Social Engineering : Common Social Engineering Tasks : Sending an E-mail with a Executable as an Attachment

Sending an E-mail with a Executable as an Attachment

A common method of social engineering is to send an e-mail message with a malicious executable file attached to it. The goal of this method is to convince the human target that the spoofed e-mail is from a trusted source and to get them to open and run the executable.
The executable delivers a reverse Meterpreter payload to the target’s machine and attempts to open a session from that machine to the attacking machine. If a session is successfully obtained, you will be able to interact with the target machine to do things like collect passwords, take screenshots, access file systems, and pivot to other machines on the network.
The following sections explain how you can deliver a malicious executable through an e-mail.
Task 1: Create an E-mail Campaign
1.)
From within a project, select Campaigns from the Tasks bar. The Manage Campaigns page appears.
2.)
Click the Configure a Campaign tab.
3.)
In the Name field, enter a descriptive name for the campaign. The name of the campaign should help you easily identify the campaign. For example, a name like E-mail Attachment Scam lets you know that the campaign is an e-mail campaign.
4.)
Select Custom Campaign as the set up option.
5.)
Click the Add e-mail, web page, or portable file button.
6.)
Click the E-mail button.
Task 2: Craft the E-mail and Attach an Executable
1.)
When the Configure E-mail Settings window appears, enter a name for the e-mail component in the Component name field. This is the name that displays for the component on the campaign configuration page.
2.)
Subject - The subject that displays in the message header and the subject line.
From Address - The sender’s e-mail address.
From Name - The sender’s name.
3.)
Click the Choose a Target List dropdown and choose a target list for the e-mail. The target list should contain the e-mail addresses and names of the human targets that you want to exploit.
4.)
Click the Attack type dropdown and choose Attach File.
5.)
6.)
Select the Zip attachment option if you want to add the executable to a zip file. Since some mail services block files prevent you from sending files with an .exe extension, you may want to use a zip file to increase the chances of the e-mail being successfully delivered.
7.)
Select .exe agent as the File generation type.
8.)
Click Next to continue to the E-mail Content window.
9.)
When the E-mail Content window appears, enter the body for the e-mail. The e-mail body is the message that displays to the human target when they open the e-mail. The messaging that you use should persuade the human target to download and open the attachment.
10.)
When you are done writing the e-mail, click the Save button to save the e-mail.
Task 3: Set Up SMTP Settings
1.)
From the Server Configurations area, click the E-mail Server button.
2.)
When the Configure E-mail Server window appears, define the following fields:
Host - The fully qualified mail server address (e.g., mail.domain.com).
Port - The port that SMTP runs on. Typically, SMTP runs on port 25. If port 25 is blocked, try port 587.
Username - The user name that authenticates the mail server.
Password - The password that authenticates the mail server.
3.)
Click the Save button to apply the e-mail server settings.
Task 4: Preview the E-mail
From the Manage Campaigns area, find the campaign that you just created and click the Preview link. The preview window appears and shows you what the generated e-mail will look like.
When you are done with the preview, close the window to return to the Manage Campaigns area.
Task 5: Sending the E-mail
1.)
From the Manage Campaigns tab, find the campaign that you just created.
2.)
If the campaign state is Launchable, click the Start button.
3.)
Immediately after you start the campaign, the Campaign Findings appears.
Task 6: Tracking Sessions and Collecting More Evidence
The Campaign Findings displays real-time statistics for the campaign. The information that you see depends on the on the type of campaign that is running. Since this is an e-mail campaign that delivers a payload, the Campaign Findings will show you the number of e-mails that were sent, the number of human targets that opened the e-mail, and the number of sessions that were opened.
You can click on any of the stat bubbles to view a detailed list of information related to that specific finding. For example, if you click on the # sessions were opened stat bubble, you will see a list of sessions that Metasploit Pro was able to obtain on exploited machines.
Click the Done button at any time to close the Findings window. You can always access the Campaign Findings again from the Manage Campaigns page.