Monday, 22 February 2016

Mass Email Attack Kali Tutorial : Kali Linux SET Tutorial

Mass Email Attack Kali Tutorial : Kali Linux SET Tutorial

Mass email senders is not a new topic for ethical hacking community . Certainly we need to send mass emails during penetration test / phishing tests (to be more specific) . While Phishing tests penetration testers often need to send Bulk emails to the employees of an organisation we are conducting the penetration test for .
Though there are many Bulk Mail sending softwares available out there but there is nothing as good as bulk sending tool that is already present in our favourate penetration testing OS : KALI Linux
In this post I will be sending mass emails using Kali Linux and SET (Social Engineering Toolkit)
To begin with the Mass email attack , you first we need a Email list that we have either harvested or has been supplied to us by the organisation we are conducting the penetration test for .
Incase if you dont have a email list , please refer to this link to view my tutorial on Email Harvesting : Click Here
For this tutorial I will be using email list file , email_list.txt
Now I will be opening Social Engineering Toolkit , SET :
Simply Open Termial and type :
se-toolkit
And SET opens Up
Mass Email Attack
SET-Mass-mailer-compressed
Select Social engineering i.e Option 1
Option 1 : Social-Engineering Attacks
Mass email attack
SET-compressed
Now as we need to do a mass email Attack (Mass Mailer attack select option 5)
Option 5 : Mass Mailer Attack
Then select Option 2 for email mass mailer as this tutorial we deal with Email Mass sender and not the Single Email Address . The Option 1 might be useful spear-phish attacks .
Option 2 : Email Attack Mass Mailer
SET-Mass-mailer-Attack-compressed
Now you need to define the path to the email list . This is email_list.txt in our case , just add the file-name with the path .
Easiest way is to drag and drop the email_list.txt file into the terminal .
mass-mailer-attack-compressed
Now select Option 1 as we will be using a gmail account for sending the Mass emails as we dont have our own SMTP server . In case you have a self email server / SMTP (as done by the proffessional spammers)server feel free to explore the other options .
Option 1 : Use a Gmail account for email attack
Enter the gmail address . The email address must be correct and you must also have the password for the same to successfully send the emails .
Now enter the name that you want the email recipients to see in the Inbox . This is the Name that will flash first in front of your victim . Pay attention to this field specifically , as this where the actual social engineering takes place .
This could be “Admin” in case of a spear phish attack .
Now the SET will ask you to enter the password for the email account .
Enter the gmail password
Now you have an option to specify weather or not you want to flag this message as high priority . Sometimes this may work and sometimes might make the victim suspicious . So I suggest to use this option as per your suitability .
Screenshot
Now SET will ask you to enter the subject of the email .
Enter the subject of the email
Now the SET will ask you if you want the body of the message to be HTML or Plain Text .
P for plain text or H for html
Enter the body text
Enter the body of the email here . If you chose HTML message then add the HTML tags as well .
Enter Control+C to send the email .
Enter to go back to the main menu
This is how hackers perform mass email attack.

Related Posts:

0 comments:

Post a Comment