Download presentation
Presentation is loading. Please wait.
1
Web Application Penetration Testing ‘17
Social Engineering Web Application Penetration Testing ‘17
2
Social Engineering ..!! Social Engineering – Art of Human Exploitation
Highlights – Social Engineering Toolkit Spear Phishing Attacks Web Attacks Mass Attacks Multipronged Attacks
3
Social Engineering Toolkit
Open Source Python Based Tool. Pre-Installed in Kali Linux. Starting Social Engineering Toolkit (SET) – setoolkit
4
Spear Phishing Attacks
Starting SET, Many options will be displayed. Spear Phishing is one of the option which allows to attack via . Choose Spear Phishing Attack Vectors (Option -1) Following will be shown – Perform a Mass Attack Create a File Format Payload Create Social Engineering Template
5
SPA (ContD…) Select Option -1 i.e. Perform a mass e-mail attack.
Select Payload from the list. Select Payload for malicious File. Provide the IP of local Host i.e. Payload Listener. Set the name for your malicious file. Select from Single or Mass Attack. It will prompt to ask whether to use pre-defined or custom template. Select Pre-defined template from the list. Provide the target and start the listener. If deployed successfully, it will give msf seesion.
6
Web Attacks Start Social Engineering Toolkit.
Choose Credential Harvester Attack Method. This is used to create website & trick users to give up their credentials. There will be several options including – Web Templates Site Cloner Custom Import Select Option-1 i.e. Web Templates Provide IP Address of the website to store the credentials or simply of your Kali Machine. Select the Template . Browse to Kali Linux Server where the template is cloned.
7
Mass E-Mail Attacks Create a list of Emails in .txt format.
Open SET and choose option-5 i.e. Mass Mailer Attack. Choose Attack Mass Mailer. Provide the path of .txt file. Choose your own account for attack. Provide all the required fields. When message is finished, type END.
8
THANKS
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.