redpill recently added the 'Password Phishing Website' tool. The very high success rate of this tool convinced redpill to develop a new tool that combine the website creating ability of redpill Hacker with its payloads.
Social Engineering Payload Website
The difference between the Password Phishing Website Tool and the Payload Website Tool is that the password site can only capture a username and password while the payload website will install spy software to monitor the computer.
With the Payload Website you bypass any email problems as no attachments are emailed. You also don't email a link to a payload (install module). Emailing a link is one of the best delivery methods but it still has two problems:
- Most computer users know not to click on a link in an email. They where told to go to the website directly and download from there.
- Emailing a direct link to your payload can still cause unwanted exposure (Anti-Virus Scans) to your payload. The more your payload is scanned, the more you increase the risk of it becoming known as malware.
The new tool takes care of these problems and will have a much higher success rate. Lets look at an example of how the Payload Website Tool works:
Step 1 – Choose or Create a Template
We will choose one of the templates that comes with redpill Hacker 3.5 – ZIP4WIN. You can make a few changes to the template or create your own if you want.
Click on the images to enlarge them.
Step 2 – Create the Payload
We select the template we have chosen. This will populate most of the fields for us. For a Payload Website option you must select 'Program File' as attachment type (remember it will not be emailed).
Step 3 – Create the Website
Select the new 'Social Engineering Website With Paylaod' option in the Social Engineering Toolkit.
You simply enter a description and features that fits in with your con (the social engineering template that you chose) and you click on Create. I don't have a video yet of how this works, but to see how quickly and easily redpill Hacker creates a website see the 'phishing website video'.
Setp 4 – Attack
Go to the new Payload Website Attack option and select your list of targets. They will not get a link to a payload but will simply be told about the new great app with a link to the website.
This new tool allows you to create any 'super application' and website that goes with it in a couple of minutes.
The website will look legit to the target and he will expect the UAC Warning message from Windows as he is installing this great application!
The payload will install the spy program that will return the public IP address of the target, all keys that are typed (key logger) and will take screenshots at the interval you specified.
For more information about redpill Hacker visit http://www.redpill.co.za