Further Research
PDF exploitation is an extensive topic and every aspect cannot be covered in this book. However,
the following links will help further your understanding of PDF vulnerabilities and exploitation
techniques.
Further Resources
http://blog.didierstevens.com/
http://www.sudosecure.net/
Attack Scenario 2: E-Mails Leading to Malicious Links
In this scenario, we will send the victim a malicious link, and when the victim clicks on it, we will
be able to perform various attacks. Here are some examples:
1. We can set up a fake log-in page of any particular website, for example, facebook.com, and
ask the victim to log in to the fake log-in page actually located at facebookfakepage.freehost.
com.
2. If we are on the same network as the victim, we can launch a DNS spoofing attack, where
we can replace the IP of facebook.com with that of our fake log-in page, and as soon as the
victim visits facebook.com, he would log in to our fake page instead.
3. We can also perform DNS spoofing, where instead of the fake log-in page we can redirect
the victim to our malicious webserver that would use relevant browser exploits to compro-
mise the victim’s browser.
214
◾
Ethical Hacking and Penetration Testing Guide
All of this can be easily done by using various modules in Social engineering toolkit. For the last
scenario, we will learn to attack over the Internet (WAN) instead of LAN. But for now, let’s talk
about another scenario where we will use the SET to set up a fake log-in page.
Credential Harvester Attack
Credential harvester is a very popular attack; it can be used to perform a phishing attack. In a
phishing attack, an attacker sets up a replica of a website, say, gmail.com, whenever the victim logs
in to it, the credentials will be saved. This can be done with the “Credential Harvester Attack” in
SET. Let’s see how to do it.
Step 1
—From the website attack vectors, select “Credential Harvester Attack.” Now you will
have three options: you can use predefined templates in SET, clone a site of your choice, or
import your own template, in case option 2 does not work for you. For the sake of simplicity,
I will choose the first option.
Step 2
—It will now ask you the “IP address” to which you want the credentials posted, which
in this case would be my local IP, since in this case I am attacking my LAN.
Step
3
—It will not show you the list of built-in templates. In this case, I want to use gmail.com.
As you can see from the screenshot, the credential harvester is up and running on the IP we
entered. We can perform a DNS spoofing attack by replacing gmail.com’s IP with our’s where
the credential harvester is running. We already learned about DNS spoofing in the “Network
Sniffing” chapter (Chapter 6).
Client Side Exploitation
◾
215
As soon as the victim navigates our IP address, where we have set up our credential harvester,
his credentials would be recorded and displayed to us.
Dostları ilə paylaş: |