These will just be simple PDF files with a link on the Document, I will add a Link that when click will send the user to a controlled server
I will use LibreOffice and create a PDF Document with a Evil URL that will Harvest Credentials.
We can create PDF files with any creative Social Engineering pretext so that we can get our user to click on the link on the Document, we can use small obfuscation to trick them that it come's from a legitimate source, or to be as tempting as possible to make them click the Link. This PDF will have a link that will ask the user to visit so they can verify there paycheck information.
I will use SET here and create a custom Template asking the user for, his Name, Last Name and Password informing that the user's paycheck has arrived and they need to login onto this super secure portal, here I am trying to evade the email's protections since it can detected various forms of phishing. I will ask the user to follow a Link and send them to a server I control to harvest the credentials.
I will open LibreOffice and create a simple PDF file stating that the user's Paycheck has been delivered and that he needs to login to a Secure Portal
Here you will create a Hyperlink on a Text that will send the user into our Phishing page, you're method of Delivery should be an email, Text, or anything creative. In this scenario we will focus on Email, User has received the email and already downloaded to the machine.
On our end we will setup SET to use a custom HTML file as the template to capture the user's credentials.[Remember SET run's with root permissions to open common ports such as 80 and 443]
We will choose option 1 for our Social-Engineering Attacks
The Credential Harvester method will utilize web cloning of a web- site that has a username and password field and harvest all the information posted to the website.
And then we will select Custom Import
The next options are self explanatory, from the HTML file you created you will save this onto a folder named as
index.htmlthe path to your folder should be something like
/home/user/folder/do not forget the last forward slash as you are indicating a folder not a file.
You will setup the IP address or DNS name you control this will be with there respective setup's that are not explained here.
User open the file and views the Content
Clicks on the Link
And will receive a login page asking for the user's information.
Form is filled by the User
And once they hit Submit this button will redirect him to any given page you have chosen while in the background the credentials of the user were captured and sent back to our Terminal.