Spear phishing attack vector in Setoolkit tutorial

 Hello guy's, Welcome to another article, In this article we are going to discuss about how use Spear phishing attack vector in setoolkit tool

What is Spear phishing attack vector?

Spear phishing attack vector is nothing but send targeted emails with malicious attachments

Requirements

Termux or Linux How to install setoolkit in termux

Spear phishing attack

First you open your terminal then type this below command this command will help you to run setoolkit in your terminal.

sudo setoolkit

Now choose first option 1. Social-Engineering Attack

Once you choose social engineering attack vector you can see 10 module see this above picture now choose first option 1. Spear-Phishing Attack Vector

The Spearphishing module allows you to specially craft email messages and send them to a large (or small) number of people with attached fileformat malicious payloads. If you want to spoof your email address, be sure "Sendmail" is installed 

sudo apt-get install sendmail

 And change the config/set_config SENDMAIL=OFF flag to SENDMAIL=ON.

So type this below command on your terminal

sudo sendmailconfig

Once you install sendmail config then start it so type this below command in your terminal

sudo service apache2 restart

Once you complete above all thinks you choose first option 1. Perform a Mass Email Attack

Now you can see lot's of payloads you can choose which payload you want but I choose 1st payload. Once you choose payload It will ask IP address so type your local IP address or Ngrok IP address.

Once you type ip address it will ask which injection type you will choose so select which you want i choose 1st option.

Now type port number and Select the payload you want to deliver via shellcode injection

The DLL Hijacker vulnerability will allow normal file extenstions to call local (or remote) .dll files that can then call your payload or executable. In this scenario it will compact the attack in a zip file
and when the user opens the file extension, will trigger the dll then ultimately our payload. During the time of this release, all of these file extensions were tested and appear to work and are not patched. This
will continiously be updated as time goes on.

Now Enter the choice of the file extension you want to attack

Now you set output file name and choose file format see this below image.

Now you choose email attack type mass or single

Once you choose email attack type now you choose email template

Now type you targeted victim email address to sent this payload

Once you type your victim email address this tool give two option to you if you have own server means choose 2nd option that's better or else choose 1st option use any fake email account but the email account have this following condition.

• Email account should not enable two way factor authentication
• Email account must be enabled less-secure-app

If you have above 2 condition this attack will work otherwise this hack not work.

Once you complete this above all process your payload was sent to your victim once your victim click your payload. You can access your victim device remotely.

from ErrorsFind https://ift.tt/3pdtcDX
via news

• Tweet
• Share
• Share
• Share
• Share

About Admin MC3

This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.

Related Post

• Termux shell with jarvis wellcome voice and beutiful interface for hackers Hello guy's welcome to another article in this article i'm going to show you how to install a
• How to find gmail sender location with simple steps Hello guy's, Welcome to another article, In this article we are going to discuss about how to
• Fast SSH Scan and BruteForcer for most common credentials. Hello guy's welcome to another article in this article we are going to discuss about fast ssh
• Metasploit Browser Exploit Method - Setoolkit Tutorial Hello guy's, Welcome to another article, In this article we are going to discuss about Metasp