Update: This article is for an older version of redpill Hacker.
Please see: Setting up a FTP Server in redpill Hacker
When to fill in the FTP details in redpill Hacker ...
When to use links
In redpill Hacker there are two Social Engineering Attack methods that would require the use of a FTP Server - a link or a website.
If you are new to redpill Hacker, I suggest you start with the easier attachment types like a program file, zip file, or Wordpad file, as these types do not require a FTP Server. When you choose one of these types, the FTP Settings are disabled.
Using a link as part of a social engineering attack is sometimes needed as some email services like gmail block attachment types like program files and zip files. Although Wordpad files are allowed in gmail, some other email services or anti-virus applications will block wordpad attachments that contain embedded program files.
How to use a link
A link in an email is just that - a 'link' that points to something somewhere else. If you want to use a link you will need to have a FTP Server or website hosting option where you can place your social engineering attack module.
There are free file hosting services available like idrive or google drive that you can use as explained in this article: How to attach a spy program to an email.
The problem with the free hosting options is that most of them will not allow you to upload a program file or have a direct simple link to the file.
There are very cheap hosting options (FTP Servers or websites) that will allow you to upload your install module and use a direct link to the file. The best solution would be to get a website hosting option with your own domain name that will fit in with your social engineering con. For example, if your social engineering template you used is for a 'virus removal tool', you could choose a domain name that has to do with virus removal. The link that you will use will then look a lot more legit. A good and cheap hosting company is godaddy.com ... but there are many to choose from.
Once you have your website or file hosting site, your hosting company will provide you with the FTP details. You will need the following:
- FTP Server - usually just a IP address or it could also be something like ftp.mysite.com
- FTP Username
- FTP Password
- FTP Folder - this is the folder where you place your website files. With a file hosting service it will usually be in the root so you just enter '/' in redpill hacker (without the quotes) or if it is a website it is usually '/httpdocs/'.
You also need to specify the download link.
In the download link box, just replace '[replace with your domain]' with your domain name.
If you use a free file hosting service they might generate a link for you. You will then need to use that link instead.
Want to take it one step further?
As part of your social engineering attack you can use a website instead of a link. Most users will not easily click on a link in an email, but they will download a free application from a website.
With this option you will need some basic knowledge of how websites work ... if you don't, you can get redpill to do it for you for a fee.