The information security environment has changed vastly over the years. Now, in spite of having security policies, compliance, and infrastructure security elements such as firewalls, IDS/IPS, proxies, and honey pots deployed inside every organization, we hear news about how hackers compromise secured facilities of the government or of
private organizations because of the human element involved in each activity.

Typically, employees are not aware of the tricks and techniques used by social engineers in which they can be used as mediators to gain valuable information such as credit card details or corporate secrets. The security of the entire organization can be at stake if an employee visits a malicious website, answers a social engineer’s phone call, or clicks on the malicious link that he/she received in their personal or company e-mail ID.

Today we’ll show you a method through which you can easily send a fake email with one of the most popular tools called SET (Social Engineering Toolkit).

The Social-Engineering Toolkit (SET) is a product of TrustedSec. SET is a Python-driven suite of custom tools created by David Kennedy (ReL1K) and the SET development team, comprising of JR DePre (pr1me), Joey Furr (j0fer), and Thomas Werth.

SET is a menu-driven attack system that mainly concentrates on attacking the human element of security. With a wide variety of attacks available, this toolkit is an absolute must-have for penetration testing.

SET comes preinstalled in Kali Linux. You can simply invoke it through the command line using the command “ setoolkit “.

Once the user clicks on the SET toolkit, it will open with the options shown in the following screenshot:

Select 1) Social-Engineering Attacks to receive a listing of possible attacks that can be performed.

You can select the attacks that you want to perform from a menu that appears as follows:

We will start with the Mass Mailer Attack . Enter 5 to move to the next menu.

For this example, on the list, we will take a look at the first option, E-Mail Attack Single Email Address .

Now further you need to fill all the following details as shown below:

Here you just need an open relay SMTP server which you can easily get it through 33 by creating a free account whose SMTP server address will be “ 5 “and port will be “ 2525 “.

This is the output of the fake email which we sent from via 33 open relay server.

In 16 App Dashboard, you can even manage all the records and can see all the information about the fake emails sent from your account as shown below:

Source: auedbaki

happy learning!

Leave a Reply

Your email address will not be published. Required fields are marked *