1
00:00:00,090 --> 00:00:06,090
OK so now that we signed up with the service and this lecture I'm going to show you how to use the SMP

2
00:00:06,090 --> 00:00:10,620
servers offered by the service in order to send fake emails.

3
00:00:11,430 --> 00:00:17,820
So first of all we're going to go on the transactional and here on the top left and if you scroll down

4
00:00:18,600 --> 00:00:25,410
you'll see that we have all of the information that we need to authenticate with the A.P. servers offered

5
00:00:25,410 --> 00:00:28,890
by this Web site in order to send the fake emails.

6
00:00:30,030 --> 00:00:35,960
So right now we just need to use a program in order to authenticate and then send the fake emails.

7
00:00:36,630 --> 00:00:41,020
So in Cali we're going to use a program called send email.

8
00:00:41,400 --> 00:00:47,940
So I'm gonna type its name first and because this is the first time we're using this program it's always

9
00:00:47,940 --> 00:00:54,360
a good idea to run the program with the dash dash help argument to see how to use it and all of the

10
00:00:54,360 --> 00:01:02,100
available options so scrolling up you can see the main usage is an email.

11
00:01:02,400 --> 00:01:06,360
We're using the dash f argument and then you set the options.

12
00:01:06,360 --> 00:01:13,680
Now before doing this the first thing I want to do is set the user name and password using the dash

13
00:01:13,780 --> 00:01:24,480
excuse you and the dash XP arguments so our command is going to be sent email dash X you to give the

14
00:01:24,480 --> 00:01:31,990
user name and if we go up we have the user name here which is join week 70 gmail dot com.

15
00:01:32,010 --> 00:01:36,720
In my case so I'm gonna copied and pasted here.

16
00:01:36,720 --> 00:01:38,390
Next we need to set the password.

17
00:01:38,460 --> 00:01:41,370
We're gonna use the dash XP to do that.

18
00:01:41,700 --> 00:01:45,270
And again if we scroll up we have the password here.

19
00:01:45,270 --> 00:01:51,170
So copy and paste it there next we'll need to specify the server.

20
00:01:51,290 --> 00:01:55,390
So we're going to use the dash as option and as you can see you first.

21
00:01:55,390 --> 00:01:58,790
Give it the server call on followed by the port.

22
00:01:58,850 --> 00:02:06,440
An example is this so if we go up you can see that our server is this one right here.

23
00:02:06,800 --> 00:02:12,660
So again it controls you to copy it and our port is going to be 5 8 7.

24
00:02:12,890 --> 00:02:18,410
So going down we're going to do Dash is to specify the server we're going to give it the server that

25
00:02:18,410 --> 00:02:22,760
we just copied and I'm going to type call on followed by the port.

26
00:02:22,820 --> 00:02:26,210
And as we've seen before the port is 5 8 7.

27
00:02:26,310 --> 00:02:34,110
So I'm going to type 5 8 7 so so far we haven't composed the e-mail yet.

28
00:02:34,110 --> 00:02:38,470
All we're doing is we're authenticating with the e-mail server.

29
00:02:38,490 --> 00:02:44,160
So this step is very similar to what you do when you go to gmail dot com for example.

30
00:02:44,220 --> 00:02:50,250
The first thing that you get asked for is your username and password and only once you log in you can

31
00:02:50,250 --> 00:02:51,710
start sending emails.

32
00:02:51,720 --> 00:02:53,190
So this is what we're doing right here.

33
00:02:53,190 --> 00:02:58,450
We first log it in with our user name password and server another two are logged in.

34
00:02:58,500 --> 00:03:02,070
We can go ahead and start composing our e-mail.

35
00:03:02,160 --> 00:03:06,150
Now the cool thing about this this is not an ordinary email client.

36
00:03:06,180 --> 00:03:12,120
We can actually set from email and when the e-mail is delivered it's going to appear as if it's sent

37
00:03:12,120 --> 00:03:15,530
from the from e-mail that we pick in here.

38
00:03:15,540 --> 00:03:22,290
Now from our information gathering stage we discovered that our targets email is aimed at a security

39
00:03:22,290 --> 00:03:30,090
dot org and we discovered that this target Zaid is linked to another person named Mohamed asker and

40
00:03:30,090 --> 00:03:38,240
his email is and that asker at a security dot org so when picking this from e-mail you want to make

41
00:03:38,240 --> 00:03:43,700
sure that you pick an existing email something that exists and you want to make sure that you pick an

42
00:03:43,730 --> 00:03:47,750
email that your target usually receives emails from.

43
00:03:47,750 --> 00:03:53,150
This will increase the chances of your target opening the email and it will also ensure that the email

44
00:03:53,150 --> 00:03:56,980
will be delivered in the inbox and not in this Palm.

45
00:03:57,140 --> 00:04:04,200
So I'm going to set my from e-mail to and ask her at a security dot org.

46
00:04:04,340 --> 00:04:11,780
Next we're going to use the dash t option to specify the e-mail that we want to send this email to and

47
00:04:11,780 --> 00:04:14,210
from our information gathering stage.

48
00:04:14,210 --> 00:04:22,790
We know that the email of our target is aimed at a security dot org next we're going to use the Dushku

49
00:04:22,850 --> 00:04:26,790
argument to specify the title of the email.

50
00:04:26,900 --> 00:04:35,540
So I'm just going to say check out this car and then we're going to use the dash an option to specify

51
00:04:35,690 --> 00:04:37,430
the message body.

52
00:04:37,430 --> 00:04:43,910
Now when specifying the title and the message do you want to keep in mind the person you're pretending

53
00:04:43,910 --> 00:04:48,550
to be the target person and the relationship between the two.

54
00:04:48,770 --> 00:04:55,310
If you're pretending to be a boss or a colleague then you might want to keep these more formal.

55
00:04:55,310 --> 00:04:57,870
But in my case I'm pretending to be a friend.

56
00:04:57,950 --> 00:05:03,500
So I'm going to keep my title and the message casual and I'm just going to say Hey man check out this

57
00:05:03,500 --> 00:05:10,500
car I'm thinking of buying it and then we want to give him a link to download the Trojan.

58
00:05:10,500 --> 00:05:14,010
That shows a picture of a car that we created before.

59
00:05:14,700 --> 00:05:18,340
So you can upload your Trojan to any file sharing service.

60
00:05:18,450 --> 00:05:25,480
I chose to upload it to Dropbox and I've already logged into my Dropbox account in here.

61
00:05:25,500 --> 00:05:30,750
If you don't know how to upload stuff to Dropbox you simply click on the upload in here you select the

62
00:05:30,750 --> 00:05:34,650
file and then the file will be uploaded in here.

63
00:05:34,650 --> 00:05:36,390
So I'm not going to show you how to do that.

64
00:05:36,390 --> 00:05:40,020
It's very simple and there is no point of wasting time on it.

65
00:05:40,020 --> 00:05:41,520
I already have the Trojan.

66
00:05:41,530 --> 00:05:44,300
That shows a picture of the image right here.

67
00:05:44,400 --> 00:05:52,270
So I'm just going to click on share to get the link for it and I'm going to click on copy link now let

68
00:05:52,270 --> 00:05:53,560
me show you this trick.

69
00:05:53,710 --> 00:06:02,050
If I just go in a new tab and paste my download link you'll see that the file will not be automatically

70
00:06:02,050 --> 00:06:02,960
downloaded.

71
00:06:02,980 --> 00:06:07,840
I'll first go to Dropbox and then the user will have to click on Download to download it.

72
00:06:08,800 --> 00:06:17,290
But if we modify the URL and just put a one in here instead of zero and now I'm just going to copy it

73
00:06:17,290 --> 00:06:25,990
first and if I hit enter you'll see it will automatically download the file for the user.

74
00:06:26,090 --> 00:06:28,300
And this is exactly what I want.

75
00:06:28,490 --> 00:06:35,340
Therefore I'm just gonna go down now and paste the file in here and that's it.

76
00:06:35,340 --> 00:06:39,670
Now if we hit enter this message will be sent and delivered to the target.

77
00:06:39,990 --> 00:06:48,240
But it's going to say that asker at a security dot org in here while actual messages that come from

78
00:06:48,240 --> 00:06:51,050
this person display the person's name.

79
00:06:51,150 --> 00:06:59,440
As you can see in here they will actually see Mohamed Oscar so I want my fake email to appear exactly

80
00:06:59,560 --> 00:07:02,530
like a real email coming from this person.

81
00:07:02,530 --> 00:07:06,150
Therefore we're going to need to use an advanced option.

82
00:07:06,460 --> 00:07:13,570
So coming back to the terminal window if you look in here you can see we can use the 0 argument to specify

83
00:07:13,660 --> 00:07:20,350
advanced options and the advanced option that we want to use is a message header right here.

84
00:07:21,370 --> 00:07:22,590
So I'm going to copy this.

85
00:07:23,080 --> 00:07:29,950
And in our terminal I'm going to do dash 0 to specify an advanced option and the advanced option that

86
00:07:29,950 --> 00:07:37,870
I want to set is a message header and this message header is going to be the from header and I want

87
00:07:37,870 --> 00:07:41,780
to set this to the name that I wanted to appear in here.

88
00:07:41,890 --> 00:07:49,650
So in my case I wanted to say Mohammad Askar then we're gonna put the from email inside the greater

89
00:07:49,650 --> 00:07:50,910
and smaller signs.

90
00:07:50,910 --> 00:07:58,730
So again the from email in my case is and at asker at a security dot org and that's it we're done.

91
00:07:59,040 --> 00:08:03,870
Now before hit and enter and send in this message I'm going to clear the screen and I just want to walk

92
00:08:03,870 --> 00:08:07,260
you through the command just to make sure that you understand what we're doing.

93
00:08:08,160 --> 00:08:11,520
So first of all we're using a program called send email.

94
00:08:11,520 --> 00:08:17,820
This is the email client that we're using in order to first authenticate with our email server and then

95
00:08:17,820 --> 00:08:23,210
send the email then the command is split into two stages.

96
00:08:23,400 --> 00:08:27,730
The first stage is where we authenticate with the email server.

97
00:08:27,780 --> 00:08:31,140
Like I said this is similar to what you do when you go to Gmail.

98
00:08:31,140 --> 00:08:34,550
First you have to log in and this is what we're doing here.

99
00:08:34,590 --> 00:08:41,040
We're using the dash exit argument to specify the email we're using the dash XP argument to specify

100
00:08:41,340 --> 00:08:46,520
the password and dash as to specify the server.

101
00:08:46,560 --> 00:08:51,210
So if I go up we got all of this information from the server that we signed up for.

102
00:08:51,330 --> 00:08:53,900
So we got it from here.

103
00:08:53,910 --> 00:09:00,640
Now once we log in and authenticate the next stage is to actually send the email to compose the message.

104
00:09:01,230 --> 00:09:08,400
So we're using the from argument to specify the from email we're using the dash t argument to specify

105
00:09:08,430 --> 00:09:16,650
the email we want to send the email to we're using the issue to specify the title dash and to specify

106
00:09:16,650 --> 00:09:17,790
the message body.

107
00:09:18,420 --> 00:09:25,020
And finally we use an advanced option to set the message header and we set the message header to whatever

108
00:09:25,020 --> 00:09:28,230
we want to appear beside the email title.

109
00:09:28,260 --> 00:09:33,750
When the email is delivered in the inbox so we're ready to send this.

110
00:09:33,810 --> 00:09:42,410
I'm going to hit enter and perfect as you can see it's saying email is sent successfully and I'm actually

111
00:09:42,470 --> 00:09:48,200
already listening for income and connections in here in my multi handler.

112
00:09:48,200 --> 00:09:49,850
So let's go to the target.

113
00:09:49,970 --> 00:09:56,090
And as you can see we have a new email it's coming from Mohammad asker so exactly like a legitimate

114
00:09:56,120 --> 00:09:58,550
email coming from this person.

115
00:09:58,910 --> 00:10:03,490
We can see the subject like we said it and we can see the body.

116
00:10:03,630 --> 00:10:08,280
Now if we go inside again we have a thumbnail of this person.

117
00:10:08,400 --> 00:10:09,570
It's showing his name.

118
00:10:09,690 --> 00:10:11,160
It's showing his email.

119
00:10:11,160 --> 00:10:12,690
It's showing his picture.

120
00:10:12,690 --> 00:10:13,920
So it looks legit.

121
00:10:13,920 --> 00:10:18,630
It's looks like a proper message sent from this person.

122
00:10:18,660 --> 00:10:25,200
Now this person is a friend of mine and we tailored the message so that it appears as if it's coming

123
00:10:25,200 --> 00:10:26,490
from a friend.

124
00:10:26,670 --> 00:10:33,900
If I click on the link you'll see the file will automatically start downloading Dropbox is not asking

125
00:10:33,900 --> 00:10:36,790
us if we actually want to download this.

126
00:10:36,870 --> 00:10:39,990
So I'm going to click OK to download it.

127
00:10:39,990 --> 00:10:42,390
It's going to go in my downloads.

128
00:10:42,660 --> 00:10:52,490
So if we open the downloads right click and uncompressed this will have the GTA are with the image with

129
00:10:52,490 --> 00:10:55,300
the proper extension like we've seen before.

130
00:10:55,370 --> 00:11:01,300
And if we double click it will see the picture of the car that my friend is trying to buy.

131
00:11:01,550 --> 00:11:03,740
So everything looks legit so far.

132
00:11:04,250 --> 00:11:11,660
But if we go back to the Kelly machine you'll see that we got a connection from the target and we basically

133
00:11:11,660 --> 00:11:19,080
gained full access to their computer so if we do there you'll see all the directories and basically

134
00:11:19,080 --> 00:11:22,200
we can run any system command.

135
00:11:22,200 --> 00:11:27,240
Now the main thing that you want to keep in mind when it comes to this method is that this method is

136
00:11:27,240 --> 00:11:28,050
generic.

137
00:11:28,050 --> 00:11:33,390
So it works against Windows Linux OS X Android doesn't really matter.

138
00:11:33,390 --> 00:11:38,970
The only thing that you want to make sure is the file that you're sending to the target should work

139
00:11:39,000 --> 00:11:41,170
on their target operating system.

140
00:11:41,340 --> 00:11:47,070
And they actually cover generating back doors and credential harvesters and all this cool stuff for

141
00:11:47,100 --> 00:11:50,610
all operating systems in my social engineering course.

142
00:11:51,180 --> 00:11:54,760
So if you're interested in that then check out the bonus lecture.

143
00:11:54,780 --> 00:12:01,050
The last lecture of this course because it includes links to all of my other courses including the social

144
00:12:01,050 --> 00:12:02,040
engineering course.