- About the Author
- About the Technical Editor
- Credits
- Acknowledgments
- Foreword
- Introduction
- CHAPTER 1 Fundamental Networking and Security Tools
- CHAPTER 2 Troubleshooting Microsoft Windows
- CHAPTER 3 Nmap—The Network Mapper
- CHAPTER 4 Vulnerability Management
- CHAPTER 5 Monitoring with OSSEC
- CHAPTER 6 Protecting Wireless Communication
- CHAPTER 7 Wireshark
- CHAPTER 8 Access Management
- CHAPTER 9 Managing Logs
- CHAPTER 10 Metasploit
- CHAPTER 11 Web Application Security
- CHAPTER 12 Patch and Configuration Management
- CHAPTER 13 Securing OSI Layer 8
- CHAPTER 14 Kali Linux
- CHAPTER 15 CISv7 Controls and Best Practices
The Social Engineer Toolkit
According to the global statistics provided by gs.statcounter.com (see Figure 13.2 ), 70.22 percent of all global desktop users are using Windows—more than 50 percent of those users are on Windows 10, and interestingly enough, 2.22 percent are on Windows XP. According to this graph, there are more global users of Windows XP than Linux, statistically speaking. I have done my best to show you mainly tools of the Windows persuasion. However, we've gotten to a tool that only runs on Linux and macOS. But I may have a few tricks.
Figure 13.2 : 70.22 percent of the planet runs Microsoft Windows.
Windows 10 has an interesting tool called the Windows Subsystem for Linux (WSL). It is a compatibility layer for running a Linux‐compatible kernel interface that can then run GNU on top of it. GNU is actually not an acronym—it is an antelope this project was named after. GNU is an operating system composed wholly of free software like Ubuntu, openSUSE, Debian, or Kali Linux. This type of user space will allow you to use a bash shell or programming languages like Ruby or Python.
There are pros and cons for everything, and there are times and places for tools. WSL has its benefits as well as drawbacks. A lot of great tools have been developed for Linux that are free, and WSL supports a wide variety of Linux distributions. WSL is easy to install, and it takes about 5 minutes (not counting the reboot). While WSL is running, you can access your local machines filesystem from the subsystem. The flip side of this is that WSL is almost like a Linux lite. It was not engineered for heavy‐duty production loads, and it might be more efficient and faster to run a full‐fledged virtual machine. WSL is command line only. There is no GUI, so that can be a drawback for some. As a friend of mine, Josh Franz, a security consultant at Rapid7, told me, “It can just be buggy.” He's right. The earlier iterations had limitations with what networking commands worked. Like any security tool we use, WSL will continue to evolve.
The Social Engineer Toolkit was written by David Kennedy and with a lot of help from the security community has evolved into a tool specifically used against people and their weaknesses. The attacks that are built into this toolkit are reminiscent of Metasploit; however, instead of focusing on network or application attacks, it assists penetration testers to target a person or organization.
Before you can install the Social Engineer Toolkit (SET), you have to turn on WSL in Windows 10 and reboot the machine. Go to your Control Panel, open Programs And Features, and find the option to Turn Windows Features On Or Off. Scroll down toward the bottom until you find Windows Subsystem For Linux; then check that box and click OK, as you see in Figure 13.3 . The system should prompt you to reboot the computer so this feature can be available.
Figure 13.3 : Turning on the Windows feature of the Windows subsystem for Linux
Once your machine has rebooted, go to your Start menu, and it is time to go shopping at the Microsoft Store. Open the Microsoft Store and look for the magnifying glass in the upper right. In the Search field in the upper right, look for Ubuntu. There are several flavors for you to choose from. Open Ubuntu 18.04 LTS. As you see in Figure 13.4 , this version of Ubuntu 18.04 on Windows will let you run an Ubuntu Terminal and run the Ubuntu command‐line utilities, including bash, ssh, apt, and many more.
Figure 13.4 : Finding Ubuntu 18.04 on Windows WSL
If you click the More hyperlink above the word Free, you're reminded that this tool is used through a command prompt so you need to turn that feature on. As you see in Figure 13.5 , it also contains a link to Windows help documents, but there are also help documents on www.ubuntu.com .
Figure 13.5 : Details of Ubuntu 18.04 LTS
In Lab 13.1 , you'll install Ubuntu 18.04 on a Windows machine.
We all have our heroes. Linus Torvalds is one of mine. His philosophy is “Intelligence is the ability to avoid doing work, yet getting the work done.” At 10 years old, he was not happy with the MS‐DOS and decided to create his own operating system based on UNIX. In 1991, he posted a message that he was ready to share what would become Linux. The original code and Linux kernel version 1.0 was released in 1994, and it has been the operating system of choice of geeks everywhere. In addition to being free, it rarely crashed and can be modified by anyone. Not only is Torvalds father of Linux, he also created Git.
Git is what we call a distributed version‐control system. What this means to developers is that if you clone a Git project, you have the entire project history. You can develop all you want on your local machine with no need of server interaction. GitHub also stores a copy of your project. You designate the project's central library or repository, and developers can push and pull all they want. Git is the system; GitHub is the service. I explained it because you're about to install it.
In Lab 13.2 , you'll install the Social Engineer Toolkit in the WSL.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论