Sending an E-mail with a Executable as an Attachment
A common method of social engineering is to send an e-mail message with a malicious executable file attached to it. The goal of this method is to convince the human target that the spoofed e-mail is from a trusted source and to get them to open and run the executable.The executable delivers a reverse Meterpreter payload to the target’s machine and attempts to open a session from that machine to the attacking machine. If a session is successfully obtained, you will be able to interact with the target machine to do things like collect passwords, take screenshots, access file systems, and pivot to other machines on the network.
1.)
2.) Click the Configure a Campaign tab.
3.) In the Name field, enter a descriptive name for the campaign. The name of the campaign should help you easily identify the campaign. For example, a name like E-mail Attachment Scam lets you know that the campaign is an e-mail campaign.
4.) Select Custom Campaign as the set up option.
5.) Click the Add e-mail, web page, or portable file button.
6.) Click the E-mail button.
1.) When the Configure E-mail Settings window appears, enter a name for the e-mail component in the Component name field. This is the name that displays for the component on the campaign configuration page.
• Subject - The subject that displays in the message header and the subject line.
• From Address - The sender’s e-mail address.
• From Name - The sender’s name.
3.) Click the Choose a Target List dropdown and choose a target list for the e-mail. The target list should contain the e-mail addresses and names of the human targets that you want to exploit.
4.)
5.) When the attachment file options appear, enter a name for the executable in the Attachment file name field.
6.) Select the Zip attachment option if you want to add the executable to a zip file. Since some mail services block files prevent you from sending files with an .exe extension, you may want to use a zip file to increase the chances of the e-mail being successfully delivered.
7.)
8.)
9.) When the E-mail Content window appears, enter the body for the e-mail. The e-mail body is the message that displays to the human target when they open the e-mail. The messaging that you use should persuade the human target to download and open the attachment.
10.) When you are done writing the e-mail, click the Save button to save the e-mail.
1.)
2.) When the Configure E-mail Server window appears, define the following fields:
• Host - The fully qualified mail server address (e.g., mail.domain.com).
• Port - The port that SMTP runs on. Typically, SMTP runs on port 25. If port 25 is blocked, try port 587.
• Username - The user name that authenticates the mail server.
• Password - The password that authenticates the mail server.
3.) Click the Save button to apply the e-mail server settings.From the Manage Campaigns area, find the campaign that you just created and click the Preview link. The preview window appears and shows you what the generated e-mail will look like.
1.) From the Manage Campaigns tab, find the campaign that you just created.
2.)
3.) A confirmation window appears and prompts you to confirm that you want to send the phishing e-mail. Click OK to start the campaign.Immediately after you start the campaign, the Campaign Findings appears.The Campaign Findings displays real-time statistics for the campaign. The information that you see depends on the on the type of campaign that is running. Since this is an e-mail campaign that delivers a payload, the Campaign Findings will show you the number of e-mails that were sent, the number of human targets that opened the e-mail, and the number of sessions that were opened.You can click on any of the stat bubbles to view a detailed list of information related to that specific finding. For example, if you click on the # sessions were opened stat bubble, you will see a list of sessions that Metasploit Pro was able to obtain on exploited machines.Click the Done button at any time to close the Findings window. You can always access the Campaign Findings again from the Manage Campaigns page.
![]() |