Reference no: EM133697611
Computer Network and Security
Assessment: Generation of Mass Mailer Attacks, Striping and Spoofing by Using Kali Linux
Assessment Description and Instructions
There are two major tasks that students are supposed to perform in this assessment.
Social engineering attacks - Mass Mailer Attack
SSL Stripping and ARP Spoofing in Kali Linux
Part-1 Social engineering attacks - Mass Mailer Attack
Social engineering attacks are one of the top techniques used against networks today. Why spend days, weeks, or even months trying to penetrate layers of network security when we can just trick a user into running a file that allows us full access to their machine and bypass antivirus, firewalls, and many intrusion detection systems? This is most commonly used in phishing attacks today, craft an e-mail or create a fake website that tricks user into running, malicious file that creates a backdoor into their system.
In this assessment student will use Kali Linux which includes one of the popular social engineering attack toolkit available, Devid kennedy's Social Engineering Toolkit (SET). More recently several non-social engineering tools have also been added to SET making it a very robust attack tool.
Follow the steps to generate a mailer attack.
Step-1 Installation of Kali Linux:
Kali Linux is a popular operating system used for penetration testing and ethical hacking. While Kali Linux is primarily designed to be installed on its own dedicated hardware or as a virtual machine, there are ways to install it on Windows and macOS. Here are the general steps for installing Kali Linux on both operating systems:
Installation on Windows:
Download the Kali Linux installer for Windows from the official Kali Linux website.
Run the installer executable file and follow the on-screen instructions.
Choose the installation location and other options as per your preference.
Once the installation is complete, you can launch Kali Linux from the Start menu or desktop shortcut.
Installation on macOS:
Download the Kali Linux ISO image for macOS from the official Kali Linux website.
Install a virtualization software like VirtualBox or VMware Fusion on your macOS.
Open the virtualization software and create a new virtual machine.
Configure the virtual machine settings, including allocating system resources and attaching the Kali Linux ISO image as the bootable media.
Start the virtual machine and follow the Kali Linux installation process within the virtualized environment.
Once the installation is complete, you can access Kali Linux by running the virtual machine and launching the operating system.
It's important to note that Kali Linux is a powerful tool and should be used responsibly and legally. Ensure you have a valid use case and adhere to the applicable laws and regulations when using Kali Linux. Additionally, make sure to keep your Kali Linux installation updated with the latest security patches and updates to maintain its effectiveness and security.
After the successful installation, students are required to follow the steps outlined
Step-2 type following command in a terminal :
The Screenshot is following :
We can see the Social-Engineering Attacks in the top of the menu, so we choose number 1 and hit Enter. Then we will be displayed social engineering options as we can see in the following screenshot:
Here in this lab we choose options 5. That is Mass Mailer Attack.
Step-3
One way a Social Engineer will attack a network is to send out a flood of e-,ails to company address and see who will respond or run the malicious attachment we sent with it.
After entering in option 5 in SET we got two options
E-mail Attack single E-mail Address
E-mail Attack Mass Mailer
The screenshot is following:
For this example let's just send one. We press 1 and hit "Enter".
Step-4
Then we enter a target e-mail address. See the following screenshot
For this example, let's just send one. We press 1 and hit "Enter".
Now we select option 1 to use a Gmail account or another server. For this lab we will use a fake Gmail account. The Gmail address and password must be correct.
Then we choose a spoofed name to use for the 'from' line of the message.
Now SET asks for the password of the Gmail account.
Then we press yes at the prompt "Flag this message/s as high priority ?"
We don't want to attach any malicious file so we choose "no" when prompt "Do you want to attach a file ?"
Enter "p" when prompted to "Send the message as html or plain ?"
Now type-in a fake message, preferably one that will entice our victim to click on a malicious link included or entice them surf to a malicious web page.
In actual defense practice this could just be a test webpage that records the IP address of those who were tricked to surf to the page. That way as a security expert we know who in our organization needs to be better educated on the risks of malicious e-mails.
When finished we type "END" in the last line. Just like following screenshot.
Then press "Enter" and SET will send out the e-mail to victim.
The message in above screenshot is obviously a silly fake, but something like this (With a much more believable message ) could be used to test employee's ability to detect, resist and report phishing attempts.
So far we have just sent a fake e-mail that could redirect someone to a bogus site. But if we could make a fake site that offered up a booby script, and if the user allows the script to create shell with the user.
Pat-2 SSL Stripping and ARP Spoofing in Kali Linux
SSL Stripping and ARP Spoofing are two common techniques used in network security attacks. They are often employed by attackers to intercept and manipulate network traffic, particularly in scenarios where Secure Sockets Layer (SSL) encryption is used for secure communication.
SSL Stripping: SSL Stripping is an attack method that aims to downgrade a secure HTTPS connection to an insecure HTTP connection, making the traffic susceptible to interception and manipulation. The attacker typically acts as a Man-in-the-Middle (MitM) by intercepting the communication between the client and the server. The attack involves the following steps:
a. The attacker sets up a rogue access point or performs DNS spoofing to redirect the victim's traffic through their own device.
b. The attacker intercepts the initial HTTPS request from the victim and responds with a modified HTTP response instead of the expected HTTPS response.
c. The attacker then establishes an HTTPS connection with the server on behalf of the victim, making the victim unaware of the downgrade.
d. Throughout the communication, the attacker intercepts and relays the traffic between the client and the server, potentially capturing sensitive information.
Kali Linux, being a powerful penetration testing and security auditing platform, can be used to perform SSL stripping attacks. Tools like "sslstrip" and "Bettercap" are commonly used in Kali Linux for this purpose.
ARP Spoofing: ARP (Address Resolution Protocol) Spoofing, also known as ARP Poisoning, is an attack technique used to manipulate the ARP table in a local network. The attack allows the attacker to redirect network traffic meant for a specific IP address to their own device. The steps involved in an ARP Spoofing attack are as follows:
a. The attacker sends falsified ARP messages to the target network, associating their own MAC address with the IP address of another device on the network, such as the default gateway or a specific target.
b. As a result, the target network starts sending its traffic to the attacker's device, believing it to be the legitimate destination.
c. The attacker can then intercept and manipulate the traffic as desired, potentially capturing sensitive data or launching further attacks.
In Kali Linux, various tools like "Ettercap" and "arpspoof" are available for performing ARP Spoofing attacks. These tools allow the attacker to sniff network traffic, intercept packets, and manipulate them.
There are mainly 4 steps in this type of attack:
Victim requests to the server in HTTPS but by arpspoof attacker spoofed network and the request HTTPS pass through the attacker machine.
After hijacking the HTTPS Request attackers use the same HTTPS Request to the server because many modern servers respond only in HTTPS mode.
When the server responds in HTTPS encrypted format attacker changes it from HTTPS to HTTP, which is a secure connection.
For the victim, the request attacker responds in the form of HTTP and works as a man-in-the-middle.
These types of attacks can be done in public networks. A malicious user can also make their personal WI-FI network and when anyone gets connected to the network they perform credential theft attacks on bank accounts or any other malicious activity.
In this assessment student will use Kali Linux which includes one of the popular social engineering attack toolkit available by following the steps bellow.
SSL Stripping and ARP Spoofing Usage
Following are steps for performing SSL Stripping and ARP Spoofing in Kali Linux:
Step 1: Open the Kali Linux terminal in root mode.
Step 2: Type the following command in the terminal and hit enter to install sslstrip:
$ apt install sslstrip
Installation of sslstrip in our Kali Linux is done successfully.
Step 3: Type the following command in the terminal and hit enter to install dsniff:
$ apt install dsniff
Installation of dsniff in our Kali Linux is done successfully.
Step 4: Type the following command in the terminal and hit enter for finding out the name of the interface of the network.
$ ifconfig
This will show which interface we are using. In our case interface is eth0 and IP is 10.0.2.4
Step 5: Execute the following command in the terminal and hit enter for IP forwarding-
$ echo '1' > /proc/sys/net/ipv4/ip_forward
This will configure our routing table and destination port 80 and it will redirect to port 8080.
Step 7: Type the following command in Terminal and hit enter for finding out the gateway IP of our router.
This will show our gateway IP address. In our case gateway, IP is 10.0.2.1 Step 8: Type the following command in the terminal and hit enter for finding out targets in the network -
$ nmap -sS -O <gateway ip>/24
In our case gateway, IP is 10.0.2.1 so we will use this gateway IP for our task-
This will scan and show all IP of the router and based on the scan result we can identify our target. In our case, we want to attack the second VM machine which is Windows so we will open VM Windows.
Step 9: Open up the command prompt of VM Windows and type ipconfig and hit enter:
$ ipconfig
This will show our VM Windows IP as well as the gateway. Here we can also verify our gateway IP address.
In our case, VM Windows IP is 10.0.2.5
Step 10: Now open up a new terminal with root access in Kali Linux and type the following command and hit enter.
This will start the arpspoof of our target machine.
$ arpspoof -i <interface> -t <target IP> -r <gateway IP>
in our case that is
$ arpspoof -i eth0 -t 10.0.2.5 -r 10.0.2.1
Now the arp spoofing is started.
Step 11: Without closing the arpspoof terminal open up a new terminal with root access and type the following command in the terminal and hit enter:
$ sslstrip -l 8080
This will start SSL stripping on the VM Windows Targeted machine.
Step 12: Now open up the targeted Windows browser and type any web page name. In our case we type https://instagram.com it will go to the login page of Instagram and we are going to enter random data and click the login button.
This data will be captured by the sslstrip.log file in our Kali Linux system.
Step 13: Now open up a new terminal in Kali Linux with root access and type the following command in the terminal and hit enter.
$ cat sslstrip.log
this will show captured data. In this way, we can perform SSL Stripping and ARP Spoofing in our Kali Linux system.
Presentations on Case Study Questions:
Structure of the Report
Title: Case Study Report: Software Development Process and Budget Control System
Introduction
Briefly introduce the Social engineering attacks - Mass Mailer Attack, SSL Stripping and ARP Spoofing in Kali Linux
Provide relevant background information.
Explain the purpose of the report and the importance of addressing the provided questions.
Analysis and Technical Findings
Part-1
Perform practically all the steps mentioned in "Part-1 Social engineering attacks - Mass Mailer Attack" in your systems (laptops), take a screenshot of your Kali results with each step.
Part-2
Perform practically all the steps mentioned in "Part-2 SSL Stripping and ARP Spoofing in Kali Linux" in your systems (laptops), take a screenshot of your Kali results with each step.
Write down your findings if you successfully conducted a Mass Mailer attack, Stripping and Spoofing.
Solutions to prevent from these attacks
What are the potential solutions to prevent spam, mailer attacks or spoofing, how to secure your systems from further attacks.
Conclusion
Summarize the main points and outcomes of this technical report.
Reiterate the significance of the topic and the relevance of the contents.
Offer final thoughts or reflections on the cyber attacks and its implications.
References
Include a list of all the sources cited in the report, following a consistent citation style (IEEE referencing style).