Placeholder Image

字幕表 動画を再生する

  • everyone just not going to waste a lot of time in theory, but want to explain what you should expect from the scores Now, basically, we will be covering.

  • How do you do phishing attacks?

  • Or how do you manage fishing?

  • Camping's for a corporate penetration test in real life.

  • Okay, And how do you do that with one of the most that wants fishing for game works in the world, which is known as goldfish.

  • Now you need to understand one thing by duty to penetration testing assessments that contains a social engineering when you go and see even of the nest.

  • Special Publications, that is 800-115 one of my favorite publications.

  • This has been out dated a little bit, but you can see it has almost 80 pages, and it gives you a lot off glance on how you should perform a penetration test.

  • Earlier Life in addition test.

  • So here you will see they have social engineering should be in this one quite boring.

  • Three social engineering.

  • So when you go ahead and open these social engineering expects, which is right here, you will understand that social engineering simply attempts to trick someone to reveal the information.

  • That's what it is.

  • Okay, that's what it is.

  • Generally, we are trying toe get some of the information which comes in the active reconnaissance feeds through social engineering.

  • Otherwise, we're tryingto gain access, which comes in beginning access face right sometimes can get extended to the maintaining access piece.

  • We're we're trying to expand our reach through social engineering.

  • We are already in the system and we want to attack other systems.

  • So we've made life social engineering the most common way social engineering is utilized you consume.

  • Over here is one form of digital social engineering is known as suspicion.

  • So that's what we generally do.

  • Fishing is your first line off attack, right?

  • You always start social engineering by, uh, the vo fishing because even a focus on a mass audience.

  • Right?

  • And that's why you need a dashboard.

  • You need a software application to manage your phishing attack.

  • Your fishing camping.

  • Now, social engineering may also be used to target high value individuals.

  • Generally, you know, different names given as veiling spearfishing, extra crab, those kind of stuff.

  • But the basic idea is when you are doing a corporate level fishing you cannot just use those little tools like Social Engineering Tool kit except Rexach.

  • We're going to use those tools and perform a corporate level social engineering attack, right?

  • You can't use those in professional penetration testing.

  • You need something bigger.

  • And that is why I am going to show you how go fish can help you with.

  • Down there is an open source speaking framework.

  • And it's one of the best frameworks I have ever used in all of my penetration tests that got a little physical security or social engineering assessments.

  • And the main thing is, we are not going to do it on a local host, which most of the other people are teaching.

  • That's very impractical.

  • We set up a live server that runs a website that has the spring murdered.

  • This dashboard as well as that has sso, so you never get caught with the STD be connections.

  • You will be spoofing your email to send the fishing campaigns, and it's very, very practical.

  • But you see, in the real life, right, so I hope you're very interested with this.

  • Let's go ahead and cover the scores on goldfish and let's get started.

  • We'll grab the goldfish framework, which will allow us to do phishing attacks really simply and will give us a lot off power as compared to other possible ways.

  • So goldfish is a really great framework little indie going with so you can just Porto like you can directly goto get goldfish dot com.

  • Or you can either search for that.

  • The Search for Golf ish year.

  • You will get the get gofish dot com, which is for the download, and here's the guitar repositories if you want to check that out.

  • But let's just go ahead and grab the government's framework.

  • Oh, here you can just click on download, and depending upon the system which you are using, you can download the one here.

  • We have thesixty for orbit, but for a Darwin Okay, there is the Lenox 64 bit in my guest.

  • Give me download depending upon what you are using here.

  • So let me download it.

  • Hey, let's save this file now until it is all morning.

  • Let's go back and you're going to see here launching camping in three steps so you can see how clear interface this is.

  • All right here in this image, how clear and a good Anna like structure it will give you So it's a really good panel.

  • I have use it a lot.

  • And this is Go ahead and see if Donald has completed.

  • So it's about 10 seconds.

  • Last testing.

  • Oh, so it has been downloaded?

  • Yeah.

  • Yeah.

  • And let's open this up and you will find the more fish, though.

  • Let's drag this thing on the deck.

  • Stop depending upon where you want, you can just have it anywhere.

  • It has been extracted T lead and we don't need the browser anymore.

  • Here.

  • I would like to rename into goldfish.

  • I don't like long names.

  • You hear this?

  • Now here.

  • I have got bigger fish for him.

  • Work and let's see.

  • What are the fires in this?

  • So here is the read me file.

  • If you want Haraszti configuration file in contradiction file.

  • If you just open it up, you can set up the ports.

  • Let me show you guys dancing.

  • Here are the goldfish listening port here.

  • It will listen.

  • And here are the goldfish Cannell server panel means of support.

  • So if you want, you can change this board.

  • 80 and 3333 If you want.

  • It was all about on you that this argo fish is and turned office.

  • You just need to run this file here of the terminal.

  • And it's also and seeing the mix lecture, we will.

  • We will just go ahead and explore Goldfish Miller in this ever and then see what you can do with the coefficient.

  • How it looks.

  • So thank you so much for watching Welcome.

  • Make a one in this lecture.

  • We will go ahead and start the go fish.

  • It's over.

  • So the last picture we just downloaded this whole folder and it's simple, too long score, fish.

  • You just open it in a terminal and it's just the running the goldfish script here.

  • So it's the full stop on.

  • Then a always last poor fish and this press enter.

  • It'll start the gulf.

  • It's over.

  • It can see starting go fits over at this and go fish.

  • The Edmund's ever add toward this.

  • Let's go ahead and check that out.

  • Open fire folks here and let's go ahead and check that $127 you're a doctor about weren't bored.

  • Number 3333 express.

  • Enter.

  • Now, if you get this kind of error.

  • Nothing here and here.

  • The error is like the s three b.

  • U S and check error.

  • So the first record does not match.

  • Looks like a dealer's handshake.

  • Now what do you want to do?

  • Is that make sure you're not running, Is it?

  • On?

  • Actually be.

  • You need to run it on.

  • Actually, BSO, STD, ps are you then going forward slash forward slash And this presenter.

  • And here it should.

  • Lord, if it gives you a security warning no matters.

  • It's your local poor.

  • Just at a security exception right out there.

  • No, here is deeply Sinan, though it's really simple.

  • The user name is Edmund, and the password is goldfish.

  • So G o P h i s h this press enter.

  • And here you are in the goldfish Edmund dashboard.

  • So I will start covering up this goldfish admin dashboard in the next lecture.

  • But before that, let's go ahead.

  • Where is it?

  • And change the possible.

  • So you just need to click on these your name.

  • And here you can change the admin user name and all and the possibles.

  • And here is the a P i ke.

  • You can just go ahead and reset it if you want.

  • So here we have the well, fish was the old password and the new popular right here.

  • So this this click on save, you can see it uploaded successfully and let's just go ahead and look out.

  • That is how you, Logan and load out and ex textures start exploring the goldfish film work, Dashboard.

  • Now, I'll just cancel intermediate this process by control, See here.

  • But that is how you just kill this ever.

  • And that's all for this lecture us.

  • In the next month in Karachi, we'll make a one in this lecture.

  • I will like you all to move your goldfish framework on a V P.

  • S so that you can connect a Dominion with it.

  • Now, you can do this thing on your calendar next machine or basically any running to summer anything.

  • Whichever you're using.

  • You can do this on that thing, but it will not be really convenient until you have a static I p address because your domain name the Dominion, which you will be using actually will need to have a domain name is real.

  • But we can take that for free from a lot of service is like freedom so that no man will not appoint.

  • Tow your your machine and you will need a dynamic Dean s.

  • And there are a lot of troubles with that.

  • So I would recommend to set up a V p.

  • S where this gonna work.

  • Now I am here in my digital or shim dashboard.

  • And if you don't know about the solution, you can just google it and get yourself account distortion provides you $10 for free by using the coupon chord d over on zero.

  • Currently, it is the coupon.

  • Good.

  • Maybe they will change it.

  • So you might want to check that and you can even use if you have already an account.

  • You can use every gun if you don't have, you can even use my reference link that will additionally give you $10 so that you can process and you can proceed with this lecture.

  • Now I will create a droplet here.

  • Droplet is a V.

  • P s.

  • You don't know what happened wrong.

  • So I'll just go ahead and be great.

  • A Drop it here and it is still lording This election is not working.

  • Fine.

  • Okay, so here you need to choose a burning system.

  • Now you can.

  • Basically Jews anybody system, I'll go over the You won't do.

  • It doesn't really matters.

  • Here.

  • You can choose the size.

  • Now, this is just a fishing Sever doesn't need a lot of Ram.

  • So maybe five.

  • Probably perfect.

  • I'll take the band leverages most near to me and yeah, that's all.

  • You can add a message if you want, but I won't at any here.

  • That's great.

  • And it'll just it created soon.

  • So until then, let me open my email.

  • You get the password because we're not using SS is key here.

  • Not going to take more than dominance, her whole setup to come.

  • Okay, the possible has come.

  • Maybe this will also, uh, work in some chickens, but the mail on my phone.

  • It's not working here.

  • Israel.

  • My Internet connection is working right is working.

  • And why not?

  • These boards off these service is on working a kid.

  • Little ocean.

  • Yeah.

  • So they're giving me the eye p and it is now here.

  • But my mail service is working again and the possible will be very long.

  • So I it open a new dab.

  • Maybe that'll work here is the possible Oh, I want to copy this parcel, basically.

  • And actually, the I be Israel, I'll just copy everything.

  • I really don't need this additional ocean panel any where we just created the door plate, that's all.

  • And there is no roll off this panel and minimize everything.

  • It was this.

  • We'll email.

  • You've been super.

  • Yeah.

  • So let's create it.

  • X file here.

  • When did I created that fire?

  • Rated on deck Stop.

  • Rated on deck.

  • Stop here.

  • We have got it.

  • X file.

  • It's edited ist the information you have got the i P address using him and the password.

  • So let's go ahead and logging in the server.

  • I'll be using the terminal for this.

  • Let me open a new tab.

  • Okay.

  • Is this my goldfish over running here?

  • I don't get it.

  • One thing if this is running or not, yeah, the recording is being done.

  • Okay, let's clear the screen.

  • Now Let's move to the next stop our root directory and let's go ahead.

  • And Logan, So it will just use sssh.

  • And then we have fruit at the Met.

  • This I p address user name is wrote at the D.

  • I p address controls.

  • You have to be for a paste.

  • You asked me for the password.

  • Firstly, asking me Do you want to connect with this?

  • So yes, it is already right.

  • Yes, yes.

  • Here it is asking me for the past.

  • But now I'll grab the password.

  • Tested that and press enter.

  • Yes.

  • So it is asking me to change the password.

  • So first of all, I am adding the current password.

  • Okay.

  • I don't know what I died here.

  • Uh, let me go back.

  • So Justine, your bastard Here, get possible change.

  • Clear the screen now We need the garbage from work.

  • So I really don't need ID.

  • And it's open the fire folks and get the goldfish framework.

  • You are also you have the get goldfish gone and ah, believe I am using a It is honest.

  • All 274 it's not.

  • I believe I'm using its orbit.