Things that can go wrong:
- The target can choose not to open the payload. Even after some good social engineering, there will be a lot of targets that will know better than to open the attachment.
- The target can open the payload on a device (Operating System) that does not support the specific payload.
- The target computer can have a two-way firewall (not the standard Windows Firewall) that can block the data from being sent.
- The target computer can have very strict Anti-Virus that will block any program that is not known and trusted.
Ways to improve your chances of success:
The first thing you can do is use a targeted attack against a specific target. You find out as much as you can (facebook, google, etc) about the target. You can use information that might look very insignificant to others to improve your social engineering con (I will explain in more detail with the example in this article). This type of attack is called spear phishing and will greatly improve your chances of success compared to phishing where you simply 'attack' a list of targets and hope for the best.
Another way to improve your chances of success is to use incremental hacking
With incremental hacking you first do a type of attack that has a higher success rate and usually lower reward before moving to the next phase with a lower success rate but greater reward. That way, if the target get suspicious during the last phase and the attempt fails, then at least you have some information about the target.
This multi-phase attack also has the advantage that you can prepare (through social engineering) the target for the final payload so that he is willing and ready to run it.
Example of Incremental Hacking
You did your homework and from facebook you learned that the target is a big Miley Cyrus fan.
You create a profile (facebook google+ or simply an email address at yahoo, gmail, etc) and give the impression that you are also a Miley fan (the things we sometimes need to do …). You could alternatively create an email that will let it look like some sort of special fan group.
You will then email the target a link to a Miley video where you will only get the target's username and password using a phshing website – high success rate – Phase 1.
After you successfully retrieved the target's username and password, you can then email the target another 'naughty' video of Miley that is not freely available on the internet. Once the target try to run this video, you will have full monitoring of the target computer – lower success rate but higher reward – Phase 2.
Let's see how this can be done:
Phase 1: Phishing Website
After our first phase, we don't want the target to become suspicious. We want the target to trust as even more. So the first phase of the con is very important. We search the web (youtube or any other video service) for an actual video of Miley that will give the target the impression that there was a reason why the video was somewhat restricted (maybe a real sexy/naughty video).
We use that link to create our phishing website with redpill Hacker.
redpill Hacker will create the phishing site for us (see the redpill Hacker Phishing Website Video for more detail on how the website is created by redpill Hacker).
We then make a couple of changes to one of the many social engineering templates in redpill Hacker to fit in with our con. We let redpill Hacker email the target.
The target will get an email with a link to the video. When the target want to view the video, he will be prompted to sign in using his social media account (gmail, yahoo, facebook, twitter) – as are the case with many sites and content on the internet. After he signed in, he will be able to watch the video and will not suspect anything.
We however, would have received his username and password!
This type of attack as a very high success rate as nothing needed to be installed on the target computer. It works on any device and operating system and there is no warning messages.
Phase 2: Emailing the Payload
The second phase of the attack has a lower success rate as we want to remotely install a spy program on the target computer. If this however fails, then at least we already have the target's login details for one of his accounts that will give us a lot of information about the target (remember, some users will use the same password for all their accounts).
We also now already established contact with the target and the target will now have a sense of familiarity that will help us with the next attack.
Using the 'video' social engineering template in redpill Hacker, we create a video payload and email it to the target. We tell the target that this video is not freely available on the internet as it has some shocking content of Miley.
When the target wants to run the video player we attached, he might get the standard UAC message from Windows or a warning from his Anti-Virus that it is not a known and trusted application. We however did explain in the email that we are using a new video encryption program to attach the video so the target will be expecting the message and allow it to run.
If the target allow the payload to run, we will start to receive data (IP Address, keylogs, screenshots) from the target.
Not only will an incremental attack increase your chances off success during the final phase, it will also reduce exposure to your payloads (see why this is important) and also leave you with at least access to the target's social media account if the final attempt is not successful.
For more information about redpill Hacker, visit http://www.redpill.co.za