username and Password
Using Website Template to Steal Username and Password
1. Select from menu 1) Social-Engineering Attacks
2. Select from menu 2) Website Attack Vectors
3. Select from menu 3) Credential Harvester Attack Method
4. Select from menu 1) Web Template
5. Check if the IP address is accessible to the internet
6. Select 3) Twitter
7. Go on the Firefox Browser
- On the URL type in: localhost or 10.0.9.4
- The website will be a clone of the Twitter login page
8. Enter the email and password
9. The terminal will capture the possible username and possible password
Terminal Username and Password
Using Legit Email to create a Phishing Email
1. For this example: I used my LinkedIn email but altered their names and titles
My Legit LinkedIn Email With Name Altered
2. I altered each of the hyperlinks to be my Setoolkit's site cloner link
- In this case my IP Address: http://10.0.9.4/
Altering the Hyperlink
3. I have altered all of the hyperlinks to http://10.0.9.4/ or the trap.
- Every red rectangle are clickable hyperlink that can be altered
All Alternated Hyperlink
4. The phishing email is ready to be sent
- Once the victim clicks on the link will take them to the cloned site of LinkedIn
Cloned Login page of LinkedIn
5. Once the victim enters their Email and Password, the Setoolkit will pick up the login credentials
- Login Credential Example:
- Email: Johnsmith@gmail.com
- Password: NotApassword
Setoolkit Hacked Login Credentials
IP Address Masking
We can hide our real URL with IP Address Masking
For Example: Google.com
- We can find out what IP Address is google and put its IP address on a Browser URL and it will go to Google
- Google.com; IP Address = 142.250.80.46
- Browser URL Type: 142.250.80.46
- We can also put another website in between "https://" and "@" and will also bring you to the website after @
- Browser URL Type: https://www.facebook.com@google.com will bring you to google.com
- We can combine both techniques above and will give the same result
- Browser URL Type: https://www.facebook.com@142.250.80.46 will bring you to google.com as well
- We can modify the IP address into a singular integer format to enhance obfuscation and deter detection by the victims
- We can use this website tool: [IP Address to Integer Converter](https://www.browserling.com/tools/ip-to-dec)
- Put in Google's IP Address in the website tool and convert it.
- 142.250.80.46 = 2398769198
- 2398769198 = (142 * 16777216) + (250 * 65536) + (80 * 256) + (46)
- Browser URL Type: https://www.facebook.com@2398769198
Using IP Address Masking to our Phishing Email:
- Convert 10.0.9.4 into an integer using [IP Address to Integer Converter](https://www.browserling.com/tools/ip-to-dec)
- 10.0.9.4 = 167774468
- Replace all the hyperlinks on the phishing email with:
- http://www.Facebook.com@167774468
- This will be harder to spot for individuals than just 10.0.9.4 on the hyperlink
Conclusion
In conclusion, the "Ethical Hacking - Phishing Email" lesson has armed me with valuable knowledge and hands-on skills in the realm of social engineering, utilizing the Social Engineering Toolkit within Kali Linux VM. This practical experience has empowered me to create persuasive phishing emails using legitimate email services while also providing a deeper understanding of IP address masking techniques to enhance the credibility of such phishing campaigns. As a result of this lesson, I am now well-prepared not only to comprehend and identify phishing attacks but also to mount an effective defense against them, underscoring the importance of this skill in the cybersecurity domain.
Additionally, I've learned some practical tips to enhance my personal cybersecurity:
- Always hover over clickable links to check for malicious intent.
- Prioritize websites that use HTTPS over HTTP for secure browsing.
- Bookmark frequently visited websites to avoid falling victim to domain squatters.
- Exercise caution when encountering urgent or too-good-to-be-true email content.
- Consider using tools like the Netcraft extension to identify malicious email and website links effectively.
Ethical Hacking 1
Description:
In the "Ethical Hacking - Phishing Email" lesson, I will harness the power of Kali Linux VM to delve into the world of social engineering through the Social Engineering Toolkit. This hands-on session will guide me in creating convincing phishing emails using legitimate email services. Moreover, I will gain valuable insights into IP address masking techniques and how to apply them effectively to enhance the authenticity and effectiveness of phishing emails. By the end of this lesson, I will be well-equipped to understand, identify, and defend against phishing attacks, a critical skill in the realm of cybersecurity.
Environment Used
Navigate to VM Network Configuration to set up the Networks
Kali Linux VM:
Tool Used: Setoolkit from Kali Linux
Launching Social Engineer's Toolkit on Kali Linux VM
Open up Kali Linux on the Oracle VM Application
Click on the top left corner of the VM for application > Scroll down to 13. Social Engineering Tools > SET: social engineering toolkit (root)
Social Engineering Toolkit Navigation
3. Terminal will open: - Type in your password and enter - Type in: y and enter to accept the term of service
Cloning Facebook and Harvesting User Passwords
1. Select from menu 1) Social-Engineering Attacks 2. Select from menu 2) Website Attack Vectors 3. Select from menu 3) Credential Harvester Attack Method 4. Select from menu 2) Site cloner 5. Check if your Kali Linux can get a connection to the internet - Using the ping command; ping www.google.com 6. Enter the URL to clone: - Type in: www.facebook.com 7. Go on the Firefox Browser - On the URL type in: localhost or 10.0.9.4 - The website will be a clone of Facebook login page 8. Enter the email and password 9. Terminal will capture the possible username and passwordTerminal Username and Password
Using Website Template to Steal Username and Password
1. Select from menu 1) Social-Engineering Attacks 2. Select from menu 2) Website Attack Vectors 3. Select from menu 3) Credential Harvester Attack Method 4. Select from menu 1) Web Template 5. Check if the IP address is accessible to the internet 6. Select 3) Twitter 7. Go on the Firefox Browser - On the URL type in: localhost or 10.0.9.4 - The website will be a clone of the Twitter login page 8. Enter the email and password 9. The terminal will capture the possible username and possible passwordTerminal Username and Password
Using Legit Email to create a Phishing Email
1. For this example: I used my LinkedIn email but altered their names and titlesMy Legit LinkedIn Email With Name Altered
2. I altered each of the hyperlinks to be my Setoolkit's site cloner link - In this case my IP Address: http://10.0.9.4/
Altering the Hyperlink
3. I have altered all of the hyperlinks to http://10.0.9.4/ or the trap. - Every red rectangle are clickable hyperlink that can be altered
All Alternated Hyperlink
4. The phishing email is ready to be sent - Once the victim clicks on the link will take them to the cloned site of LinkedIn
Cloned Login page of LinkedIn
5. Once the victim enters their Email and Password, the Setoolkit will pick up the login credentials - Login Credential Example: - Email: Johnsmith@gmail.com - Password: NotApassword
Setoolkit Hacked Login Credentials
IP Address Masking
We can hide our real URL with IP Address Masking For Example: Google.com - We can find out what IP Address is google and put its IP address on a Browser URL and it will go to Google - Google.com; IP Address = 142.250.80.46 - Browser URL Type: 142.250.80.46 - We can also put another website in between "https://" and "@" and will also bring you to the website after @ - Browser URL Type: https://www.facebook.com@google.com will bring you to google.com - We can combine both techniques above and will give the same result - Browser URL Type: https://www.facebook.com@142.250.80.46 will bring you to google.com as well - We can modify the IP address into a singular integer format to enhance obfuscation and deter detection by the victims - We can use this website tool: [IP Address to Integer Converter](https://www.browserling.com/tools/ip-to-dec) - Put in Google's IP Address in the website tool and convert it. - 142.250.80.46 = 2398769198 - 2398769198 = (142 * 16777216) + (250 * 65536) + (80 * 256) + (46) - Browser URL Type: https://www.facebook.com@2398769198 Using IP Address Masking to our Phishing Email: - Convert 10.0.9.4 into an integer using [IP Address to Integer Converter](https://www.browserling.com/tools/ip-to-dec) - 10.0.9.4 = 167774468 - Replace all the hyperlinks on the phishing email with: - http://www.Facebook.com@167774468 - This will be harder to spot for individuals than just 10.0.9.4 on the hyperlinkConclusion
In conclusion, the "Ethical Hacking - Phishing Email" lesson has armed me with valuable knowledge and hands-on skills in the realm of social engineering, utilizing the Social Engineering Toolkit within Kali Linux VM. This practical experience has empowered me to create persuasive phishing emails using legitimate email services while also providing a deeper understanding of IP address masking techniques to enhance the credibility of such phishing campaigns. As a result of this lesson, I am now well-prepared not only to comprehend and identify phishing attacks but also to mount an effective defense against them, underscoring the importance of this skill in the cybersecurity domain. Additionally, I've learned some practical tips to enhance my personal cybersecurity: - Always hover over clickable links to check for malicious intent. - Prioritize websites that use HTTPS over HTTP for secure browsing. - Bookmark frequently visited websites to avoid falling victim to domain squatters. - Exercise caution when encountering urgent or too-good-to-be-true email content. - Consider using tools like the Netcraft extension to identify malicious email and website links effectively.