Sponsor

Security Videos

Entries in 1aN0rmus (7)

Sunday
Sep092012

TekTip ep7 - Credential Harvesting with The Social Engineering Toolkit

The Social-Engineer Toolkit (SET)  
SET is created by: https://www.trustedsec.com      
SET includes many modules:  Spear-Phishing Attack Vectors,  Website Attack Vectors, Infectious Media Generator, Create a Payload and Listener, Mass Mailer Attack, Arduino-Based Attack Vector, SMS Spoofing Attack Vector, Wireless Access Point Attack Vector, QRCode Generator Attack Vector, Powershell Attack Vectors, Third Party Modules.
In this video we focus on "Website Attack Vectors" and particularly "Credential Harvester".  For this demo we clone the securitytube.net login page and watch as users (in our lab) attempt to connect and login, giving us their passwords.
Keep in mind that this by itself is not a very strong tool.  You must combine with information gathering techniques and trickery to get the most out of this tool in a pentest.
1aN0rmus@tekdefense.com
Monday
Sep032012

TekTip ep6 - Passive Information Gathering with TheHarvester

The Harvester: Created by Edge-Security
Default BT Location: /pentest/enumeration/theharvester
theharvester is a great passive information gathering tool that is immensly helpful in blind pentests.  
Notable options
-d: for the domain
-f: export to html/xml
-c: DNS bruteforce
-n: Reverse DNS query
-l: limit the number of results
-b: Where to search
** "-b all" does not actually include all sources.
examples:
./theharvester.py -d tekdefense.com -l 100 -n -b all
./theharvester.py -d securitytube.net -l 100 -n -b linkedin
Tekdefense.com
1aN0rmus@tekdefense.com

 

Page 1 2