E-mailing a File Format Exploit
Another way that you can test the human element during an penetration test is to send an e-mail with a file format exploit as an attachment. The goal is to use the e-mail to persuade the human target that the e-mail is authentic and that they should download the attachment.A file format exploit is an attack that takes advantage of a vulnerability in the way that an application processes data in a particular type of file format, such as PDF, DOC, or JPEG. A file format exploit can run when a human target opens a attachment that contains the exploit.For example, you can attach a malicious Word document that contains an exploit, like MS11-006, to an e-mail. If a human target downloads and views the file, and their system is vulnerable to the exploit, Metasploit Pro will be able to obtain a session on their system.The options that are available for each file format exploit will vary, so the following sections provide you with an overview of the steps that you need to configure an attack with a file format exploit. For more information on a particular exploit, visit the module configuration page for the exploit to read more about the settings.
1.)
2.) Click the Configure a Campaign tab.
3.) In the Name field, enter a descriptive name for the campaign. For example, a name like E-mail Malicious PDF helps you easily identify the campaign as an e-mail campaign that sends a PDF as an attachment.
4.) Select Custom Campaign as the set up option.
5.) Click the Add e-mail, web page, or portable file button.
6.) Click the E-mail button.
1.) When the Configure E-mail Settings window appears, enter a name for the e-mail component in the Component name field. This is the name that displays for the component on the campaign configuration page.
• Subject - The subject that displays in the message header and the subject line.
• From Address - The sender’s e-mail address.
• From Name - The sender’s name.
3.) Click the Choose a Target List dropdown and choose a target list for the e-mail. The target list should contain the e-mail addresses and names of the human targets that you want to exploit.
4.)
5.) When the attachment file options appear, enter a name for the file in the Attachment file name field. The file name must include the file extension. For example, if the file format you choose will generate a PDF, then the file name that you enter must include the .pdf extension.
6.)
7.) When the Module Search window appears, it automatically displays all available file format exploits. You can browse through the list to find one that you want to use or you can use the search field to find a specific exploit.
8.) When you find the file format exploit that you want to use, click on the module name. The Configure Module window appears and shows you the options that you can set for the exploit. The options vary between exploits, but some of the most common options you want to configure are the LPORT, payload type, and the connection type.
9.) After you configure the module settings, click OK to close the Configure Module window, and click Next to continue to the E-mail Content window.
10.) When the E-mail Content window appears, enter the body for the e-mail. The e-mail body is the message that displays to the human target when they open the e-mail. The messaging that you use should be persuasive and convince the human target to download and open the attachment.
11.) When you are done writing the e-mail, click the Save button to save the e-mail.
1.)
2.) When the Configure E-mail Server window appears, define the following fields:
• Host - The fully qualified mail server address (e.g., mail.domain.com).
• Port - The port that SMTP runs on. Typically, SMTP runs on port 25. If port 25 is blocked, try port 587.
• Username - The user name that authenticates the mail server.
• Password - The password that authenticates the mail server.
3.) Click the Save button to apply the e-mail server settings.From the Manage Campaigns area, find the campaign that you just created and click the Preview link. The preview window appears and shows you what the generated e-mail will look like.When you are done with the preview, close the window to return to the Manage Campaigns area.
1.) From the Manage Campaigns tab, find the campaign that you just created.
2.)
3.) A confirmation window appears and prompts you to confirm that you want to send the phishing e-mail. Click OK to start the campaign.
![]() |