Tuesday, August 22, 2017

Mass Email Attack Kali Tutorial

Mass email senders is not a new topic for ethical hacking community . Certainly we need to send mass emails during penetration test / phishing tests (to be more specific) . While Phishing tests penetration testers often need to send Bulk emails to the employees of an organisation we are conducting the penetration test for .
Though there are many Bulk Mail sending softwares available out there but there is nothing as good as bulk sending tool that is already present in our favourate penetration testing OS : KALI Linux

Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you

In this post I will be sending mass emails using Kali Linux and SET (Social Engineering Toolkit)

To begin with the Mass email attack , you first we need a Email list that we have either harvested or has been supplied to us by the organisation we are conducting the penetration test for .

Now I will be opening Social Engineering Toolkit , SET :
Simply Open Terminal and type :
se-toolkit
And SET opens Up


Select Social engineering i.e Option 1

Now as we need to do a mass email Attack (Mass Mailer attack select option 5)
Option 5 : Mass Mailer Attack
Then select Option 2 for email mass mailer as this tutorial we deal with Email Mass sender and not the Single Email Address . The Option 1 might be useful spear-phish attacks .

Option 2 : Email Attack Mass Mailer



Now you need to define the path to the email list . This is email_list in our case , just add the file-name with the path .


Now select Option 1 as we will be using a gmail account for sending the Mass emails as we dont have our own SMTP server . In case you have a self email server / SMTP (as done by the professional spammers)server feel free to explore the other options .

Option 1 : Use a Gmail account for email attack

Enter the gmail address . The email address must be correct and you must also have the password for the same to successfully send the emails .

Now enter the name that you want the email recipients to see in the Inbox . This is the Name that will flash first in front of your victim . Pay attention to this field specifically , as this where the actual social engineering takes place .
This could be “Admin” in case of a spear phish attack .

Now the SET will ask you to enter the password for the email account .
Enter the gmail password
Now you have an option to specify weather or not you want to flag this message as high priority . Sometimes this may work and sometimes might make the victim suspicious . So I suggest to use this option as per your suitability .
Screenshot
Now SET will ask you to enter the subject of the email .
Enter the subject of the email
Now the SET will ask you if you want the body of the message to be HTML or Plain Text .
P for plain text or H for html
Enter the body text
Enter the body of the email here . If you chose HTML message then add the HTML tags as well .
Enter Control+C to send the email .
Enter to go back to the main menu

This is how hackers perform mass email attack.


3 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. im very impressed with your post because this post is very beneficial for me and provide a new knowledge to me

    Get Bulk Mailer

    ReplyDelete

Get Unlimited Free Trials Using a "Real" Fake Credit Card Number

When I see the words "free trial," I know I'm probably going to have to whip out my credit card and enter in the number to ...