phishing methods other than web form phishing

Posted by santillano at 2020-02-27

All the interesting ideas in infiltration are the art of infiltration. ——(middle) wozkisord

Fishing attack

As the name suggests, it's a kind of attack like fishing, a very comfortable way of attack.

Sogou encyclopedia is a relatively easy to understand definition of phishing.

Phishing attackers use fraudulent e-mails and fake Web sites to carry out online fraud activities. The cheated often disclose their personal information, such as credit card number, bank card account, ID card number and so on. Fraudsters usually disguise themselves as trusted brands, such as online banks, online retailers and credit card companies, to cheat users' private information.

It can be seen that fishing attack is not a completely random attack method. The key is to succeed in pretending to be the target of the victim's trust.

Scene simulation

Now you have accepted a secret task. The organization needs you to get a secret list of X company's services. However, X company is a very rich company. It has hired professional patchers, and there are all the patches that the server should have. There are also professional web scanner users who scan their websites every day, and you don't have 0day. But the only good thing is that you can get into his intranet.

Suppose now that you've successfully cheated the victim's machine, he already thinks you're the target server

MSF can be said to be the most powerful penetration testing framework at present, and it is an artifact that a penetration tester must master. (middle) yeswozkisaud

The administrator of company X especially likes to use FTP to manage the server (don't care why he likes to use FTP, which is the need of the plot)

Before we do anything, we have to run the fake FTP server.

The default configuration is OK, or the ports you want to change.

If the port is not occupied and the permission is large enough, you can see the following interface, and the FTP credential harvester will start.

Through the method of social engineering, pretending to be a customer service sister and so on, for example, "the administrator's little brother, a little hacker told me that he uploaded a shell in our server's Web root directory, and he is so powerful.". This stimulates the administrator's androgen, so he wants to go to the server to have a look.

The administrator was stimulated to log in to FTP, but he was more stimulated, "is it really black?"

Look at our side, we have succeeded.

Use the creds command to view the credentials we collected.

Finally, the network was shut down perfectly, and the cheating attack stopped. The administrator finally logged in to the FTP server, and did not find the upload shell, screenshot for my sister to see, got my sister's favor, and made an appointment for dinner at night (the administrator did not know that my sister was also fake). We'll take the administrator to a remote area, and we'll be able to upload the shell.

It was a wonderful fight.

MSF also has other modules that create fake services to collect user credentials.

As of December 26, 2017, the available modules are:

Auxiliary / server / capture / DRDA distributed relational database architecture (Baidu Encyclopedia's explanation) auxiliary / server / capture / ftpauxiliary / server / capture / httpauxiliary / server / capture / HTTP ﹣ basicauxiliary / server / capture / HTTP ﹣ JavaScript ﹣ keyloggerauxiliary / server / capture / HTTP ﹣ ntlmauxiliary / server / capture / imapauxiliary / server / capture / mssqlauxiliary / server / capture ure/mysqlauxiliary/server/capture/pop3auxiliary/server/capture/postgresqlauxiliary/server/capture/printjob_captureauxiliary/server/capture/sipauxiliary/server/capture/smbauxiliary/server/capture/smtpauxiliary/server/capture/telnetauxiliary/server/capture/vnc

As long as the thinking is in place, we can play with flowers, so that the victims don't know which step to take.