Krissie's Blog

the attack process of a social engineering is to :

• gather intelligence information
• Identifying vulnerable points
• Planning the Attack
• Execution

There are various ways of which one can execute a social engineering attack such as:

• Impersonation- pretending to be someone else
• Reciprocation- The art of exchanging favors in terms of getting mutual advantage
• Influential Authority
• Scarcity
• Social Relationship
• Social Engineering Toolkit (SET)

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

The information is then used to access important accounts and can result in identity theft and financial loss. These are the attributes of a phishing website.

CEWL – is a ruby app which spiders a given URL to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper, Hydra, etc. Basically you can make your own personalized dictionaries from a given target’s website.

Hydra– is a parallelized network login cracker built in various operating systems like Kali Linux, Parrot and other major penetration testing environments. Hydra works by using different approaches to perform brute-force attacks in order to find the right username and password combination

Implementation- Once you have generated a list of passwords with CEWL or wherever source you choose from, you can start using Hydra. It is important to note a username needs to be provided also and is usually much easier to get than the password as it can be visible most of the times to outsiders and can also be the email associated to the username. These can all be found by the enumeration steps we covered previously.