Intro to Ethical Hacking

Slides:



Advertisements
Similar presentations
WebDT Content Manager 6.0 Pro
Advertisements

©2009 Justin C. Klein Keane PHP Code Auditing Session 3 – Tools of the Trade & Crafting Malicious Input Justin C. Klein Keane
WebGoat & WebScarab “What is computer security for $1000 Alex?”
For Removal Info: visit
XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
MIS Week 3 Site:
Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
Thick v Thin Access Points Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Microsoft ® Office SharePoint ® Server 2007 Training SharePoint calendars I: Make the most of your team calendar Bellwood-Antis School District presents:
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
Linux Operations and Administration
Branded Websites. Branded Website Training Click the “Edit Pencil” to edit the website Enter in your iBoomerang username and password.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
MIS Week 5 Site:
MIS Week 2 Site:
XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
Copyright 2000 eMation SECURITY - Controlling Data Access with
MIS Week 6 Site:
You Can Make A Wiki, Too A guide to creating a wiki of your own.
Kali Linx Attacks Jim Nasto. Window 8 Computer On my Windows 8 64 bit OS machine. I started using a Virtual Machine using Hyper V Manager and shared the.
MIS Week 6 Site:
Social Engineering Toolkit Computer Science Innovations, LLC.
XP Browser and Basics COM111 Introduction to Computer Applications.
Living Online Lesson 3 Using the Internet IC3 Basics Internet and Computing Core Certification Ambrose, Bergerud, Buscge, Morrison, Wells-Pusins.
CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.
MIS Week 5 Site:
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Easy Tutorial Quick Installation Guide Create your 1 st Playlist.
Virtual Machine and VirtualBox
Intro to Ethical Hacking
Penetration Testing Social Engineering Attack and Web-based Exploitation CIS 6395, Incident Response Technologies Fall.
2.2 Internet Basics.
Web Application Penetration Testing ‘17
SQA Incident Tracking System Overview
Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou
WEB APPLICATION TESTING
Backdoor Attacks.
Network Exploitation Tool
Advanced Penetration testing
Dynamic Web Page A dynamic web page is a kind of web page that has been prepared with fresh information (content and/or layout), for each individual viewing.
Adding a File to a Course
Intro to Ethical Hacking
Phishing is a form of social engineering that attempts to steal sensitive information.
ADVANCED PERSISTENT THREATS (APTs) - Simulation
T_C_N_L_G_ E D I D I E O Y O H I E B J I R E A A W.
Spoofing Basics Presentation developed by A.F.M Bakabillah Cyber Security and Networking Consultant MCSA: Messaging, MCSE RHCE ITIL CEH.
Bomgar Remote support software
Microsoft FrontPage 2003 Illustrated Complete
1. Press the Power button or switch to flip on the printer, if it is turn off. 2. From the Home display screen on the product control panel, click the.
GIS - NetmapWEB Training Slides
Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.
Spear Phishing Ways to Minimize its Risks
Advanced Penetration testing
Easy Tutorial Quick Installation Guide Create your 1st Playlist.
Intro to Ethical Hacking
Intro to Ethical Hacking
Advanced Penetration testing
A Distributed DoS in Action
HC Hyper-V Module GUI Portal VPS Templates Web Console
Backtrack Metasploit and SET
Intro to Ethical Hacking
Configuration Of A Pull Network.
Cyber Operation and Penetration Testing Social Engineering Attack and Web-based Exploitation Cliff Zou University of Central Florida.
Virtual Machine and VirtualBox
Cyber Operation and Penetration Testing Armitage: Metasploit GUI and Machine-Gun Style Attack Cliff Zou University of Central Florida.
Virtual Machine and VirtualBox
Virtual Machine and VirtualBox
Selenium IDE Installation and Use.
Advanced Penetration testing
How to install and manage exchange server 2010 OP Saklani.
Presentation transcript:

Intro to Ethical Hacking MIS 5212.001 Week 3

Tonight's Plan Social Engineering Toolkit SQL Injection Karmetasploit Building Modules in Metasploit Creating Exploits Next Week MIS 5212.001

Tips and Tricks A couple of issues brought up in previous classes. Some may have already figured these out, but just in case. Browser not connecting. Recall last semester we did some work with the intercepting proxy. You will need to change the Browser’s network settings to “No Proxy” when not running a proxy Screen size Kali defaults to 600x480 or 800x600 which gives a very small screen Go to System Tools -> Preferences -> System Settings and then select “Displays” and select a larger screen size. I was able to use 1680x1050 on my system. MIS 5212.001

Note on “Hands On” The tools covered (Kali, nmap, and Metasploit) along with what will be covered (WebGoat with Interception proxy) allow each student to work through all examples and many more in a safe environment within VMWare This gives you the best chance of getting comfortable with these tools To get the best value out of the material you need to “play” with them, try things, see what works and what doesn’t. MIS 5212.001

Social Engineer Toolkit Social Engineering Toolkit or SET was developed by the same group that built Metasploit SET provides a suite of tools specifically for performing social engineering attacks including: Spear Phishing Infectious Media And More It is pre-installed on Kali

Finding SET in Kali

Exploring SET Many feature of SET are turned off by default To activate desired feature you will need to manually edit the set_config file found under /usr/share/set/config To Launch: Kali Linux -> Exploitation Tools -> Social Engineering Toolkit -> setoolkit The first time you launch SET you will see this:

Updating SET To get the latest update of set, enter the following from a terminal in Kali: This removes all files and folder associated with SET and replaces them with a fresh copy. Executed correctly should give the following:

More on Updating You can also get “bleeding Edge” updates with the following Note: This may cause some instabilities and may force you to “Troubleshoot” some of the software. Hint: Take a snapshot first.

Initial Options If you have not edited the set_config file you will see the following options:

Drilling Down Under “Social-Engineering Attacks”

Drilling Down Under “Fast-Track Penetration Testing “

Drilling Down Under “Third Party Modules

Walk Through of Attack We will start back at the main menu for SET

Walk Through of Attack Select Option 1 for Spear-Phishing

Walk Through of Attack Select Option 1 for a Mass Email Attack

Walk Through of Attack Select Option 12 for PDF embedded EXE

Walk Through of Attack Select Option 2 for Built-in PDF

Walk Through of Attack Select Payload 1

Walk Through of Attack Add an IP Address to listen on

Walk Through of Attack Select a port (Defaults to 443)

Walk Through of Attack Select Option 1 to keep file name

Walk Through of Attack Select Option 1 for a single Email address

Walk Through of Attack Select Option 1 for a Pre-Defined template

Walk Through of Attack Select Option 1 for the first template

Walk Through of Attack Enter an Email Address (Mine)

Walk Through of Attack Select Option 2 for my own server

Walk Through of Attack Enter a “From” address

Walk Through of Attack Enter a Name

Walk Through of Attack Enter Mail server information (Consolidated)

Walk Through of Attack Launch Metasploit and setup listener

Walk Through of Attack Will look like this for a bit

Walk Through of Attack Eventually

Walk Through of Attack At this point, Metasploit is listening for the packet coming from your victim once the attempt to open the attachment

Other Choices You could clone a web site and set up your own copy hosting malicious attacks You could clone a web site and just harvest credentials from unsuspecting visitors You could use the mass e-mailer to “invite” victims to visit your freshly cloned site You could build a link that shows a legitimate url when the mouse hovers over the link, but replaces the page with yours once clicked MIS 5212.001

Fast-Track If you have the Metasploit book, you may see reference to a separate tool called Fast-Track Fast-Track was rolled in to SET under “Fast-Track Penetration Testing “ MIS 5212.001

Wrapping Up SET Be careful. You could easily escape the boundary of your test systems I covered this area so you would see what was available and how it interfaces to Metasploit MIS 5212.001

Karmetasploit The Basics Metasploit’s implementation of basic wireless attacks Require installation of a DHCP server Require update of Metasploit to include the Karma exploits – They are not installed in the default Once set up you can launch your own fake AP serving up a wireless connection that responds to any request to connect We will cover this in more detail in the last section of the course when we talk about wireless in detail MIS 5212.001

Next Week Building Modules in Metasploit Creating Exploits Porting Exploits Scripting Simulating Penetration Testing MIS 5212.001

Questions ? MIS 5212.001

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.