Lab 2: Detect a Phishing Attack

 

Lab 2: Detect a Phishing Attack


Module 09: Social Engineering



Lab 2: Detect a Phishing Attack


Task 1: Detect Phishing using Netcraft


firefox

https://www.netcraft.com/apps/

click find out more under the browser section


ITS  A FIREFOX WEB EXTENTION DOBT THEY WILL HAVE YOU DOWNLOAD THIS MID EXAM 


refer to blog for rest of steps



---------------------------------------------------------------------------------------------------------------------------------------



Module 09: Social Engineering


Lab 2: Detect a Phishing Attack

Task 2: Detect Phishing using PhishTank



firefox 

https://www.phishtank.com

is it a phish enter: 

be-ride.ru/confirm 

press enter

If the site is a phishing site, PhishTank returns a result stating that the website “Is a phish,”\



done


Lab Scenario

With the tremendous increase in the use of online banking, online shares trading, and e-commerce, there has been a corresponding growth in incidents of phishing being used to carry out financial fraud.

As a professional ethical hacker or penetration tester, you must be aware of any phishing attacks that occur on the network and implement anti-phishing measures. Be warned, however, that even if you employ the most sophisticated and expensive technological solutions, these can all be bypassed and compromised if employees fall for simple social engineering scams.

The success of phishing scams is often due to users’ lack of knowledge, being visually deceived, and not paying attention to security indicators. It is therefore imperative that all people in your organization are properly trained to recognize and respond to phishing attacks. It is your responsibility to educate employees about best practices for protecting systems and information.

In this lab, you will learn how to detect phishing attempts using various phishing detection tools.

Lab Objectives

  • Detect phishing using Netcraft
  • Detect phishing using PhishTank

Overview of Detecting Phishing Attempts

Phishing attacks are difficult to guard against, as the victim might not be aware that he or she has been deceived. They are very much like the other kinds of attacks used to extract a company’s valuable data. To guard against phishing attacks, a company needs to evaluate the risk of different kinds of attacks, estimate possible losses and spread awareness among its employees.

Task 1: Detect Phishing using Netcraft

The Netcraft anti-phishing community is a giant neighborhood watch scheme, empowering the most alert and most expert members to defend everyone within the community against phishing attacks. The Netcraft Extension provides updated and extensive information about sites that users visit regularly; it also blocks dangerous sites. This information helps users to make an informed choice about the integrity of those sites.

Here, we will use the Netcraft Extension to detect phishing sites.

  1. Click on the Windows 10 to switch to the Windows 10 machine.

  2. First, it is necessary to install the Netcraft extension. Launch any browser, in this lab we are using Mozilla Firefox. In the address bar of the browser place your mouse cursor and click https://www.netcraft.com/apps/ and press Enter.

  3. The Netcraft website appears, as shown in the screenshot.

    Screenshot

  4. Click Find out more button under BROWSER option on the webpage.

    Click Accept in the cookie notification in the lower section of the browser.

    2020-09-07_17-34-33.jpg

  5. Click Download button from the top-right corner of the webpage.

    2020-09-07_17-36-47.jpg

  6. You will be directed to the Get it now section; click the Firefox browser icon.

    2020-09-07_17-38-19.jpg

  7. On the next page, click the Add to Firefox button to install the Netcraft extension.

    Screenshot

  8. When the Add Netcraft Extension? notification pop-up appears on top of the window, click Add.

    If the Netcraft Extension has been added to Firefox pop-up appears in the top section of the browser, click OkayGot it.

    2020-09-07_17-39-56.jpg

  9. After the installation finishes, you may be asked to restart the browser. If so, click Restart Now.

  10. If Netcraft Extension has been added to Firefox notification appears, click OkayGot it.

  11. The Netcraft Extension icon now appears on the top-right corner of the browser, as shown in the screenshot.

    Screenshots may differ with newer versions of Firefox.

    2020-09-07_17-41-10.jpg

  12. Now, In the address bar of the browser place your mouse cursor and click http:certifiedhacker.com/ and press Enter.

  13. The certifiedhacker.com webpage appears. Click the Netcraft Extension icon in the top-right corner of the browser. A dialog box appears, displaying a summary of information such as Risk RatingSite rankFirst seen, and Host about the searched website.

    2020-09-07_17-45-59.jpg

  14. Now, click the Site Report link from the dialog-box to view a report of the site.

    1212.jpg

  15. The Site report for certifiedhacker.com page appears, displaying detailed information about the site such as Background, Network, and Hosting History

    If a Site information not available pop-up appears, ignore it.

    Screenshot

    Screenshot

  16. If you attempt to visit a website that has been identified as a phishing site by the Netcraft Extension, you will see a pop-up alerting you to Suspected Phishing.

  17. Now, in the browser window open a new tab and click https://coronnafestas.com.br/de/cgi/login and press Enter.

    Here, for demonstration purposes, we are using https://coronnafestas.com.br/de/cgi/login phishing website to trigger Netcraft Extension to obtain desired results. You can use the same website or any other website to perform this task.

  18. The Netcraft Extension automatically blocks phishing sites. However, if you trust the site, click Visit anyway to browse it; otherwise, click Report mistake to report an incorrectly blocked URL.

    If you are getting an error in opening the website (https://coronnafestas.com.br/de/cgi/login), try to open other phishing website.

    OR

    You will get a Suspected Phishing page in the Firefox browser.

    2020-09-09_12-08-06.jpg

  19. This concludes the demonstration of detecting phishing using Netcraft Extension.

  20. Close all open windows and document all the acquired information.

Task 2: Detect Phishing using PhishTank

PhishTank is a free community site on which anyone can submit, verify, track, and share phishing data. As the official website notes, “it is a collaborative clearing house for data and information about phishing on the Internet.” PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications.

In this task, we will use PhishTank to detect phishing.

  1. In the Windows 10 machine, Launch any browser, in this lab we are using Mozilla Firefox. In the address bar of the browser place your mouse cursor and click https://www.phishtank.com and press Enter.

  2. The PhishTank webpage appears, displaying a list of phishing websites under Recent Submissions.

  3. Click on any phishing website ID in the Recent Submissions list (in this case, 6604438) to view detailed information about it.

    If a notification appears asking Would you like Firefox to save this login for phishtank.com?, click Don’t Save.

    If you are redirected to the page asking captcha, enter the captcha to proceed.

    phishtank3.jpg

  4. A page appears displaying information regarding the selected website. You can further view details on the site by navigating to the View site in frame and View technical details tabs.

    phishtank4.jpg

  5. Navigate back to the PhishTank home page by clicking the Back button in the top-left corner of the browser.

  6. In the Found a phishing site? text field, type a website URL to be checked for phishing (in this example, the URL entered is be-ride.ru/confirm). Click the Is it a phish? button.

    phishtank1.jpg

    You can examine any website of your choice for phishing.

  7. If the site is a phishing site, PhishTank returns a result stating that the website “Is a phish,” as shown in the screenshot.

    phishtank6.jpg

  8. This concludes the demonstration of detecting phishing using PhishTank.

Comments

Post a Comment

Popular posts from this blog

Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools

Image
Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools Lab Scenario As an ethical hacker, you must try to obtain as much information as possible about the target cloud environment using various enumeration tools. This lab will demonstrate various S3 bucket enumeration tools that can help you in extracting the list of publicly available S3 buckets. Lab Objectives Enumerate S3 buckets using lazys3 Enumerate S3 buckets using S3Scanner Overview of Enumeration Tools Enumeration tools are used to collect detailed information about target systems to exploit them. Information collected by S3 enumeration tools consists of a list of misconfigured S3 buckets that are available publicly. Attackers can exploit these buckets to gain unauthorized access to them. Moreover, they can modify, delete, and exfiltrate the bucket content. Task 1: Enumerate S3 Buckets using lazys3 lazys3 is a Ruby script tool that is used to brute-force AWS S3 buckets using different permutations. This...
Read more

Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools

Image
Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 1: Perform Cryptanalysis using CrypTool CrypTool is a freeware program that enables you to apply and analyze cryptographic mechanisms, and has the typical look and  feel of a modern Windows application. CrypTool includes a multitude of state-of-the-art cryptographic functions and allows you  to both learn and use cryptography within the same environment. CrypTool is a free, open-source e-learning application used in  the implementation and analysis of cryptographic algorithms. Here, we will use the CrypTool tool to perform cryptanalysis. refer to blog  little long --------------------------------------------------------------------------------------------------------------------------------------- Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 2: Perform Cryptanalysis us...
Read more

Task 2: Perform OS Discovery using Nmap Script Engine (NSE)

Image
  Task 2: Perform OS Discovery using Nmap Script Engine (NSE) Module 03: Scanning Networks Lab 3: Perform OS Discovery Task 2: Perform OS Discovery using Nmap Script Engine (NSE) open zenmap nmap -A [Target IP Address]   = -A: to perform an aggressive scan. nmap -O [Target IP Address]   = -O: performs the OS discovery. nmap --script smb-os-discovery.nse [Target IP Address]   = --script: specifies the customized script and smb-os-discovery.nse: attempts to determine the OS, computer name, domain, workgroup, and current time over the SMB protocol (ports 445 or 139). end Nmap, along with Nmap Script Engine (NSE), can extract considerable valuable information from the target system. In addition to Nmap commands, NSE provides scripts that reveal all sorts of useful information from the target system. Using NSE, you may obtain information such as OS, computer name, domain name, forest name, NetBIOS computer name, NetBIOS domain name, workgroup, system time o...
Read more