Ingeniería social

What are social engineering attacks and how do they operate?

Social engineering is a criminal technique that has become a favorite of many attackers. This type of attack seeks to manipulate people into revealing confidential information, allowing attackers to gain unauthorized access to networks or systems. One of the most commonly used tools in these attacks is the Social Engineering Toolkit (SE Toolkit), available on systems such as Kali Linux. This tool offers a variety of social engineering-oriented attacks, from spear phishing to more sophisticated attacks such as Credential Harvester.

How is the SE Toolkit used for credential harvesting attacks?

Introduction to the SE Toolkit

The SE Toolkit, short for Social Engineering Toolkit, is a toolkit designed to perform social engineering attacks. When started in Kali Linux with the sudo se toolkit command, the user is presented with several options for carrying out different types of attacks. One of the most common is option 2: Web-Based Attack Vectors.

Executing a Credential Harvester attack

The Credential Harvester attack mimics a legitimate web page to trick victims into entering their credentials. The steps to follow are:

1. Start the SE Toolkit: Open the terminal and run sudo se toolkit.

2. Select the attack type: Choose option 2 for web-based attack vectors.

3. Configure the attack:

   • Decide whether you will use a template, import a template, or clone a website. Choose to clone a site automatically.
   • Enter the IP address. If the attack is local, the local IP is used; for remote access, the public IP is needed and port forwarding must be configured.

4. Clone a website: Indicate the website you want to clone, such as "linkedin.com", and the SE Toolkit will make an exact replica of this page.

5. Verify the copy: From a browser, access localhost or the configured IP to check the clone of the official page and its functionality.

What are some additional techniques for effective attacks?

Using Pony Code for sophisticated deception

Experienced attackers use Pony Code to manipulate URLs to make them look legitimate. For example, a domain may look like "apple.com" but include special encoding characters that are difficult to detect. This tactic highlights the importance of being extremely cautious when verifying URLs before entering sensitive information.

Tunneling services for easy access

For attacks that require external access without configuring port forwarding, services such as ngrok are popular options. By executing commands such as ngrok http 80, the user obtains a public domain that redirects to the local domain, simplifying the process by not requiring manual port opening.

Why is it crucial to educate employees about social engineering?

Organizations should train their employees as the first line of defense against social engineering attacks. Conducting simulations and training can reveal vulnerabilities and prevent a real hacker from compromising the company's security. In addition, attacks do not only affect companies; individuals can also be targets, as happened in the case of Xcaret in Mexico, where a fake hotel reservation caused unexpected financial losses.

Stimulating awareness and continuing education is vital to combat these threats. IT security is not only a matter of technologies, but also of people; keep learning and protecting yourself from these risks!