Search n00bz.net
« #MoSH Day 5 | Main | DLL Hijacking with Metasploit Express »
Wednesday
Sep152010

Social Engineering using Metasploit Express

In honor of the release of the findings from Defcon 18 Social Engineering CTF ‐ "How Strong Is Your Schmooze” as well as the weekly update from Metasploit Express I will walk through a Social Engineering attack using Metasploit Express.

Step 1: Under Modules, pick your exploit.  I am using the Adobe CoolType SING exploit.  (We don't want to leave out Windows Vista and Windows 7.)


Step 2:  Leave every option as the default and launch the attack.

Step 3:  We could just have our target browse to the web address however we are going to use a different attack vector.  Go and Find a USB drive and load up FireFox with NoScript enabled.  Browse to the target URL and save the PDF.  NoScript will stop it from executing on your machine.

Step 4: Rename the file something sneaky.  I chose HR.pdf.  Copy this to your thumb drive.

Step 5: Take your USB Drive and drop it off somewhere.

Step 6: Wait for the finder of the USB drive to open and click the evil HR.pdf.  Gotcha!  Time to give Mr. X a lesson on Social Engineering and how we don't use thumb drives we find in the bathroom.

 

References (3)

References allow you to track sources for this article, as well as articles that were written in response to this article.
  • Response
    Response: Hi
    Hi
  • Response
    NFL is definitely a single of the largest sports in America. It has a main following.
  • Response
    UGG Boots get extremely effectively known for becoming the makers of high excellent footwear

Reader Comments (2)

I have been really glad after reading this blog as the knowledge which has been given via this blog is simply tremendous. I would congratulate and appreciate the blogger for doing this much hard work.

January 7, 2011 | Unregistered CommenterAffordable Computers

Thanks

May 30, 2013 | Unregistered Commenterhi

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>