Usually, employees are unaware of the tricks and techniques of social engineering, which can be used as intermediaries to obtain valuable information, such as credit card information or corporate secrets.
The security of the entire organization can be compromised if an employee visits a malicious website, answers a social engineer phone call, or clicks on a malicious link received in their personal e-mail.mail.
In this guide. we will show you a method through which you can easily send one false email with one of the most popular tools called SET (Social Engineering Toolkit).
SET is a product of TrustedSec. SET is a Python-based suite of custom tools created by David Kennedy (ReL1K) and team of which consists of JR DePre (pr1me), Joey Furr (j0fer) and Thomas Werth.
SET is an attack system based on attack on human resources. With a variety of attacks available, this toolkit is absolutely essential for penetration testing.
SET comes pre-installed on Kali Linux. You can just run it through the line orders typing the command "setoolkit".
Once SET is opened, all available options will be displayed as shown in the screenshot below screen:
Select 1) Social-Engineering Attacks to get a list of possible attacks that can be executed.
You can choose the attacks you want to perform from one menu which appears as follows:
- 1 Spear-Phishing Attack Vectors
- 2 Website URL Attack Vectors
- 3 Infectious Media Generator
- 4 Create a Payload and Listener
- 5 Mass Mailer Attacks
- 6 Arduino-Based Attack Vector
- 7 Wireless Access Point Attack Vector
- 8 QRCode Generator Attack Vector
- 9 Powershell Attack Vectors
- 10 SMS Spoofing Attack Vectors
- 11 Third Party Modules
- 99 Return back to the main menu
We'll start with Mass Mailer Attack . Enter 5 to go to the next menu.
For this example in the list, we will take a look at the first option, E-Mail Attack Single Email Address .
Now you need to fill in all the following details as shown below:
- Send email to:
- From address:
- The FROM Name the user will see:
- Username for open-relay:
- Password for open-relay:
- SMTP email server address:
- Port number for the SMTP server:
- Flag this message / s as high priority ?:
- Do you want to attach a file:
- Do you want to attach an inline file:
- Email Subject:
- Send the message as html or plain:
- Enter the body of the message, type END when finished:
Here you need an open SMTP retransmission server, which you can easily get through smtp2go.com and creating a free account whose SMTP server address will be “mail.smtp2go.com"And the door will be"2525".
This is the result of the fake email we sent from info@iguru.gr via smtp2go.com of the open relay server.
In the SMTP2GO.com Application Control Panel, you can even manage all registrations and view all the information about fake emails sent from your account, as shown below: