Hacker tooltalk: Social Engineering Toolkit (SET)

Fujitsu Edmonton Security Lab 1

Hacker tool talk: SETThe Social Engineering

Toolkit“Or how I learned to put tape over my webcam”

Chris Hammond-Thrasherchris.hammond-thrasher <at> ca.fujitsu.com

Fujitsu Edmonton Security LabDecember 2011

Fujitsu Edmonton Security Lab 2

Agenda

• Why are we here?• What is social engineering?• Setting up a security lab• About SET and its dependencies• Installing SET• SET demo• What’s next?

Fujitsu Edmonton Security Lab 3

Why are we here?

Fujitsu Edmonton Security Lab 4

Ethics and motives

“Every single scam in human history has worked for one key reason; the victim did not recognize it as a scam.”- R. Paul Wilson

Fujitsu Edmonton Security Lab 5

What is social engineering?

Fujitsu Edmonton Security Lab 6

Social science definition• “Social engineering is a discipline in political science that

refers to efforts to influence popular attitudes and social behaviors on a large scale, whether by governments or private groups… For various reasons, the term has been imbued with negative connotations. However, virtually all law and governance has the effect of changing behavior and can be considered "social engineering" to some extent. Prohibitions on murder, rape, suicide and littering are all policies aimed at discouraging undesirable behaviors. In British and Canadian jurisprudence, changing public attitudes about a behaviour is accepted as one of the key functions of laws prohibiting it. Governments also influence behavior more subtly through incentives and disincentives built into economic policy and tax policy, for instance, and have done so for centuries.”- Wikipedia (“social engineering (political science)” 26 October 2011)

Fujitsu Edmonton Security Lab 7

Information security definition

• “We define it as the act of manipulating a person to accomplish goals that may or may not be in the “target’s” best interest. This may include obtaining information, gaining access, or getting the target to take certain action.”- Chris Hadnagy (social-engineer.org)

Fujitsu Edmonton Security Lab 8

Setting up a security lab

Fujitsu Edmonton Security Lab 9

Security lab reqs

• It’s actually pretty easy to setup– A network

• Isolated from other networks• Any wired hub, switch, or router and cable; wireless is an option;

or the virtual network created by virtualization tools is also OK.• Recommendation: Keep it simple and go wired if you can

– Attack/dev box• Linux or Unix is generally the best option, OS X is getting better

support, or Windows as the least desirable OS.• Recommendation: OS: Backtrack Linux, Packet tool: Wireshark

– Target box• Recommendation: OS: Windows (any) and VMWare (or your

favorite virtualization tool)

– Logging/monitoring box (Optional)• Recommendation: OS: Any, Packet tool: Wireshark

Fujitsu Edmonton Security Lab 10

Caution

• This is not a game. Attacking machines with the tools in this presentation without permission is not only unethical, but is a criminal offense in many jurisdictions.

Fujitsu Edmonton Security Lab 11

About SET

Fujitsu Edmonton Security Lab 12

History

• The Social Engineering Toolkit (SET)– An open source project lead by Dave Kennedy, Chief

Information Security Officer of a Fortune 1000 company– Leverages the Metasploit Framework, FastTrack (another

Dave Kennedy lead project), and other open source tools– Originally released in 2009 to coincide with the launch of

social-engineer.org– “The Social-Engineering Toolkit (SET) is a python-driven

suite of custom tools which solely focuses on attacking the human element of pentesting. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.”- from the secmaniac.org download page

Fujitsu Edmonton Security Lab 13

Features

• SET implements a variety of targeted attacks that fall into three main categories1. Create malicious websites through site

cloning or templates that launch Metasploit or Java applet attacks at clients

2. Create and send phishing and spearphishing emails

3. Create malicious files – PDFs, MS Office docs, EXEs, etc.

• Free as in speech and beer

Fujitsu Edmonton Security Lab 14

Legit uses of SET

• Penetration testing – with or without social engineering in scope– “Can an attacker still get shell when my

firewall, IDS, and antivirus are awesome?”– “Can an attacker get shell on privately

addressed machines behind my NATed firewall?”

– “How can I check if my staff can be fooled into doing something stupid and placing the entire enterprise and our clients at risk?”

Fujitsu Edmonton Security Lab 15

h4X0r$

• Provide the technical components of social engineering attacks– “I think I can trick the CEO/CFO/Financial

Analyst/DBA into clicking on a link or opening a file attachment that I email to her, but how do I create an evil site or file for her to hit?”

– “If I am going to drop USB thumb drives in the target’s parking lot, what evil file should I put on it?”

– “How can I encode my evil payload to evade antivirus?”

Fujitsu Edmonton Security Lab 16

Installing SET

Fujitsu Edmonton Security Lab 17

Choices

• Easiest: Get latest Backtrack (BT5R1)http://www.backtrack-linux.org/downloads/

• Linux power user: Use svn to install the latest build (no compile required – it’s Python)

svn co http://svn.secmaniac.com/social_engineering_toolkit set/

and

firefox http://metasploit.com/download/ &

(grab the latest stable Metasploit release and follow installation instructions)

Fujitsu Edmonton Security Lab 18

Configuration

• Regardless of your installation method, open and edit the set_config file in the config directory of your SET installation (in Backtrack this is pentest/exploits/SET/config/set_config)

• The configuration file is well commented – don’t be afraid

Fujitsu Edmonton Security Lab 19

SET demo

Fujitsu Edmonton Security Lab 20

SET demo

• Starting it up• Updating SET and Metasploit• Menu tour• The Java applet attack vector• A quick look at post exploitation (or

why I have tape over my webcam lens)

Fujitsu Edmonton Security Lab 21

Victim

’s Bro

wse

rA

ttack

er’

s W

eb S

erv

er

Victim

’s Firew

all

1. HTTP GET request on port 80 (initiated by the user)

2. HTTP RESPONSES with HTML and Java payload

4. Request TCP connection on port 443

5. Command and control session established

4. Rununsigned

Javaapplet?

3. Anti-virus?

?

Fujitsu Edmonton Security Lab 22

What’s next

Fujitsu Edmonton Security Lab 23

Learn more

• Read social-engineer.org and listen to their podcast

• Read Chris Hadnagy’s Social Engineering: The Art of Human Hacking

Fujitsu Edmonton Security Lab 24

Act locally

• At work– Show your colleagues how clicking on an

innocent URL and then ignoring the Java applet warning can lead to their laptop turning into a spy-cam

– Show your colleagues how scam emails can lead to your computer being compromised if you open attachments or follow links – even if you don’t reply to their pleas for financial help

Fujitsu Edmonton Security Lab 25

Act locally

• At home–My family used to ignore my warnings about

strange email attachments and URLs. Then one day I fired up the SET Java applet attack and emailed my daughter a URL with a message to check out “something cool”. Two minutes later I called her over to my machine and showed her a picture of herself that I had captured through her laptop’s webcam. Not only will she never follow a strange link again but she has covered her webcam lens with masking tape.

Fujitsu Edmonton Security Lab 26

Thank you!

Want more presentations like this?Is there a particular tool or hack that you would like to see

demoed?

Fujitsu Edmonton Security LabChris Hammond-Thrasher

Email: chris.hammond-thrasher <at> ca.fujitsu.comTwitter: @thrashor

Yetunde OladunniEmail: [email protected]

Fujitsu Edmonton Security Lab 27