F23SEC220L4-PhishingInstructions_233

SEC220 Lab 4: A Happy Day Phishing (4%) Lab 4: A Happy Day Phishing (4%) Overview: This lab will teach you about phishing attacks and email header spoofing. Specifically, you'll be doing the following:  Downloading and installing a mail client  Connecting the mail client to the mail server  Exchanging normal emails and with display information changed  Logging in to the mail server and sending bogus emails  Clone a website and send a phishing email Objective: 1. Demonstrate how SMTP commands can be used to forge email headers 2. Use the SEToolkit to clone a website, create and send a phishing email 3. To work as a team Background: SMTP and Email Headers Email spoofing is a technique used by many web-based attacks, which creates a forged email header so that the message appears to have originated from someone or somewhere other than the actual source. Most spoofed email falls into the "nuisance" category and requires little action other than deletion. The more malicious varieties can cause serious problems and security risks. For example, phishing scams and spammers often spoof addresses in order to get recipients to open and possibly even respond to their solicitations. A phishing scam will often send a spoofed email that purports to be from someone in a position of authority, asking for sensitive data, such as passwords, credit card numbers, or other personal information. A spammer may send a spoofed email that appears to be from a personal friend sending an attachment which, when clicked, redirects the user to a malicious website that downloads and installs spyware, a key logger, or a rootkit – a technique called "drive-by downloads." The goal of spammers can be criminal such as the theft of personal information, which they sell, or commercial profiling of the user to send him\her targeted advertisements. This lab explains how and why such attacks are successful. Fall 2023 Page 1 of 9

SEC220 Lab 4: A Happy Day Phishing (4%) Email forging is possible because the Simple Mail Transfer Protocol (SMTP), used by email servers to exchange emails, does not perform any verification or authentication mechanism. The fact that anyone can send anonymous or forged emails is exploited by unscrupulous people for personal gain. Your email client uses SMTP to send a message to the mail server, and the mail server uses SMTP to relay that message to the correct receiving mail server. To prevent abuse of an SMTP server, the server must be configured as follows: 1. To accept a message, either the sender's or the recipient's address must belong to the same domain as the server 2. To send a message, the sender must belong to the same domain as the mail server and the server will only forward the message to a server of that domain. Note: 1. Spoofing anyone other than yourself is illegal 2. All parts of this lab must be done on campus in the IFS Security lab 3. This is a group lab – you will be randomly assigned a team member The Lab Activities Part 1: Mail Client Setup In your lab report, enter the main heading Part 1: Mail Client Setup 1. Make sure your Windows 10 network configuration has been set with Bridge . You must receive the IP address as 172.16.XXX.XXX (IFSLAB.NET). You can check ITAS+Tech+Support+Notebook and scroll to Email Lab 2. Open Thunderbird (already installed on your Windows 10 VM) 3. Configure Thunderbird based on your PC number (see the label attached to the front of your PC) and using the details given in Figure 1 below 4. Note: please type your own full name for "Your name," and your mail address is your PC number prefixed with the word “mail” e.g. if your PC number is "XXXXXX-06-XXXX", then use Mail6, if your PC number is "XXXXXX-23-XXXX", then use Mail23. 5. The password will be given in class or check on Teams . Figure 1: Thunderbird account configuration Fall 2023 Page 2 of 9

SEC220 Lab 4: A Happy Day Phishing (4%) Part 4: Sending Yourself a Forged Email In your lab report, enter the main heading Part 4: Sending Yourself a Forged Email A more sophisticated and harder-to-detect method of forging an email is to send a forged email from the SMTP server itself. To illustrate how easy it is to send a forged email, you will send forged emails to Your IFS Lab mail server account To do this, you’ll be using the SMTP server. The six SMTP commands to use are HELO, MAIL FROM, RCPT TO, DATA, SUBJECT, and QUIT. What to type after each command is displayed in bold.  HELO: – identifies the host to the SMTP server – mail.ifslab.net  MAIL FROM: – source email address – this is your fake address  RCPT TO: – destination email address – mail<n> @ifslab.net  DATA: – identifies the beginning of the email message content  Subject: – identifies the subject line of the email message  . – a period on a line by itself ends the data stream  QUIT – terminates the session Note:  Backspacing does not actually work, even though it seems to allow you to backspace. Steps: 1. Open a command window (CMD) on the IFS Lab workstation desktop 2. Type the following command on the command-line telnet smtp.ifslab.net 25 3. Using Notepad (or any text editor), copy the following commands to Notepad and modify each line with the correct information as the following: HELO HELO mail.ifslab.net MAIL FROM : you@domain.com RCPT TO : mail<n>@ifslab.net DATA SUBJECT : your message subject here Type your message here! (Type the . to end the message being sent) . QUIT Figure 4 below gives you an example of what the commands look like. Fall 2023 Page 4 of 9

SEC220 Lab 4: A Happy Day Phishing (4%) Figure 4 : Complete SMTP session 4. Take screenshots of the following: a. SMTP session, save it as “MSU_smtp.jpg” and insert the labeled screenshot into your lab report under the subheading “ SMTP Session ”. a. Include a description of what is shown in the screenshot b. “The received forged message” and save it as “MSU_forgedmail.jpg” and insert the labeled screenshot into your lab report under the subheading “ Forged Email ” a. Include a description of what is shown in the screenshot Part 5: Clone a Website and Send a Phishing Email In your lab report, enter the main heading Part 5: Clone a Website and Send Phishing a Email You will use the Social Engineering Toolkit (SEToolkit) in your Kali Linux to do this part. This software has many tools to attack as a Social Engineer: ( more information ) 1) Spear-Phishing Attack Vectors 2) Website Attack Vectors 3) Infectious Media Generator 4) Create a Payload and Listener 5) Mass Mailer Attack 6) Arduino-Based Attack Vector 7) Wireless Access Point Attack Vector 8) QRCode Generator Attack Vector 9) Powershell Attack Vectors 10) Third Party Modules In this lab, you are just working with Website Attack Vectors. You will clone a website and send the fake link by email to your partner. Once your partner types the credential and submits it, you will see the username and password in your SEToolkit. This part of the lab is a group lab, and you must be at least 2 members in this lab. Each member must do all the parts and attack the other members (only one attack is enough for each student) Part 5-1: Fall 2023 Page 5 of 9

SEC220 Lab 4: A Happy Day Phishing (4%) o You must convince your partner psychologically to click on the link, i.e., your email should sound convincing and authentic and should motivate your partner to act on the contents of the email, e.g., click on a link o You can choose what scenario you like (IT Technician, Helpdesk, Instructor, etc.…)  Create a URL link with your Kali Linux IP address. (EXAMPLE: http://172.16.1.140 ) o The URL is not supposed to be visible 7. Take a screenshot of your email and insert the labeled screenshot into your lab report under the subheading “ Phishing Email ”  Include a description of what is shown in the screenshot 8. Send the email to your partner. Your partner must click on the link . The fake website will open on your partner's screen. He/She must type the following information and submit it: Username: Type Your Full Name (i.e. John Smith) Password: Your Seneca Account (not password) (i.e. jsmith123) You should receive all the above credentials in your SEToolkit as the following: Fall 2023 Page 7 of 9

SEC220 Lab 4: A Happy Day Phishing (4%) Part 5-3: 9. Press Control-C (CTRL+C) to create a report and exit from SEToolkit. Go to directory /root/.set/reports/ and open the XML file with the nano text editor. 10. Take a screenshot from your SEToolkit to show credentials and insert the labeled screenshot into your lab report under the subheading “ Victim’s Credentials ”.  Include a description of what is shown in the screenshot Deliverable: Report Submission 1. Complete your Lab report write-up and submit your properly formatted and professional looking report of your tasks via the F23 Lab 4 Phishing (4%) link o You should also follow the posted Document Formatting and Submission Guidelines, e.g., have a title page (the name of each member of the group should also be on the title page), include an introduction, conclusion , in-text citations , references page , etc.  In your Introduction, demonstrate that you have a clear understanding of what the lab entails  In your conclusion, demonstrate that you have a clearly understanding of the lab activities that you completed and your takeaways, e.g., what is the significance of the steps, why are they necessary, what did you learn, etc. o Screenshots MUST be in the report with labels, descriptions, and your customized background Fall 2023 Page 8 of 9