E-Mail Attack Using SET
Antiviruses are installed on any computer, if you are going to buy new computer with windows operating system than standard security software will be included in the PC with a few months demo version license. Now this is very important for protecting our virtual life but the question is how much this security can last?
Now attacking any system starts by gathering information about victims machine. Information can be operating system version, Antivirus software name and signature version, pc firewall used…etc.
The easiest way to have this information remotely is using email. Because most antiviruses do include an antispam that will scan the e-mail and add «X-Antivirus-Status: » to the header to inform that the email is scanned and «X-Antivirus:» and this field may include the antivirus version with signature database version which is certainly important beside the email software used that you can exploit if it is vulnerable.
For sending email we can use SET that has «Spear-Phishing Attack Vectors», There are two options, one is to let SET do everything for you (option 1), the second is to create your own FileFormat payload and use it in your own attack.
1. Perform a Mass Email Attack
2. Create a FileFormat Payload
For mass mailing we can create a file with one email address per line under /pentest/exploits/SET/config/mailing_list.txt. So you can create a template and use it when you need it. Finally for sending the emails you have two options:
1. Use a GMAIL Account for your email attack.
2. Use your own server or open relay
Enter your choice: 1
Enter your GMAIL email address: XXX@gmail.com
Enter your password for gmail (it will not be displayed back to you):
SET has finished delivering the emails.
Next you can use any online multi-AV Scanners to check which antivirus your binaries can bypass so if it much victims antivirus than the victim is vulnerable. By the end I recommend to follow NSA new home security guidelines “NSA Presents ‘Best Practices for Keeping Your Home Network Secure’“as it provides a direct and easy way to keep your virtual life safe.
make sure you subscribe to my RSS feed!