Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Application Penetration Testing ‘17

Published byPatience York Modified over 7 years ago

Similar presentations

Presentation on theme: "Web Application Penetration Testing ‘17"— Presentation transcript:

1 Web Application Penetration Testing ‘17
Social Engineering Web Application Penetration Testing ‘17

2 Social Engineering ..!! Social Engineering – Art of Human Exploitation
Highlights – Social Engineering Toolkit Spear Phishing Attacks Web Attacks Mass Attacks Multipronged Attacks

3 Social Engineering Toolkit
Open Source Python Based Tool. Pre-Installed in Kali Linux. Starting Social Engineering Toolkit (SET) – setoolkit

4 Spear Phishing Attacks
Starting SET, Many options will be displayed. Spear Phishing is one of the option which allows to attack via . Choose Spear Phishing Attack Vectors (Option -1) Following will be shown – Perform a Mass Attack Create a File Format Payload Create Social Engineering Template

5 SPA (ContD…) Select Option -1 i.e. Perform a mass e-mail attack.
Select Payload from the list. Select Payload for malicious File. Provide the IP of local Host i.e. Payload Listener. Set the name for your malicious file. Select from Single or Mass Attack. It will prompt to ask whether to use pre-defined or custom template. Select Pre-defined template from the list. Provide the target and start the listener. If deployed successfully, it will give msf seesion.

6 Web Attacks Start Social Engineering Toolkit.
Choose Credential Harvester Attack Method. This is used to create website & trick users to give up their credentials. There will be several options including – Web Templates Site Cloner Custom Import Select Option-1 i.e. Web Templates Provide IP Address of the website to store the credentials or simply of your Kali Machine. Select the Template . Browse to Kali Linux Server where the template is cloned.

7 Mass E-Mail Attacks Create a list of Emails in .txt format.
Open SET and choose option-5 i.e. Mass Mailer Attack. Choose Attack Mass Mailer. Provide the path of .txt file. Choose your own account for attack. Provide all the required fields. When message is finished, type END.

8 THANKS

Download ppt "Web Application Penetration Testing ‘17"

Similar presentations

IMS Client Installation Procedures 1. Copy the Voicemail Pro from the shared folder on the Voicemail Pro server. Go to Start, Run, and \\ or \\

IMS Client Installation Procedures 1. Copy the Voic Pro from the shared folder on the Voic Pro server. Go to Start, Run, and \\ or \\
Lunker: The Advanced Phishing Framework

Lunker: The Advanced Phishing Framework
Presenter: Robbie Corley Organization: KCTCS

Presenter: Robbie Corley Organization: KCTCS
Steps to Recover Private Encryption Keys

Steps to Recover Private Encryption Keys
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
The Internet. Telnet Telnet means using your computer as a terminal. All commands you type are sent to the host computer you are connected to and executed.

The Internet. Telnet Telnet means using your computer as a terminal. All commands you type are sent to the host computer you are connected to and executed.
Phishing – Read Behind The Lines Veljko Pejović

Phishing – Read Behind The Lines Veljko Pejović
MIS 5212.001 Week 3 Site:

MIS Week 3 Site:
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
Social Engineering ToolKit Paris Descartes University 2011-2012 BELKHIR NACIM Supervized by Osman Salem.

Social Engineering ToolKit Paris Descartes University BELKHIR NACIM Supervized by Osman Salem.
Activating Pilot Account ( first time users ) Web-based Activation Browse to 1. Click on the link on the lower right that says.

Activating Pilot Account ( first time users ) Web-based Activation Browse to 1. Click on the link on the lower right that says.
Posting Job Orders Online Creating HTML files from Job Orders and uploading to FTP sites.

Posting Job Orders Online Creating HTML files from Job Orders and uploading to FTP sites.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Setting up Email in Outlook Express. Select “Tools” from the toolbar menu.

Setting up in Outlook Express. Select “Tools” from the toolbar menu.
Installing Ricoh Driver. Items you need to know IP address of Printer Options that are installed And Paper Sizes To get all this information you can print.

Installing Ricoh Driver. Items you need to know IP address of Printer Options that are installed And Paper Sizes To get all this information you can print.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.

Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.
Phishing and Intrusion Prevention Tod Beardsley, TippingPoint (a division of 3Com), 02/15/06 – IMP-201.

Phishing and Intrusion Prevention Tod Beardsley, TippingPoint (a division of 3Com), 02/15/06 – IMP-201.
Outlook E-mail Gini Courter and Annette Marquis TRIAD Consulting.

Outlook Gini Courter and Annette Marquis TRIAD Consulting.
First, open Microsoft Outlook How To Configure Microsoft Outllook For Your Webspace Account.

First, open Microsoft Outlook How To Configure Microsoft Outllook For Your Webspace Account.

Similar presentations

Ads by Google