Skip to main content

11. Social Engineering: Perform Social Engineering various techniques using Social-Engineer Toolkit (SET), Netcraft, OhPhish

Step 1: Introduction

In this practical, we will learn how to perform social engineering using various techniques and tools such as Social-Engineer Toolkit (SET), Netcraft, and OhPhish.

Step 2: Understanding Social Engineering

Social engineering is the art of manipulating people into performing actions or divulging confidential information. It involves exploiting human psychology and trust to gain unauthorized access to systems or sensitive data.

Step 3: Setting up the Environment

Before we begin, make sure you have the following:

  • Kali Linux machine (attacker machine)
  • Target system or network

Step 4: Using Social-Engineer Toolkit (SET)

  1. Open a terminal on your Kali Linux machine.
  2. Launch the Social-Engineer Toolkit (SET) by typing setoolkit in the terminal.
  3. Select the "Social-Engineering Attacks" option from the main menu.
  4. Choose the desired attack vector, such as "Website Attack Vectors" or "Payload Delivery".
  5. Follow the on-screen instructions to configure the attack parameters and customize the payload.
  6. Execute the attack and monitor the results.

Step 5: Using Netcraft

  1. Open a web browser on your Kali Linux machine.
  2. Visit the Netcraft website at https://www.netcraft.com/.
  3. Use the various tools and services provided by Netcraft to gather information about the target system or network.
  4. Analyze the collected data to identify potential vulnerabilities or weaknesses that can be exploited through social engineering.

Step 6: Using OhPhish

  1. Open a terminal on your Kali Linux machine.
  2. Install OhPhish using the following command: 
    git clone https://github.com/phishingeyes/ohphish.git
  3. Navigate to the OhPhish directory: 
    cd ohphish
  4. Run OhPhish by executing the following command: 
    python3 ohphish.py
  5. Follow the on-screen instructions to configure the phishing campaign, including the target email address, email template, and landing page.
  6. Launch the phishing campaign and monitor the incoming responses.

Step 7: Analyzing the Results

  1. After performing the social engineering attacks, analyze the results to assess the effectiveness of the techniques and tools used.
  2. Identify any vulnerabilities or weaknesses that were successfully exploited.
  3. Document the findings and propose countermeasures to mitigate the risks associated with social engineering attacks.

Step 8: Cleanup

...(about 10 lines omitted)...