📓
Red Team Notes
  • Introduction
  • Red Team Notes 2.0
  • Red Team
  • Initial Access
    • Spear Phishing Links
      • HTA Files
      • Binaries
      • PDF Files
      • SET(Social-Engineering Toolkit)
    • Spear Phishing Attachments
      • Macros
      • Dynamic Data Exchange
      • SCR Files
      • LNK Files
    • (+) Links and Attachments
  • Execution
    • Component Object Model and Distributed COM
    • MSHTA
    • PowerShell
    • Rundll32
    • Scheduled Tasks
    • Scripting
    • Trusted Developer Utilities
      • MSBuild
      • Regsvr32
    • Windows Remote Management
    • Windows Management Instrumentation (WMI)
  • Persistence
    • Scheduled Tasks
    • Create Account
    • DLL Search Order Hijacking
    • Hooking
    • Logon Scripts
    • Modify Existing Service
    • New Service
    • Path Interception
    • Registry Keys / StartUp Folder
    • ShortCut Modification
  • Privesc
    • Access Token Manipulation
    • DLL Search Order Hijacking
    • Exploitation for Privesc
    • File System Permissions Weakness
    • Always Install Elevated
  • Defense Evasion
  • Credential Access
    • Credential Dumping
    • Kerberoasting
    • LLMNR/NBT-NS Poisoning and Relay
  • Discovery
  • Lateral Movement
    • Pass the Ticket
    • Pass the Hash
    • Remote Desktops
    • Internal Spearphishing
    • Windows Admin Shares
    • Component Object Model and Distributed COM
    • Windows Remote Management
  • Collection
  • Command and Control
  • Exfiltration
  • Impact
  • Active Directory
    • Introduction
      • Kerberos
      • LDAP
    • Enumeration
    • Attacks
      • Unconstrained Delegation
      • Constrained Delegation
      • DCSync
      • Kerberoasting
      • Silver Tickets
      • Golden Tickets
  • Detection
    • Detection
    • Initial Access
    • Execution
      • MSHTA (Detection)
  • Resources & References
    • References & Resources
Powered by GitBook
On this page

Was this helpful?

  1. Initial Access
  2. Spear Phishing Links

PDF Files

These will just be simple PDF files with a link on the Document, I will add a Link that when click will send the user to a controlled server

PreviousBinariesNextSET(Social-Engineering Toolkit)

Last updated 5 years ago

Was this helpful?

I will use LibreOffice and create a PDF Document with a Evil URL that will Harvest Credentials.

We can create PDF files with any creative Social Engineering pretext so that we can get our user to click on the link on the Document, we can use small obfuscation to trick them that it come's from a legitimate source, or to be as tempting as possible to make them click the Link. This PDF will have a link that will ask the user to visit so they can verify there paycheck information.

I will use SET here and create a custom Template asking the user for, his Name, Last Name and Password informing that the user's paycheck has arrived and they need to login onto this super secure portal, here I am trying to evade the email's protections since it can detected various forms of phishing. I will ask the user to follow a Link and send them to a server I control to harvest the credentials.

I will open LibreOffice and create a simple PDF file stating that the user's Paycheck has been delivered and that he needs to login to a Secure Portal

This is still considered and attachment, but their is no malicious payload loaded into the PDF so no warning signs here just the malicious Hyper Link

Here you will create a Hyperlink on a Text that will send the user into our Phishing page, you're method of Delivery should be an email, Text, or anything creative. In this scenario we will focus on Email, User has received the email and already downloaded to the machine.

On our end we will setup SET to use a custom HTML file as the template to capture the user's credentials.[Remember SET run's with root permissions to open common ports such as 80 and 443]

We will choose option 1 for our Social-Engineering Attacks

Website attacks

The Credential Harvester method will utilize web cloning of a web- site that has a username and password field and harvest all the information posted to the website.

And then we will select Custom Import

The next options are self explanatory, from the HTML file you created you will save this onto a folder named as index.html the path to your folder should be something like /home/user/folder/ do not forget the last forward slash as you are indicating a folder not a file.

You will setup the IP address or DNS name you control this will be with there respective setup's that are not explained here.

User open the file and views the Content

Clicks on the Link

And will receive a login page asking for the user's information.

Form is filled by the User

And once they hit Submit this button will redirect him to any given page you have chosen while in the background the credentials of the user were captured and sent back to our Terminal.

LibreOffice