Social Engineering : Common Social Engineering Tasks : E-mailing a Link to a Web Page that Serves an Exploit

E-mailing a Link to a Web Page that Serves an Exploit

If you want to set up a client-side attack, you can set up a web page that delivers a malicious payload when the human target visits it. A client-side exploit attacks vulnerabilities in client software, such as web browsers, e-mail applications, and media players.
In a client-side exploit, the human target must visit a malicious site in order for the exploit to run. Whereas in a traditional exploit, where the attacker initiates the connection, a client-side attack requires the victim to initiate the connection between their machine and an attacking machine.
The following sections explain how you can deliver a client-side exploit through a web page.
Task 1: Create a Campaign with a Web Page Component
1.)
From within a project, select Campaigns from the Tasks bar. The Manage Campaigns page appears.
2.)
Click the Configure a Campaign tab.
3.)
In the Name field, enter a descriptive name for the campaign. For example, a name like Java Applet Exploit helps you easily identify this campaign as one that serves a Java applet.
4.)
Select Custom Campaign as the set up option.
5.)
Click the Add e-mail, web page, or portable file button.
6.)
Click the Web page button.
Task 2: Configure the Web Page Component
1.)
When the Web Page Configuration window appears, enter the URL you want to use to serve the web page in the Path field.
2.)
Click the Attack type dropdown and choose Exploit.
3.)
When the Module Search window appears, it automatically displays all available client-side exploits. You can browse through the list to find one that you want to use or you can use the search field to find a specific exploit.
4.)
When you find the client-side exploit that you want to use, click on the module name. The Configure Module window appears and shows you the options that you can set for the exploit. The options vary between exploits, but some of the most common options you want to configure are the listener ports, payload type, and the connection type. After you configure the module settings, click OK to close the Configure Module window, and click Next to continue to the E-mail Content window.
5.)
When the E-mail Content window appears, enter the body for the e-mail. The e-mail body is the message that displays to the human target when they open the e-mail. The messaging that you use should be persuasive and convince the human target to click on the link.
6.)
Click the Next button to continue to the Web Page Content window.
7.)
When the Web Page Content window appears, you can leave the web page content blank. Since you are running an exploit, you do not necessarily need to create a spoofed web page.
8.)
Click the Save button to save the web page component.
Task 3: Setting Up a Web Server
1.)
From the Server Configurations area, click the Web Server button.
2.)
When the Web Server Configuration window appears, choose one of the following options:
This server’s IP address - Uses the IP address of the local machine.
This server’s host name - Uses the host name of the local machine.
Custom - Uses the domain name, if DNS is set up and is reachable by the Metasploit instance.
3.)
In the Listening Port field, enter the port that you want to use to run the web server. You should specify a port that is typically used for HTTP traffic, such as 80 or 8080.
4.)
Click Save to save the web server settings.
Task 4: Craft the E-mail
1.)
From the campaign configuration page, click the Add email, web page, portable file button.
2.)
Click the E-mail button.
3.)
When the Configure E-mail Settings window appears, enter a name for the e-mail component in the Component name field. This is the name that displays for the component on the campaign configuration page.
4.)
Subject - The subject that displays in the message header and the subject line.
From Address - The sender’s e-mail address.
From Name - The sender’s name.
5.)
Click the Choose a Target List dropdown and choose a target list for the e-mail. The target list should contain the e-mail addresses and names of the human targets that you want to exploit.
6.)
Click the Attack type dropdown and choose None.
7.)
After you configure the e-mail settings, click Next to continue to the E-mail Content window.
8.)
When the E-mail Content window appears, enter the body for the e-mail. The e-mail body is the message that displays to the human target when they open the e-mail.
9.)
When you are ready to add a link to the web page to the e-mail, click the Insert custom attribute dropdown menu and choose the Link to Web Page attribute.
10.)
When the Insert Campaign Link window appears, enter the text that you wish to display for the web page URL in the Text field.
11.)
Next, click the Web Page dropdown menu and choose the web page that you want to link to the display text. Click Insert to add the link to the e-mail.
12.)
Task 5: Set Up SMTP Settings
1.)
From the Server Configurations area, click the E-mail Server button.
2.)
When the Configure E-mail Server window appears, define the following fields:
Host - The fully qualified mail server address (e.g., mail.domain.com).
Port - The port that SMTP runs on. Typically, SMTP runs on port 25. If port 25 is blocked, try port 587.
Username - The user name that authenticates the mail server.
Password - The password that authenticates the mail server.
3.)
Click the Save button to apply the e-mail server settings.
Task 6: Preview the E-mail and Web Page
From the Manage Campaigns area, find the campaign that you just created and click the Preview link. The preview window appears and shows you what the generated e-mail and web page will look like.
When you are done with the preview, close the window to return to the Manage Campaigns area.
Task 7: Sending the E-mail
1.)
From the Manage Campaigns tab, find the campaign that you just created.
2.)
If the campaign state is Launchable, click the Start button.
3.)