Spear phishing attack vector in Setoolkit tutorial

 Hello guy's, Welcome to another article, In this article we are going to discuss about how use Spear phishing attack vector in setoolkit tool
setoolkit tutorial

What is Spear phishing attack vector?

Spear phishing attack vector is nothing but send targeted emails with malicious attachments

Requirements

Spear phishing attack

First you open your terminal then type this below command this command will help you to run setoolkit in your terminal.
sudo setoolkit
setoolkit tutorial
Now choose first option 1. Social-Engineering Attack
setoolkit tutorial
Once you choose social engineering attack vector you can see 10 module see this above picture now choose first option 1. Spear-Phishing Attack Vector
setoolkit tutorial
The Spearphishing module allows you to specially craft email messages and send them to a large (or small) number of people with attached fileformat malicious payloads. If you want to spoof your email address, be sure "Sendmail" is installed 
sudo apt-get install sendmail
setoolkit tutorial
 And change the config/set_config SENDMAIL=OFF flag to SENDMAIL=ON.
So type this below command on your terminal
sudo sendmailconfig
setoolkit tutorial
Once you install sendmail config then start it so type this below command in your terminal
sudo service apache2 restart
setoolkit tutorial
Once you complete above all thinks you choose first option 1. Perform a Mass Email Attack
setoolkit tutorial
Now you can see lot's of payloads you can choose which payload you want but I choose 1st payload. Once you choose payload It will ask IP address so type your local IP address or Ngrok IP address.
Once you type ip address it will ask which injection type you will choose so select which you want i choose 1st option.
setoolkit toturial
Now type port number and Select the payload you want to deliver via shellcode injection
setoolkit tutorial
The DLL Hijacker vulnerability will allow normal file extenstions to call local (or remote) .dll files that can then call your payload or executable. In this scenario it will compact the attack in a zip file
and when the user opens the file extension, will trigger the dll then ultimately our payload. During the time of this release, all of these file extensions were tested and appear to work and are not patched. This
will continiously be updated as time goes on.
Now Enter the choice of the file extension you want to attack
setoolkit tutorial
Now you set output file name and choose file format see this below image.
setoolkit tutorial
Now you choose email attack type mass or single
setoolkit tutorial
Once you choose email attack type now you choose email template
setoolkit tutorial
Now type you targeted victim email address to sent this payload
setoolkit tutorial
Once you type your victim email address this tool give two option to you if you have own server means choose 2nd option that's better or else choose 1st option use any fake email account but the email account have this following condition.
  • Email account should not enable two way factor authentication
  • Email account must be enabled less-secure-app
If you have above 2 condition this attack will work otherwise this hack not work.
setoolkit tutorial
Once you complete this above all process your payload was sent to your victim once your victim click your payload. You can access your victim device remotely.
setoolkit tutorial



from ErrorsFind https://ift.tt/3pdtcDX
via news
Previous
Next Post »

ConversionConversion EmoticonEmoticon

:)
:(
=(
^_^
:D
=D
=)D
|o|
@@,
;)
:-bd
:-d
:p
:ng