Para probar los ataques de pishing con setoolkit (Social Engineering Toolkit), instalé iRedMail en mi red local.
He creado dos cuentas:
%código%
[email protected]
El nombre de dominio es [email protected]
Puedo enviar correo sin problemas.
Pero cuando intento enviar un ataque de pishing con setoolkit, obtengo este error:
SMTP AUTH extension not supported by server.
Después de algunas búsquedas, el problema es que quizás deba usar TLS para enviar correos electrónicos con setoolkit, pero no encuentro cómo hacerlo.
Esta es mi opción de elección con setoolkit:
1) Social-Engineering Attacks
1) Spear-Phishing Attack Vectors
2) Create a FileFormat Payload
1) SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
Enter the IP address for the payload (reverse):127.0.0.1
enter preformatted text here
1) Meterpreter Memory Injection (DEFAULT) This will drop a meterpreter payload through PyInjector
enter preformatted text here
PORT of the listener [443]:443
1) Windows Meterpreter Reverse TCP
enter preformatted text here
8. Microsoft PowerPoint 2010
2. Zip File
1. Keep the filename, I don't care.
1. E-Mail Attack Single Email Address
2. One-Time Use Email Template
Subject of the email:test
Send the message as html or plain? 'h' or 'p' [p]:test
Send email to:[email protected]
2. Use your own server or open relay
From address (ex: [email protected]):[email protected]
The FROM NAME user will see:test
Username for open-relay [blank]:attacker
Password for open-relay [blank]:mypassword
SMTP email server address (ex.smtp.youremailserveryouown.com):clubhacking.org
Port number for the SMTP server [25]:25
Flag this message/s as high priority? [yes|no]:no