Social Engineering sometimes doesn’t work for all.
Do you agree with it? When I was a noob, I tried a lot of things to trape people but none of them worked! The heading I have given is not a clickbait, it is the solution for the problems newbie attackers face.
But you can’t exactly hack an android phone with an SMS but you can make a webpage that has auto-download enabled. Because maximum people do not download payloads manually. That is the biggest problem.
Here I am going to use a tool called Venom which is basically a Metasploit Shellcode generator/compiler script. It was mainly created to test for different purposes. It depends on you how you use it. The tool uses the Apache2 webserver to deliver payloads using a fake web page. You just need to send a tricky SMS so that the victim clicks the link. The payload will be downloaded automatically to the victim’s system.
I don’t recommend you hack someone’s system with his/her permission which is completely illegal. Make use of this information for educational purposes only so that you can protect yourself against these attacks.
Let’s get into the installation manual.
Configure Venom in Kali Linux
Fire up your Kali Linux machine, open up the terminal, change the directory to the Desktop, and clone Venom from Github.
cd Desktop
Now change the directory to the venom folder and again change the directory to the aux folder which is inside the venom folder. Here you will see a script named with setup.sh. If you are a root user, you must take permission to run this shell script. Don’t worry, just follow the commands.
cd venom/
cd aux/
chmod +x setup.sh
./setup.sh
venom%20in%20Kali%20Linux-
The script will set up the tool and install all the requirements to run the tool properly. Now go back to the main folder( cd … ) and run the venom.sh script.
./venom.sh
venom%20in%20Kali%20Linux-%20(1)
The tool stated successfully. Here you see we can create payloads for all popular platforms such as Windows, Android, Ios. But I will stick with Android because I want to test it for Android. So I will select No 4.
venom%20in%20Kali%20Linux-%20(2)
Here I have entered option Agent No 1 and now it showing a popup to enter the localhost IP. If you want to hack over WAN, you can use port forwarding in your router, or if you don’t have a router you can take the Ngrok tool in use. Which is a great tool for port forwarding and it is completely free.
venom%20in%20Kali%20Linux-%20(3)
Now it’s asking for the port number. I have entered my port number and in the third popup, it is asking the name I want to give to the payload.
After completing the generating process of the payload, the tool asking me how I want to deliver the payload to the victim. Here I have selected the Apache2 Malicious web server.
venom%20in%20Kali%20Linux-%20(4)
Now it automatically starting the Metasploit MultiHandler.
Sending the Link to a victim with a Tricky SMS
The web server is running on the localhost so I can open the web page using my local IP(ex: 192.168.43.139). But we can’t send a naked IP address to a victim. He will find it suspicious. We must mask it. You can take a bit.ly service in use. The paid service also offers you to create a custom URL.
Now you need to find an online fake SMS service. I have found a website calledSMSGang. I can send text anonymously with a fake name from the website.
venom%20in%20Kali%20Linux-%20(5)
As I have prepared a tricky SMS, you can apply your own trick to make it look more genuine. It depends on you.
Check out the popular commands you can use to control the compromised device after starting the Met\asploit listener.
Popular Metasploit commands
shell- Interact with a Shell
sysinfo- To check system information
webcame_ list- Shows the list of connected webcams
webcam_snap- To take a Webcam snapshot
record_mic -d 20- To record mic. Also phone conversation
check_root- To check the device root status
dump_calllog- To retrieve call log
8 dump_contacts- To retrieve contacts
geolocate- To locate the device
10 send_sms- To send an SMS
sms_dump- To download all SMS as a text file
run- To run any service(set the location of the service after the command).
Conclusion
Social Engineering completely depends on how you trick people. These tools only help a little to make your trick look more genuine. A venom is a great tool if you use it in the right way.
I loved the tool. What’s your opinion about it? what trick are you gonna use? tell others in the comment box below. We get inspiration to produce more tutorials like this when you leave a comm
Like
Report
Do you agree with it? When I was a noob, I tried a lot of things to trape people but none of them worked! The heading I have given is not a clickbait, it is the solution for the problems newbie attackers face.
But you can’t exactly hack an android phone with an SMS but you can make a webpage that has auto-download enabled. Because maximum people do not download payloads manually. That is the biggest problem.
Here I am going to use a tool called Venom which is basically a Metasploit Shellcode generator/compiler script. It was mainly created to test for different purposes. It depends on you how you use it. The tool uses the Apache2 webserver to deliver payloads using a fake web page. You just need to send a tricky SMS so that the victim clicks the link. The payload will be downloaded automatically to the victim’s system.
I don’t recommend you hack someone’s system with his/her permission which is completely illegal. Make use of this information for educational purposes only so that you can protect yourself against these attacks.
Let’s get into the installation manual.
Configure Venom in Kali Linux
Fire up your Kali Linux machine, open up the terminal, change the directory to the Desktop, and clone Venom from Github.
cd Desktop
Now change the directory to the venom folder and again change the directory to the aux folder which is inside the venom folder. Here you will see a script named with setup.sh. If you are a root user, you must take permission to run this shell script. Don’t worry, just follow the commands.
cd venom/
cd aux/
chmod +x setup.sh
./setup.sh
venom%20in%20Kali%20Linux-
The script will set up the tool and install all the requirements to run the tool properly. Now go back to the main folder( cd … ) and run the venom.sh script.
./venom.sh
venom%20in%20Kali%20Linux-%20(1)
The tool stated successfully. Here you see we can create payloads for all popular platforms such as Windows, Android, Ios. But I will stick with Android because I want to test it for Android. So I will select No 4.
venom%20in%20Kali%20Linux-%20(2)
Here I have entered option Agent No 1 and now it showing a popup to enter the localhost IP. If you want to hack over WAN, you can use port forwarding in your router, or if you don’t have a router you can take the Ngrok tool in use. Which is a great tool for port forwarding and it is completely free.
venom%20in%20Kali%20Linux-%20(3)
Now it’s asking for the port number. I have entered my port number and in the third popup, it is asking the name I want to give to the payload.
After completing the generating process of the payload, the tool asking me how I want to deliver the payload to the victim. Here I have selected the Apache2 Malicious web server.
venom%20in%20Kali%20Linux-%20(4)
Now it automatically starting the Metasploit MultiHandler.
Sending the Link to a victim with a Tricky SMS
The web server is running on the localhost so I can open the web page using my local IP(ex: 192.168.43.139). But we can’t send a naked IP address to a victim. He will find it suspicious. We must mask it. You can take a bit.ly service in use. The paid service also offers you to create a custom URL.
Now you need to find an online fake SMS service. I have found a website calledSMSGang. I can send text anonymously with a fake name from the website.
venom%20in%20Kali%20Linux-%20(5)
As I have prepared a tricky SMS, you can apply your own trick to make it look more genuine. It depends on you.
Check out the popular commands you can use to control the compromised device after starting the Met\asploit listener.
Popular Metasploit commands
shell- Interact with a Shell
sysinfo- To check system information
webcame_ list- Shows the list of connected webcams
webcam_snap- To take a Webcam snapshot
record_mic -d 20- To record mic. Also phone conversation
check_root- To check the device root status
dump_calllog- To retrieve call log
8 dump_contacts- To retrieve contacts
geolocate- To locate the device
10 send_sms- To send an SMS
sms_dump- To download all SMS as a text file
run- To run any service(set the location of the service after the command).
Conclusion
Social Engineering completely depends on how you trick people. These tools only help a little to make your trick look more genuine. A venom is a great tool if you use it in the right way.
I loved the tool. What’s your opinion about it? what trick are you gonna use? tell others in the comment box below. We get inspiration to produce more tutorials like this when you leave a comm
Like
Report