You will not need to do all the steps for every attack you do, but you will need to set a couple of things up before you start using the system.
Step 1: Add an Email Account
You will need to add at least one email account. From the Menu click on Resources > Email Accounts.
Email accounts will be used to send payloads to targets but also be used by the payload to send you data.
You can add any number of email accounts that you want to use. You can use any email service that supports SMTP. Free email services like gmail and yahoo will work, but will have some limitations and problems. These services are very strict with the type of attachments they allow and will also limit you with the number of emails that can be sent in a day.
When adding your email account note the following:
- Use load default if you are using gmail or yahoo. If you want to add your own default server (if you will add a couple of emails from that server) you can add it under Resources > SMTP Servers.
- The username is usually the full email address.
- If you are not using one of the default ones, you can get the Server, Port and SSL settings from your email service provider.
- Before you add the email, click on test to make sure you added it correctly. You will receive a test email message.
- As mentioned, you can add as many emails as you want that you can use to send data or send email messages.
Step 2: Create a Payload
PAYLOAD: Payload in computing is the cargo of a data transmission. In computer security, payload refers to the part of malware which performs a malicious action.In previous versions (and redpill Agent) payloads where called 'Install Modules'. The payload is the install program that will install the spy program on the target computer. A payload is disguised as another program that will give the target the idea that something else is being done while it secrtly installs the spy program.
From the Menu go to 'Social Engineering Payloads' > 'Social Engineering Payloads' and click on 'New Payload'.
- The Description will only be visible to you. You can use any descriptive name so that it will make is easy to later choose the correct payload (you can create as many as you want).
- The Social Engineering Template will populate the next 3 fields for you. There are several to choose from and you can also add more or edit the existing ones to work better for you.
- The Program Name, First and Second message will be set according to the Social Engineering Template that you selected, but you can change it here if you want.
- This account will be used to send the data. It will not be visible on the target computer.
- There are several attachment types to choose from. You need to keep in mind that different email services allows different types of attachments (sending and receiving). For this example we will use a ZIP File (you need to have WINRAR installed on your computer as redpill Hacker will use WINRAR to create the zip file).
- You select the payload filename (it is a good idea to make it similar to the program name) and where it should be saved on your computer. Be default it will use the redpill Hacker payload folder but you can also save it somewhere else.
- The email address where you want to receive the data .... it can be, but don't need to be, the same as number 4.
When you click on 'Create Payload' the payload will be created. You can use this payload at any time and as many times as you want. redpill Hacker can send the payload for you, but if you want to email the payload yourself, you can just open 'Social Engineering Payloads' again.
A list of all your payloads will be displayed. Select a payload to see information about the payload. To use it directly (if you don't want redpill Hacker to send it for you), simply click on 'Open Payload Location'. It will open a folder where the payload is saved.
Step 3: Add a Target
As mentioned in the previous section, you can email the payload directly, then you don't need to continue with these steps. If you want redpill Hacker to email the target, you need to add at least one target. The target is the person or computer you want to monitor.
From the Menu, select Targets > Add / Manage Targets.
Simply type in the target name (the name will be used in the email), the target email address and select any status. Click on 'Add' and then Close.
Step 4: Attack the Target
Now you are ready to do the attack. From the menu, select 'Social Engineering Payloads' > 'Social Engineering Attack'.
- Select the target you want to attack. You can also choose to attack a list of targets.
- Select the Social Engineering Template that redpill Hacker should use. To see what is in the template, you can go to Resources and Tools > Social Engineering Templates.
- Select the payload that you just created.
- Choose the email account that redpill Hacker should use to send the email. It does not need to be (but can be) the same account that the payload will use to send the data or where you will receive the data.
- Click on 'Attack Selected Target'. If you want to attack all the targets in the list, you can use the 'Attack All' button.
redpill Hacker will now send a personalized email to the target using the template you selected and attach the payload you selected. When the target runs the payload, you will start to receive data in the email account you specified.
There are a lot more you can do with redpill Hacker. Click on the 'redpill Hacker' topic in this blog to read more articles or watch videos about more advanced features and tips.
To purchase redpill Hacker, go to http://www.redpill.co.za