Skip to main content

Client Side Attack Vector: How to Conduct a Successful Phishing Attack

Introduction

This unit presents the steps to use Core Impact to perform a phishing campaign.

caution

The following exercise uses a crafted website for the phishing attack. You can create/use your own to make the test more realistic. A full video explaining the process is available here.

Features

  • Import email list to be used as attack targets
  • Clone Website to be used as bait
  • Create a plausible email template
  • Obtain information of the targeted user

Highlighted Modules

  • Client Side Information Gathering RPT
  • Client Side Attack Phase, Phishing

Hosts

  • Phishing target host
    • Hostname: win10vpn
    • Credentials:
      • User: ACME\ruth.lane
      • Password: Iamthe1

Mail client configuration

  1. Access the machine of the Phishing target
  • Hostname: win10vpn
  • Credentials:
    • User: ACME\ruth.lane
    • Password: Iamthe1
  1. Open the Windows Default Mail App. There is a shortcut at the Task bar.
  2. Click on Add Account
  3. Select Advanced setup

Account type

  1. Choose Internet email

Account type

  1. Fill the account details

Account type

  • Email address: ruth.lane@acme.corp
  • User name: ruth.lane@acme.corp
  • Password: Iamthe1
  • Account name: Ruth

Account type

  • Send your messages using this name: Ruth
  • Incoming email server: -IP of the IMPACT machine-
  • Account type: POP3
  • Outgoing (SMTP) email server: -IP of the IMPACT machine-

Account type

  • Outgoing server requires authentication: No
  • Require SSL for incoming email: No
  • Require SSL for outgoing email: No
  1. Click Sign in

Account type

  1. You're all set!

Client Side Information Gathering

  1. Create a csv with the list of contacts:

    philip@acme.corp,Philip
    john@acme.corp,John
    marie@acme.corp,Marie
    diane@acme.corp,Diane
    robert@acme.corp,Robert
    sarah@acme.corp,Sarah
    tim@acme.corp,Tim
    hr@acme.corp,HR Department
    ruth.lane@acme.corp,Ruth
    notifications-acme@acme.corp,Acme notifications

  2. From the RPT Pane, select and click Client Side Information Gathering RPT to import the attack targets for the phishing campaign.

Information Gathering

  1. Select Import from file and Click Next.

Import from file

  1. Select the file to import: C:\Users\Impact\Desktop\phishing-email-list.csv and Click Finish.

Browse files Files Browser Selected File

  1. Wait for Client Side RPT to complete gathering information.

Imported Emails

Client Side Attack Phishing Campaign Deployment

  1. From the RPT Pane, drag & drop Phishing RPT on the ruth.lane@acme.corp email.

Phishing Attack RPT

  1. Click Next.

  2. Select Web Page Clone option and enter the url of the website you would like to clone. Remember that it should be accessible from the phishing target machine. Click Next.

Web page clone

  1. Select the source email address. In this case notifications-acme@acme.corp will be chosen. Click Next.

Source and target mail selection

  1. Select Predefined email template. Click Next.

Mail template selection

  1. Browse and select the email template. You can craft your own. Click Next.

Mail template selection Mail template editor Mail template selected

  1. Check the option Web Server Options to customize how the cloned website is displayed to the target user. Click Next.

Mail template selection

  1. Click Next.

Web Server Settings 1

  1. Configure the URL base as www.acmebank.com. Click Next.

Web Server Settings 2

  1. Wait for Client Side Phishing RPT to launch.

Attack launched

Act as the Target User

Now your role should change and you should act as the targeted user, in this case Ruth.

  1. Access Ruth's machine through Remote Desktop with the following credentials:
  • Hostname: WIN10VPN
  • IP Address: -IP of the WIN10VPN Machine-
  • Credentials:
    • User: ACME\ruth.lane
    • Password: Iamthe1
  1. Open the default Windows 10 email client and refresh the mails.

Mail Received

  1. Click on the link. A browser will be opened.

Web browser landing

  1. Fill the login form on top right with Ruth's credentials.

Login

  1. Ruth will receive a message explaining the Phishing dangers

Phishing awareness page

Back to Core Impact

Once the attack has succeeded and Ruth has filled in his credentials, all the information is available in the console to continue with the next steps of the penetration testing:

  • Hostname: -IP of the WIN10VPN Machine-
  • Browser: Google Chrome 84
  • Credentials. A next logical step would be to try to connect through RDP to that machine using the harvested credentials:
    • User: ACME\ruth.lane
    • Password: Iamthe1

User Information

Generate Report of the Phishing Campaign

Finally, we'll generate a Client-Side Phishing Report to show the results of the Phishing campaign.

  1. From the RPT Pane, select and click Client Side Report Generation RPT.

Report Wizard

  1. Click Next.

  2. Select Client-Side Phishing Report and click Next.

Report Selection

  1. Click Finish.

Generate Report

The Client Side Report Generation RPT module will generate the report and open it using the program associated.

Generate Report

Though not shown here, Excel-based reports in Core Impact allow them to be customized after they're generated. Additionally, the user can also customize an existing Excel-based report before it's filled with the workspace's results, so that these customizations can be applied every time the duplicated report is generated. The user can update branding images, introductory texts, show/remove sections, and customize result tables and graphs.