The term “ social engineering” can also mean an attem pt to gain access to inform ation, primarily through m isrepresentation, and trying to find software vulnerability, a social enginee
Trang 1Social Engineering
Module 09
Trang 2technical hacking techniques The term “ social engineering” can also mean an attem pt to gain access to inform ation, primarily through m isrepresentation, and
trying to find software vulnerability, a social engineer might call an employee and pose as an IT support person, trying to tiick the employee into divulging
Shane MacDougall, a hacker/security consultant, duped a W al-Mart employee
111 tins year's Capture the Flag social engineering contest at D eleon, champion Shane MacDougall used lying, a lucrative (albeit bogus) governm ent contract,
out o f Wal-Mart:
■ Its employee pay cycle
■ Its staff sliilt schedule
■ W here they usually go for lunch
■ Type o f PC used by the manager
■ Make and version num bers o f the com puter's operating system, and
to the extent o f coughing up so m uch scam-worthy treasure.
Calling from 111s sound-proofed booth at D eleon MacDougall placed an
“urgent” call, broadcast to the entire D eleon audience, to a Wal-Mart store
Trang 3The role-playing visher (visliing being phone-based phishing) told the manager that Wal-Mart was looking at the possibility o f winning a multimillion-dollar governm ent contract.
“D arnell'’ said that 111s job was to visit a few W al-M art stores that had been chosen as potential pilot locations.
But first, he told the store manager, he needed a thorough picture o f how the store operated.
111 the conversation, which lasted about 10 minutes, “Darnell” described him self as a newly lured manager o f governm ent logistics.
He also spoke offhand about the contract: “All I know is W al-M art can make a ton o f cash o ff it,” he said, then w ent on to talk about his upcom ing visit,
writes.
As if tins wasn't bad enough, M acD ougall/D arnell directed the manager to an
The compliant manager obliged, plugging the address into 111s browser.
W hen his com puter blocked the connection, M acDougall didn't miss a beat, telling the manager that he'd call the IT departm ent and get the site unlocked After ending the call, stepping out o f the booth and accepting 111s well-earned applause, MacDougall became the first Capture the Flag cham pion to capture
been held at Defcon D efcon gives contestants two weeks to research their targets Touchy inform ation such as social security num bers and credit card num bers are verboten, given that D efcon has no great desire to bring the law down on its head.
D efcon also keeps its nose clean by abstaining from recording the calls, which
is against Nevada law However, there's no law against broadcasting calls live to
an audience, which makes it legal for the D efcon audience to have listened as ]MacDougall pulled dow n Wal-Mart's pants.
MacDougall said, “Companies are way m ore aware about their security They’ve got firewalls, intrusion detection, log-in systems going into place, so it’s a lot
a bunch o f hackers now are going to the weakest link, and the link that companies just aren’t protecting, which is the people.” \
MacDougall also shared few best practices to be followed to avoid falling victim
to a social engineer:
w rong
systems, machines, passwords or email systems— they already know
E th ica l H a c k in g a n d C o u n term easu res Copyright © by EC-Council
C E H L ab M an u al P ag e 676
Trang 4■ Set up an internal com pany security w ord o f the day and d o n ’t give any inform ation to anyone who doesn’t know it
o f inform ation online, including through employees’ social media sites
best practices to be followed am ong the employees.
Lab Objectives
The objective o f this lab is to:
To earn* out tins lab, you need:
Lab Duration
Time: 20 Minutes
Overview Social Engineering
Social engineering is die art o f convincing people to reveal confidential information
Lab Tasks
Lab Analysis
your target’s security posture and exposure.
Trang 5Delecting Phishing Using Netcraft
Netrmftprovides n׳eb server and n׳eb hosting warket-share analysis, including n'eb server and operating system detection.
Lab Scenario
By now you are familiar with how social engineering is perform ed and w hat sort
ot inform ation can be gathered by a social engineer.
Phishing is an example o f a social engineering technique used to deceive users, and it exploits the poor usability o f current web security technologies.
Phishing is the act o f attem pting to acquire inform ation such as user names, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication Communications claiming to be from popular social websites, auction sites,
unsuspecting public Phishing emails may contain links to websites that are
instant messaging and it often directs users to enter details at a fake website whose look and feel is almost identical to the legitimate one.
Phishers are targeting the custom ers o f banks and online paym ent services They send messages to the bank custom ers by manipulating URLs and website forger\T The messages sent claim to be from a bank and they look legitimate; users, not realizing that it is a fake website, provide their personal inform ation and bank details N o t all phishing attacks require a fake website; messages that claim to be from a bank tell users to dial a phone num ber regarding problem s with their bank accounts O nce the phone num ber (owned by the plusher, and provided by a Voice over IP service) is dialed, it prom pts users to enter their account num bers and PIN Vishing (voice phishing) sometimes uses fake caller-
ID data to give the appearance that calls come from a trusted organization.
phishing using Netcraft.
ffi! Workbook revi!
E th ica l H a c k in g a n d C o u n term easu res Copyright © by EC-Council
C E H L ab M an u al P ag e 678
Trang 6T o c a rry o u t tin s lab y o u need:
■ N etcraft is lo c a te d at D:\CEH-Tools\CEHv 8 Module 09 S ocial Engineering\Anti-Phishing Toolbar\Netcraft Toolbar
■ Y o u ca n also d o w n lo a d th e la te s t v e rsio n o f N etcraft Toolbar f ro m th e lin k h t t p : / /to o l b a r n e tc r a l t.c o m /
■ I f y o u d e c id e to d o w n lo a d th e la te s t version , th e n s c re e n s h o ts sh o w n
111 th e lab m ig h t d iffe r
■ A c o m p u te r ru n n in g W in d o w s S erv er 2012
■ A w e b b ro w s e r (F irefo x , I n te r n e t e x p lo re r, etc.) w ith I n te r n e t access
■ A d m in is tra tiv e p rivileges to r u n th e N e tc r a lt to o lb a r
Lab Duration
Tim e: 10 M inutes
O verview of N etcraft Toolbar
N e tc ra ft T o o lb a r provides Internet security services, including an ti-fraud an d anti-phishing services, application testing, co d e reviews, a u to m ated p en e tratio n testing, an d research data and analysis o n m a n y aspects o f th e In tern et
Trang 7FIG U R E 1.1: Windows Server 2012-Start Menu
3 C lick th e Mozilla Firefox a p p to la u n c h th e b ro w ser
FIG U R E 1.2: Windows Server 2012-Start Menu Apps view
4 T o d o w n lo a d th e N etcraft Toolbar fo r Mozilla Firefox, e n te r
h t t p : / / to o lb a r.n e tc ra ft.c o m in th e a d d re ss b a r o f th e b ro w s e r o r d ra g
a n d d r o p th e netcraft_toolbar-1.7-fx.xpi file in F ire fo x
5 111 tin s lab, w e are d o w n lo a d in g th e to o lb a r Iro m th e In te rn e t
6 111 F ire fo x b ro w s e r, click Download th e N etcraft Toolbar to in stall as
Why u tt tn• Noicratt Toolbar?
U Protect your tavinQf Irom I'hMhtnq attack*,
a s«« the hoittnq tot at) or 1 and Ukfc Matatq 01 «י
FIGU RE 1.3: Netcraft toolbar downloading Page
N etcraft provides
Internet security services,
including anti-fraud and
anti-phishing services.
E th ica l H a c k in g a n d C o u n te n n ea su re s Copyright © by EC-Council
C E H L ab M an u al P ag e 680
Trang 87 O n th e Install p ag e o f th e N e tc r a f t T o o lb a r site, click th e Firefox
im age to c o n tin u e w ith in stallatio n
1
-־-Hctcraft Teotbir D o w n lo a d N o w
N*te«H Antl-PN«hl0<׳ Todhtr
Systam Kaquirtrranti
>r>a*pl«tfc#rre (AMnn/HMnji) r=rs a
FIG U R E 1.5: Netcraft toolbar Installation-Allow button
9 W h e n th e Softw are Installation d ia lo g b o x ap p e a rs, click Install Now.
Software Installation Install add-ons only from authors whom you trust.
Malicious software can damage your computer or violate your privacy
You have asked to install the following item:
Netcraft Anti-Phishing Toolbar (Netcraft Ltd)
http://releases.mozilla.org/pub/mozilla.org/addons/1326/netcraft_toolbar-1.5-fx.xpi
Install N o w Cancel
FIG U R E 1.6: Installing Netcraft Toolbar
10 T o c o m p le te th e in sta lla tio n it w ill ask y o u to re s ta rt th e b ro w s e r C lick
R estart Now.
Internet services company
based in Bath, England.
£ Q Netcraft Toolbar
provides a wealth o f
inform ation about the sites
you visit.
Trang 9■ A• <o not afrcnttf K
Help & Support
• l*1gUHn ImlnilMiu f 1׳ lr « m * ■■•I UJ4 InilaMu• *Mr
י Ao jlec h1v« jMlaclKMx/ iito ijit tf you • i t «0 with* non <ut019י• M M toabJt
• o«t 1 Oimmh'it >n<v M «n1w4r«d n air MtUhMOir (juMOtm
FIG U R E 1.7: Restarting Firefox browser
11 N etcraft Toolbar is n o w visible O n c e th e Toolbar is in stalled , it lo o k s sim ilar to th e fo llo w in g figure
p * ם
-J
1
\U >«rw • t font Hill•
FIG U R E 1.8: Netcraft Toolbar on Mozilla Firefox web browser
12 W h e n y o u v isit a site, th e fo llo w in g in fo rm a tio n displays 111 th e T o o lb a r (unless th e p a g e h as b e e n b lo c k ed ): Risk rating, Rank, a n d Flag.
13 C lick S ite Report to sh o w th e r e p o r t o f th e site
FIG U R E 1.9: Report generated by N etcraft Toolbar
14 I f y o u a tte m p t to visit a p a g e th a t h a s b e e n id e n tifie d as a p liish in g p ag e
by N e tc r a f t T o o lb a r y o u w ill see a warning dialog th a t lo o k s sim ilar to
th e o n e in th e fo llo w in g figure
15 T y p e, as a n exam ple:
h ttp : / / w w w pavpal.ca.6551 se c u re 7 c m x / im ag es / cgi.bin
l Risk Rating displays die
trustworthiness o f die current
0=5! Site report links to :
detailed report for die
E th ica l H a c k in g a n d C o u n term easu res Copyright © by EC-Council
C E H L ab M an u al P ag e 682
Trang 10FIG U R E 1.10: Warning dialog for blocked site
16 I f y o u tr u s t th a t p ag e click Y es to o p e n it a n d i f y o u d o n ’t, click No (R ecom m ended) to b lo c k th a t page
17 I f y o u click No th e fo llo w in g p a g e w ill b e displayed
£ 0 Phishing a site feeds
0011011x1011517 updated
encrypted database o f
patterns diat match phishing
URLs reported by the
Netcraft Toolbar.
c Coofb fi ft C
-PhKMng S*o Hlockcxl !■!•!!ר!■
Trang 112 D e te rm in e it y o u ca n m ak e th e N e tc r a f t T o o lb a r c o e x ist o n th e sam e line as o th e r to o lb a rs I f so , h o w ?
3 H o w c a n y o u s to p th e T o o lb a r w a rn in g if a site is tru ste d ?
Trang 12P h is h in g is an a tte m p t b y a n in d iv id u al 01־ g ro u p to solicit p e rs o n a l in fo rm a tio n
f ro m u n s u s p e c tin g u se rs by e m p lo y in g social e n g in e e rin g te c h n iq u e s P h is h in g
em ails are c ra fte d to a p p e a r as i f th e y h a v e b e e n s e n t fro m a leg itim ate
o rg a n iz a tio n 01־ k n o w n in d iv id u al T h e s e em ails o f te n a tte m p t to en tic e u se rs to click 011 a lin k th a t will take th e u se r to a fra u d u le n t w e b site th a t a p p e a rs leg itim ate H i e u s e r th e n m a y b e ask e d to p ro v id e p e rs o n a l in f o rm a tio n su c h as
p h is h in g b e in g u s e d to ca rry o u t fin an cial tra u d s P h isliin g in v o lv e s fra u d u le n tly
a c q u irin g se n sitiv e in f o rm a tio n (e.g p a s sw o rd s, c re d it c a rd d etails etc.) b y
m a sq u e ra d in g as a m a ste d entity
111 th e p re v io u s lab y o u h av e already seen h o w a p h ish in g site ca n b e d e te c te d
u sin g th e N e tc r a f t tool
T h e u su a l sc e n a rio is th a t th e v ic tim rec eiv e s a n em ail th a t a p p e a rs to h a v e b e e n
s e n t f ro m 111s b an k T h e e m ail u rg es th e v ic tim to click 011 th e lin k 111 th e em ail
W h e n th e v ic tim d o e s so, h e is ta k e n to “ a se cu re p ag e 011 th e b a n k ’s w e b s ite ”
T h e v ic tim b elieves th e w e b p ag e to b e a u th e n tic a n d h e e n te rs 111s u se r n a m e ,
p a s s w o rd , a n d o th e r in fo rm a tio n 111 reality, th e w e b s ite is a fake a n d th e
v ic tim ’s in f o rm a tio n is sto le n a n d m isu sed
B ein g a n a d m in is tra to r 01־ p e n e tr a tio n te ste r, y o u m ig h t im p le m e n t all th e m o s t
so p h is tic a te d a n d e x p e n siv e te c h n o lo g y so lu tio n s 111 th e w o rld ; all o l it ca n be
b y p a sse d i f y o u r e m p lo y e e s fall fo r sim p le social e n g in e e rin g scam s I t b e c o m e
Trang 13y o u r re sp o n sib ility to e d u c a te em p lo y ee s 011 b e s t p ra c tic e s f o r p ro te c tin g
in fo rm a tio n
P h is h in g sites 01־ em ails ca n b e re p o r te d to p lu sl11n g - re p o rt@ u s - c e rt.g o v
h ttp : / / w w w u s -c e rt.g o v / 11a v / r e p o r t p h 1sh 111g h tm l
U S -C E R T (U n ite d S tates C o m p u te r E m e rg e n c y R e ad in ess T ea m ) is c o llec tin g
p h is h in g em ail m e ssag e s a n d w e b site lo c a tio n s so th a t th e y ca n h e lp p e o p le
£ Q PhishTank URL: P h ish T a n k is a free community site w h e re anyone can subm it, verify, track, an d
h t t p / / www.phishtank.com s!1are phishing data P h ish T a n k is a collaborative clearing h o u se fo r data and
in fo rm atio n regarding p h ish in g 011 th e In tern et A lso, P h ish T a n k p rovides an open API to r developers an d researchers to integrate anti-phishing data in to their applications at 110 charge
Trang 14$
23 Windows Server 2012
Wndowa icrrct 2012 IUIe.m C«>vl!uatr D*t*cn»
b<alMlon copy Hu!a MW׳
- g • *fa FIG U R E 2.1: Windows Server 2012-Start Menu
3 C lick th e Mozilla Firefox a p p to la u n c h th e b ro w ser
FIG U R E 2.2: Windows Server 2012-Start Menu Apps view
Recert Subrissbrs
1S7:£S1 rtnJ «r»n rmjmagei/<atvj
^*®:/VrstM.axVsy lgliia rtc usemncs.aebfu.ictscmnsraurAxroim
m.cvn’PM/iMlct.Kni
£ 0 1 PlushTank provides an
open API for developers and
researchers to integrate anti-
phishing data into dieir
applications at no charge.
FIG U R E 2.3: Welcome screen o f PhishTank