Project: Simulating Social Engineering Attacks using the

Social Engineering Toolkit (SET)

Introduction to Social Engineering Attacks:

1. Define Social Engineering and Its Role in Cybersecurity:

Social engineering is the art of manipulating people to divulge confidential information,

perform actions, or reveal sensitive data. It preys on human psychology, trust, and natural
tendencies to bypass technical security measures. In cybersecurity, social engineering is a
significant threat as attackers exploit human vulnerabilities rather than solely relying on
technical vulnerabilities.

2. Common Social Engineering Techniques and Objectives:

Phishing: Sending deceptive emails or messages impersonating legitimate entities to trick

recipients into revealing personal information, passwords, or financial details.
Pretexting: Creating a false pretext or scenario to gain the trust of a target and extract
information or access.
Baiting: Offering something enticing (e.g., free software, USB drives) that contains
malicious elements to lure victims into taking actions that compromise security.
Tailgating: Physically following or accompanying authorized personnel into restricted
areas by exploiting trust or lack of vigilance.
Impersonation: Posing as someone trusted (e.g., IT personnel, senior executives) to
manipulate targets into providing access or information.

3. Importance of Social Engineering Awareness and Testing for Organizations:

Security Awareness: Educating employees about social engineering tactics, warning

signs, and best practices reduces susceptibility to attacks.
Testing Defenses: Conducting social engineering tests helps organizations identify
weaknesses in security policies, procedures, and employee awareness.
Risk Mitigation: Implementing training programs, policies, and technical controls based
on social engineering test results strengthens overall cybersecurity posture.

Overview of the Social Engineering Toolkit (SET):

1. Introduce SET and Its Capabilities:

The Social Engineering Toolkit (SET) is a powerful open-source tool designed for penetration
testing and ethical hacking. It automates various social engineering attacks and provides
features for creating phishing campaigns, cloning websites, generating payloads, and more.
2. SET's Features:

Phishing Campaign Creation: Generate customized phishing email templates, payloads,

and delivery methods for targeted attacks.
Website Cloning: Replicate legitimate websites with malicious elements to trick users into
divulging information or downloading malware.
Payload Generation: Create malicious payloads (e.g., Trojans, keyloggers) to exploit
vulnerabilities and gain access to systems.
USB Drop Attacks: Prepare payloads for USB drives to be distributed strategically in
physical locations for social engineering purposes.
Reporting and Analysis: Monitor campaign metrics, capture interactions, and analyze
results to assess security vulnerabilities and risks.

Prerequisites:

1. Operating System: Use a compatible OS such as Kali Linux or set up Cygwin on Windows for
SET.

2. SET Installation: Download and install SET following official instructions for the chosen OS.

3. Network Setup: Ensure network connectivity for testing within a controlled environment
with proper permissions.

4. Legal and Ethical Considerations: Obtain authorization, consent, and adhere to legal and
ethical guidelines for conducting social engineering tests.

Project Steps:

1. Launching SET:

Open the terminal or command prompt and launch SET using the appropriate command
(setoolkit or setoolkit.exe).
Familiarize yourself with SET's menu structure, options, and available attack vectors.

2. Phishing Email Campaign:

Target Selection: Identify target email domains or specific addresses for the phishing
campaign.
Email Template Creation: Use SET to create convincing phishing email templates
resembling legitimate communications.
Payload Selection: Choose payloads (e.g., credential harvesters, Metasploit payloads) for
capturing data or gaining access.
Delivery Methods: Determine delivery methods (direct email, link sharing) and customize
campaign parameters.
Launch Campaign: Execute the phishing campaign and monitor responses, captured
credentials, and campaign success metrics within SET.
3. Malicious Website Creation:

Cloning: Clone target websites or design malicious pages using SET's cloning and
customization features.
Hosting: Host the malicious website on a local or online server accessible to targeted
users.
Phishing URL Generation: Generate phishing URLs pointing to the malicious pages.
Testing and Verification: Test phishing URLs, interactions, and payload executions in a
controlled environment.

4. USB Drop Attacks:

Payload Generation: Create payloads for USB drives using SET.

USB Preparation: Load USB drives with malicious payloads disguised as innocuous files.
Drop Locations: Identify strategic locations for placing USB drives to entice users.
Execution and Analysis: Monitor actions of users who plug in the USB drives, capture
data, and analyze results.

5. Reporting and Analysis:

Review SET logs, campaign metrics, captured credentials, and user interactions.
Assess the impact of simulated attacks on security awareness, technical defenses, and
organizational vulnerabilities.
Provide risk mitigation recommendations based on findings, including training, policy
enhancements, and technical controls.

Advanced Techniques and Considerations:

1. Evading Security Controls: Explore methods to bypass email filters, endpoint protection,
and other security measures during simulated attacks.

2. Custom Payload Development: Develop custom payloads using Metasploit or scripting

languages for specific objectives and scenarios.

3. Scenario Variations: Create and test diverse social engineering scenarios (e.g., CEO fraud,
software updates) to assess comprehensive security risks.

4. Legal and Ethical Best Practices: Ensure adherence to ethical guidelines, responsible
disclosure practices, and compliance with relevant laws and regulations throughout the
project.

Tools Available in Kali Linux for Social Engineering:

1. Social Engineering Toolkit (SET):

Purpose: SET is a powerful tool specifically designed for social engineering attacks.
 Features: Phishing email creation, website cloning, payload generation, USB drop
attacks, and more.
Usage: Used to simulate various social engineering scenarios and automate attack
vectors.
2. Metasploit Framework:
Purpose: A comprehensive penetration testing platform that includes tools for
exploiting vulnerabilities.
Features: Exploit development, payload generation, post-exploitation modules, and
session management.
Usage: Combined with SET for creating custom payloads, launching exploits, and
gaining access to target systems.
3. Wireshark:
Purpose: Network protocol analyzer for capturing and analyzing network traffic.
Features: Packet inspection, protocol analysis, network troubleshooting, and traffic
filtering.
Usage: Used in social engineering projects for monitoring network traffic, capturing
credentials, and analyzing communication patterns.
4. Maltego CE:
Purpose: Open-source intelligence (OSINT) and data visualization tool for mapping
relationships and entities.
Features: Information gathering, data correlation, entity linking, and graph-based
visualization.
Usage: Helps in gathering information about targets, identifying relationships, and
visualizing attack surfaces.
5. BeEF (Browser Exploitation Framework):
Purpose: Browser-based exploitation framework for targeting web browsers and
client-side vulnerabilities.
Features: Browser-based attacks, session hijacking, phishing, and client-side
exploitation.
Usage: Used to launch browser-based attacks, perform client-side exploits, and
manipulate web sessions.
6. Burp Suite Community Edition:
Purpose: Web application security testing tool for web vulnerability scanning and
exploitation.
Features: Web proxy, scanner, intruder, repeater, sequencer, and extensibility through
plugins.
Usage: Helps in identifying and exploiting web application vulnerabilities during social
engineering engagements.
7. John the Ripper:
Purpose: Password cracking tool for identifying weak passwords and performing
brute-force attacks.
Features: Password hash cracking, dictionary attacks, and custom rule-based attacks.
Usage: Used to crack captured password hashes, test password strength, and perform
credential attacks.
8. Hydra:
 Purpose: Network login cracker for performing brute-force attacks against various
network protocols.
Features: Supports multiple protocols (SSH, FTP, HTTP, etc.), parallel connections, and
customizable attack parameters.
Usage: Used for password cracking and brute-force attacks against network services
and login interfaces.
9. Nmap:
Purpose: Network discovery and vulnerability scanning tool for identifying open ports
and services.
Features: Host discovery, port scanning, service version detection, OS fingerprinting,
and scripting engine.
Usage: Used to map network topology, discover vulnerable services, and assess
network security posture.
10. Gobuster:
Purpose: Directory and file brute-forcing tool for web applications and servers.
Features: Directory traversal, file and directory enumeration, recursive scanning, and
custom wordlists.
Usage: Helps in identifying hidden directories, sensitive files, and potential entry
points on web servers.

1. Social Engineering Toolkit (SET):

1. setoolkit: Launch SET toolkit.

2. 1: Select Social-Engineering Attacks menu.
3. 2: Choose Website Attack Vectors for phishing campaigns.
4. 3: Select Credential Harvester Attack to capture login credentials.
5. 4: Choose Tabnabbing Attack to exploit tab switching in browsers.
6. 5: Use Java Applet Attack Method for delivering payloads.
7. 6: Set up the Web Templates Attack for cloning websites.
8. 7: Launch the Credential Harvester Attack.
9. 8: Create and send a Phishing Email.
10. 9: Use SMS Spoofing Attack Vector for text message spoofing.

2. Metasploit Framework:

1. msfconsole: Launch Metasploit console.

2. search [keyword]: Search for exploits, payloads, or modules.
3. use [module]: Select a specific exploit or payload module.
4. set [option]: Set options for the selected module (e.g., target IP, payload).
5. exploit: Execute the selected exploit against the target.
6. sessions: List active sessions after successful exploitation.
7. sysinfo: Gather system information from a compromised target.
8. meterpreter: Open a Meterpreter shell post-exploitation.
9. hashdump: Dump password hashes from a compromised system.
10. db_*: Various database-related commands (e.g., db_nmap, db_import) for managing scan
results and data.

3. Wireshark:

1. wireshark: Launch Wireshark GUI for packet analysis.

2. tshark: Command-line version of Wireshark for scripting and automation.
3. -i [interface]: Specify network interface for capturing packets.
4. -f [filter]: Apply display filters for specific protocols or traffic patterns.
5. -w [filename]: Write captured packets to a file for later analysis.
6. -r [filename]: Read and analyze packets from a saved capture file.
7. Statistics Menu: Explore various statistical tools (conversations, endpoints) in Wireshark.
8. Follow TCP Stream: Reassemble and view TCP stream for a specific conversation.
9. Capture Options: Configure capture settings, filters, and buffer size in Wireshark.
10. Decode As: Specify protocols for decoding traffic (e.g., HTTP, SSL) for better analysis.

4. Maltego CE:

1. maltego: Launch Maltego CE graphical interface.

2. New Graph: Create a new graph for entity mapping and analysis.
3. Transforms: Perform transforms for data gathering and visualization.
4. Entities Palette: Access entities (e.g., Person, Domain, Email Address) for mapping.
5. Search Entities: Search for specific entities within the Maltego interface.
6. Run Transform: Execute transforms to gather related information about entities.
7. Graphical View: Visualize entity relationships using nodes and edges in the graph view.
8. Export Graph: Export graphs and investigation results for reporting or analysis.
9. Layout Options: Customize graph layout for better visualization and analysis.
10. Entity Details: View detailed information and attributes of selected entities.

5. BeEF (Browser Exploitation Framework):

1. beef-xss: Start the BeEF server.

2. hook [URL]: Generate a hooking URL to initiate client-side attacks.
3. commands: List available BeEF commands and modules.
4. exploit [module]: Execute a specific browser-based exploit or attack module.
5. show: Display information about hooked browsers and active sessions.
6. logs: View BeEF server logs for client interactions and events.
7. autorun: Configure automated tasks or modules to run on hooked browsers.
8. extensions: Manage BeEF extensions for additional functionalities.
9. dashboard: Access the BeEF web interface for interactive management and monitoring.
10. exit: Stop the BeEF server and exit the framework.

6. Burp Suite Community Edition:

1. burpsuite: Launch Burp Suite Community Edition.

2. Proxy Tab: Configure and monitor proxy settings for intercepting traffic.
3. Target Tab: Define target scope for scanning and testing.
4. Spider: Automatically crawl and map web application content for testing.
5. Intruder: Perform automated attacks (e.g., brute force, fuzzing) on web forms and
parameters.
6. Scanner: Run active and passive vulnerability scans against web applications.
7. Repeater: Manually manipulate and replay HTTP requests for testing and analysis.
8. Decoder: Encode/decode data and analyze request/response transformations.
9. Comparer: Compare two requests or responses for detecting differences or
vulnerabilities.
10. Extender: Extend Burp Suite functionality with custom plugins and scripts.

7. John the Ripper:

1. john: Launch John the Ripper password cracking tool.

2. --wordlist=[file]: Specify a wordlist file for password cracking.
3. --format=[format]: Specify hash format (e.g., MD5, SHA-256) for cracking.
4. --rules: Apply rules for generating password variations during cracking.
5. --single: Crack a single password hash using the specified wordlist.
6. --show: Display cracked passwords from John's session.
7. --incremental: Perform incremental mode cracking based on defined rules.
8. --session=[name]: Start a named session to save and resume cracking progress.
9. --fork=[number]: Specify the number of parallel processes for faster cracking.
10. --pot=[file]: Specify a pot file to store cracked password hashes.

8. Hydra:

1. hydra: Launch Hydra password cracking tool.

2. -l [username]: Specify a username for password cracking.
3. -P [file]: Provide a password list file for dictionary-based attacks.
4. -t [threads]: Set the number of parallel threads for cracking.
5. -V: Enable verbose output to display detailed progress and results.
6. -f: Stop the cracking process once a valid credential pair is found.
7. -m [protocol]: Specify the protocol (e.g., FTP, SSH, HTTP) for cracking.
8. -s [port]: Specify a custom port for service communication.
9. -e ns: Skip services with no authentication (e.g., HTTP 401 responses).
10. -x [min:max:charset]: Perform brute-force attacks with custom character sets and length.

9. Nmap:

1. nmap [target]: Perform a basic port scan on the target system.

2. -sS: Perform a SYN scan for stealthy port scanning.
3. -sV: Enable version detection to determine service versions on open ports.
4. -A: Enable aggressive scanning, including OS detection and script scanning.
5. -p [ports]: Specify custom port ranges or individual ports for scanning.
6. -oN [filename]: Save scan results in normal format to a specified file.
7. -oX [filename]: Save scan results in XML format for further processing.
8. --script [script]: Run specific Nmap scripts for vulnerability detection and enumeration.
9. -T [0-5]: Set scan speed and timing options (0 being slowest, 5 being fastest).
10. -v: Enable verbose output for detailed scan progress and results.

10. Gobuster:

1. gobuster dir -u [URL] -w [wordlist]: Perform directory brute-forcing on a web server.

2. -x [extensions]: Specify file extensions to look for during directory enumeration.
3. -s [status codes]: Filter results based on HTTP status codes (e.g., 200, 403).
4. -e: Display all HTTP status codes in the output.
5. -t [threads]: Set the number of concurrent threads for faster scanning.
6. -l: Display length of the response for each discovered entry.
7. -k: Skip SSL certificate verification during HTTPS connections.
8. -q: Enable quiet mode, showing only results without extra information.
9. -r: Follow redirects and include redirected URLs in the scan results.
10. -o [filename]: Save scan results to a specified output file.