3 Steps To Hacking a Company’s Email Account

We will be performing :

- Enumerate Company’s Employee Information

- Create & Crypt a payload

- Mass Mailer Attack

Scenario :

Lets imagine in this scenario that i am trying to penetrate the system of a company though email
social engineering methods. Things i will need.

a) To increase my odds of striking, i must now either use credential harvester, Jigsaw or both
and retrieve as much information as i can. More emails to attack , more chances of success.
Basic.

b) Next a method of spoofing your email and sending the mass load of emails, click here.

c) An undetectable payload to send along with the email.

d) Knowledge on target Anti-Virus is an added bonus but if i am unaware of the antivirus they
use, what i then do is base my assumptions on the following :

- The company & countries technological advancement. For example, if you are dealing with
certain countries in southeast asia, middle east or south america then you are safe to say that
they lack technological advancement. This is usually caused due to the lack of technological
funds caused by greed within the governments. So we are mostly looking at norton, mcafee and
recently kaspersky.

- Also the size of the company and the kind of system they are using can tell you how much this
company is willing to pay for their security.

So basically using some common sense.

Introduction:

I want to share an interesting tool which i use to create and crypt my payload. Currently it is not
1
fully undetectable but it is still undetectable against major antiviruses. So if i had any
knowledge on my victims antivirus, i can then use the respective crypter to get the job done.

For more information on crypter, click here.

Preparation :

1) Download the cryter.

2) Next you will have to place it in your metasploit directory. For backtrack 5 r2 users like myself,
it can be found in /opt/metasploit/msf3/. for other directories , try locating your framework
folder.

3) We now have to make it executable, to do this type : chmod +x crypter.py

4) Next we will proceed to download the mingw libraries. To do this, type : apt-get install
mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils

5) We are done setting up!

Lets begin :

1) Lets load up a terminal and type cd /opt/metasploit/msf3/

2) Next lets type : ls to make sure we placed our files in the correct directory. Locate crypter.py.

3) Ok upon locating your file , type : ./crypter.py

4) Firstly, fill in your IP address.

5) Secondly, choose the port you want it to listen on, i will be using port 4499. Go ahead and use
another free port.

6) Thirdly, pick the payload you want to use, i am choosing 1 for windows/shell_reverse_tcp

2
7) Next we have to choose the type of attack, for this demonstration i am going to be choosing 3
for an evil pdf attack.

3
8) As shown below, the backdoor.exe has been created and embedded into the new evil.pdf.
We can retrieve this .pdf in /var/www/.

4
9) The netcat listener (Windows Payload) is automatically turned on and listening on port 4499
as instructed.

5
10) Locate Dolphin file manager and direct yourselves towards root/var/www/, there will you
locate your backdoor.pdf.

11) In this scenario my victims work according to scehdules so i rename my file to

scheduleupdate2012.pdf

6
12) Time to scan the payload, it is not a good idea to use virustotal.com if you want to keep your
fud lasting but at this time its the only site not lagging as much. We are looking to avoid
Kaspersky, Bitdefender, Mcafee.

7
13) 15 out of 43, now lets check for the 3 primary antiviruses we are trying to avoid.

8
14) Yes we have successfully avoided detection from Bitdefender, Mcafee & Kaspersky!

9
10
15) Now we need to upload this evil.pdf online and retrieve a download link for the content of
our email. Lets go to www.dropbox.com and make yourself an account and proceed to upload
the .pdf file. When you are done retrieve the link of the .pdf file.

(eg: http://www.2dropbox.com/fdhskhdskd/schedulecupdates2012.pdf) << This will be placed

in your email for your victim to download the file.

16) Now the final stage, crafting the email. As mentioned before my target company works in
schedule shifts. So after using jigsaw to retrieve the company’s credentials. I will now pick an
email of authority from the list to spoof, i will also then remove that email from the list. Finally
place one of your anonymous emails in the list so you can check if your mails was delivered as
intended.

17) Now for example, sticking to to the .pdf theme. I will craft an email regarding their schedules
luring them to download the file. The best hour to do this is in the morning when staffs get in
and check their email or after lunch when they laze around clicking on emails but never
responding to any single one of them. Waiting for time to past.

Dear Staffs,

Due to the latest retrenchment guideline , we have prepared a new schedule for the year end.
We would appreciate your co-operation in checking your particulars and your schedules. If you
have any further questions regarding changes or updates, please contact Marcus Gilbert from
our HR department.

You may download / view the file @

http://www.2dropbox.com/fdhskhdskd/schedulecupdates2012.pdf

These corrections and confirmations has to be in by the end of the day. So please do take note.

Thank you for your time.

Regards

CEO Maria Lee

11
18) Most of the time humans react well to personal matters such as leave days, public holidays,
change of schedules etc etc. Get creative.

19) So to recap the three tutorials into one.

Step 1 – How to Enumerate Company’s Employee Information with Jigsaw

Step 2 – Creating a specific payload for your victim (This tutorial)

Step 3 – How to perform an Email Spoofing / Mass Mailer Attack

Authors note :

1) Make sure your email is well crafted so to avoid junk folders. Before you send out the emails,
do a single mail attack to your own email to make sure it does the job.

2) This is for educational purposes, DO NOT harm the innocent!

Contributed By

James

12