Social Engineering : Common Social Engineering Tasks : E-mailing a File Format Exploit

E-mailing a File Format Exploit

Another way that you can test the human element during an penetration test is to send an e-mail with a file format exploit as an attachment. The goal is to use the e-mail to persuade the human target that the e-mail is authentic and that they should download the attachment.
A file format exploit is an attack that takes advantage of a vulnerability in the way that an application processes data in a particular type of file format, such as PDF, DOC, or JPEG. A file format exploit can run when a human target opens a attachment that contains the exploit.
For example, you can attach a malicious Word document that contains an exploit, like MS11-006, to an e-mail. If a human target downloads and views the file, and their system is vulnerable to the exploit, Metasploit Pro will be able to obtain a session on their system.
The options that are available for each file format exploit will vary, so the following sections provide you with an overview of the steps that you need to configure an attack with a file format exploit. For more information on a particular exploit, visit the module configuration page for the exploit to read more about the settings.
The following sections explain how you can deliver a file format exploit through an e-mail.
Task 1: Create a Campaign with an E-mail Component
1.)
From within a project, select Campaigns from the Tasks bar. The Manage Campaigns page appears.
2.)
Click the Configure a Campaign tab.
3.)
In the Name field, enter a descriptive name for the campaign. For example, a name like E-mail Malicious PDF helps you easily identify the campaign as an e-mail campaign that sends a PDF as an attachment.
4.)
Select Custom Campaign as the set up option.
5.)
Click the Add e-mail, web page, or portable file button.
6.)
Click the E-mail button.
Task 2: Craft the E-mail and Attach a File Format Exploit
1.)
When the Configure E-mail Settings window appears, enter a name for the e-mail component in the Component name field. This is the name that displays for the component on the campaign configuration page.
2.)
Subject - The subject that displays in the message header and the subject line.
From Address - The sender’s e-mail address.
From Name - The sender’s name.
3.)
Click the Choose a Target List dropdown and choose a target list for the e-mail. The target list should contain the e-mail addresses and names of the human targets that you want to exploit.
4.)
Click the Attack type dropdown and choose Attach File.
5.)
When the attachment file options appear, enter a name for the file in the Attachment file name field. The file name must include the file extension. For example, if the file format you choose will generate a PDF, then the file name that you enter must include the .pdf extension.
6.)
Select File format exploit as the File generation type.
7.)
When the Module Search window appears, it automatically displays all available file format exploits. You can browse through the list to find one that you want to use or you can use the search field to find a specific exploit.
8.)
When you find the file format exploit that you want to use, click on the module name. The Configure Module window appears and shows you the options that you can set for the exploit. The options vary between exploits, but some of the most common options you want to configure are the LPORT, payload type, and the connection type.
9.)
After you configure the module settings, click OK to close the Configure Module window, and click Next to continue to the E-mail Content window.
10.)
When the E-mail Content window appears, enter the body for the e-mail. The e-mail body is the message that displays to the human target when they open the e-mail. The messaging that you use should be persuasive and convince the human target to download and open the attachment.
11.)
When you are done writing the e-mail, click the Save button to save the e-mail.
Task 3: Set Up SMTP Settings
1.)
From the Server Configurations area, click the E-mail Server button.
2.)
When the Configure E-mail Server window appears, define the following fields:
Host - The fully qualified mail server address (e.g., mail.domain.com).
Port - The port that SMTP runs on. Typically, SMTP runs on port 25. If port 25 is blocked, try port 587.
Username - The user name that authenticates the mail server.
Password - The password that authenticates the mail server.
3.)
Click the Save button to apply the e-mail server settings.
Task 4: Preview the E-mail
From the Manage Campaigns area, find the campaign that you just created and click the Preview link. The preview window appears and shows you what the generated e-mail will look like.
When you are done with the preview, close the window to return to the Manage Campaigns area.
Task 5: Sending the E-mail
1.)
From the Manage Campaigns tab, find the campaign that you just created.
2.)
If the campaign state is Launchable, click the Start button.
3.)