Week 7 & 8 Lab – Social Engineering Attacks</o:p> Students </o:p> Student ID</o:p> Name</o:p> Notes</o:p> · This seminar is a continuation on from week 6 so please make...

1 answer below »

Week 7 & 8 Lab – Social Engineering Attacks

Students

Student ID

Name



Notes

· This seminar is a continuation on from week 6 so please make sure you have completed that before attempting this.

· You can perform this exercise in groups over your online meeting tool of choice or individually if you would prefer.

Background

One of the more common hacking techniques occurring today is through the use of social engineering, this includes spam emails, phishing and fake websites. After using the information, we gathered last week using The Harvester and other open source tools such as good. An attack could launch a phishing campaign against a company attempting to trick a user into entering credentials into a fake website.

Due to all websites’ code on the web being readable, it has become very easy to clone a website and there are some specialised tools to do so.

Activity 1: Clone a website to a phishing site

1. Open VirtualBox and boot up the virtual machine we setup last week and login

2. Open the applications menu (icon in the top left corner)

3. Open up the Social-Engineer Toolkit by searching for it

4. Agree to the terms (after reading them of course).

5. Choose option 1, Social-Engineering Attacks then choose number 2, Website Attack Vectors followed by number 3, Credential Harvester Attack Method.

6. You then want to select option 2, Site Cloner and you can now enter a website to clone.
You can select any website you’d like to clone, I suggest trying something simple first

This will clone the website you choose and then serve it at http:// XXXXXXXXXX. Go to that URL in the virtual machine and enter some information into a form (such as a login form) to see what it does. Do not enter real information here.

How could this attack method be used to phish unsuspecting victims?

Activity 2: Researching phishing template services

Now that we have a fake website, we can look at sending this out. To do this we would need a phishing email. There are multiple services/tools that can be used to do this.

Have a look at gophish and explain what services that it provides.

Activity 3: Clone a template website

In this exercise, you should clone a website from the list of templates. What website did you choose? What differences can you see between the official website and your cloned one?


Activity 4: Wifi Phishing

Look into the wifiphisher tool and explain how this tool works. How can this be used to phish individuals?

Activity 5: Detecting phishing attacks

After looking through the process for creating a phishing website and a phishing email campaign. Perform some research into different ways to detect these kinds of attacks and the best ways to prevent them. Write down your best recommendations individuals should follow for identifying and phishing attacks

Activity 6: Reporting Phishing

Perform some research into where individuals who detect a phishing attack can report these crimes to, what information is needed? How does this vary for a business?

Answered 1 days AfterApr 15, 2022

Solution

Amar Kumar answered on Apr 16 2022
12 Votes
Activity 1
Phishing is a notable practice where an individual is hoodwinked into signing in by a misleading site page that seems to be an existent site. The login certifications presented by the casualty on the aggressor's webserver are saved money on the programmer's site. The assailant acquires the client's login username and secret phrase as such. After then, the casualty is shipped off the first page to cause the earlier endeavor to seem, by all accounts, to be a regular fizzled login, keeping the casualty from becoming dubious and changing their secret phrase.
Utilizing an abuse device like SET to gather the login qualifications of casualties is a straightforward method for setting up your phishing site page. In Kali Linux, the SET (Social Engineering Toolkit) might be utilized to clone a cu
ent site and host it on your framework.
This part will tell you the best way to set up a phishing site for Facebook in a basic way.
The casualty is tricked by the phishing site and signs in.
Whenever the casualty presses the login button, the assailant acquires the login accreditations on his terminal screen.
At the point when the casualty presses the login button, the aggressor acquires the login accreditations on his terminal screen.
Activity 2
A phishing unit is a bunch of programming instruments that empower sending off a phishing assault simpler for somebody with practically no specialized information. Phishing is an internet based extortion in which the assailant conveys faked messages or instant messages that hope to come from a confided in source. The point is to convince the recipient to make a specific move that helps the assailant - typically, this involves persuading the casualty to tap on a malignant connection, open a contaminated connection, or support a monetary exchange.
Site building programming with an essential, low-code/no-code graphical UI is typically remembered for a phishing unit (GUI). This kind of crimeware pack generally incorporates email formats, pictures, and model contents for making persuading pantomimes regarding bona fide co
espondence. A few packs may also contain a
angements of email addresses, telephone numbers, and programming for computerizing the infection scattering process for an additional a charge.
Clients ought to abstain from tapping on joins in surprising co
espondences professing to be from a site with whom they have monetary relations, as per security specialists. Clients ought to go directly to the authority site and look for data there, or contact the site's client assistance office, on the off chance that they are muddled whether a message is credible.
Packs for Phishing as a Service (PaaS units)
Cloud-based phishing-as-a-administration packs are open on the dull web for just $50 each month, as per Cyren, a SaaS security seller. When phishing sites are facilitated on real open cloud administrations, crooks might use legitimate areas and SSL authentications to trick even the most prepared end client into accepting a phishing website page or email is bona fide.
Security blemishes that are generally utilized
The accompanying network protection assaults are frequently completed by means of phishing units:
Stick phishing is an email mocking assault that expects to acquire unapproved admittance to delicate data by focusing on a particular business or person.
Whaling is a kind of phishing attack that explicitly targets high-profile chiefs like the CEO or CFO.
SMiShing - a security assault in which a casualty is fooled into downloading a Trojan pony, infection, or other malware by getting an instant message.
Vishing is a sort of electronic misrepresentation that utilizations voice email, VoIP (voice over IP), a landline telephone, or a cell phone.
Activity 3
You may fundamentally clone a WordPress topic from a site in three distinct ways:
· One of these finders with a site topic.
· View the site's source code if you have any desire to copy it.
· To clone a WordPress topic from a site, utilize a WordPress module.
Subject Detectors for WordPress.
This is the most straightforward strategy for duplicating a WordPress topic from a site. Basically type the site's URL into the container, and the site identifier will let you know which WordPress topic it utilizes.
Here is a short assortment of WordPress Theme Detectors to kick you off:
· Topic Detector for WordPress.
· WP ought to be checked.
· What Is That WordPress Theme?
· WPdetector.com.
You might introduce a Chrome Extension to your program by clicking here. It permits you to peruse the web for subjects and decides not just which WordPress topic a site is utilizing, yet in addition which modules it is using. All of this should be possible while never leaving your program: Theme and Plugin Detector for WordPress.
The WordPress designer who planned that topic ought to accordingly seem when you Google the site subject.
A considerable lot of these WordPress topics are accessible on huge subject commercial centers.
A few subjects, then again, are planned by individual engineers or advancement firms. Regardless, all you need to do now is get in touch with them and buy the topic.
The most effective method to access and duplicate the source code for a WordPress site's subject.
It's somewhat more challenging to reproduce a WordPress subject from a site utilizing this...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here