In this post, I will use the Kaburra toolset and MS Word to conduct a spear phishing attack test on a hypothetical user within the network.
This also helps the IT team gain more experience in understanding how to prevent phishing attacks in daily operations.
1. How to use the Kaburra toolset.
You can download and install it according to the instructions from the GitHub page: https://github.com/2x7EQ13/Kaburra
|
| Kaburra Home Main Window |
Block 1: This is the section for adding target emails. We see three
buttons: Add, Remove, and Bulk Add. With
Bulk Add, it will be a file containing a list of email addresses,
each on a separate line.
Block 2: This is the section to
configure the information used for the email account you are using to send
emails to the targets. Additionally, there is a URL to the Tracking Server
that you have set up (refer to the Install section of Kaburra). The
information in these sections will be saved, so the next time you open it,
you won’t need to enter it again. Note that you should always click "Check"
to ensure everything is functioning smoothly.
After filling in the information in the Sender group, click "Check" If everything is functioning properly, an icon indicating completion will appear.
|
| Kaburra Tracking Server and Sender Setting |
If there are any issues, you can review and resolve them based on the log information that is printed out.
|
| Kaburra Log Window |
Block 3: This is the section that contains the information about the fake email you will send: including Subject, Body, and Attachments. The Body is an HTML file; you can use any HTML Editor software, or use MS Word as I will do below.
Be aware that the "Delay Time" is the duration to pause before
sending to the next email address in the target list. Different mail servers
will limit the number of emails that an account can send in one minute, one
hour, or similar timeframes.
Block 4: This is the section
for you to preview the content of the email that will be sent.
The
tabs such as Sent, Result, and Statistic, I will leave for you to
explore their functions on your own.
Suppose I want to recreate a
phish testing scenario impersonating HSBC Bank; the displayed information
would be as follows:
|
| Fake Email Info Setting |
You must always have the consent of a legal representative from the
company or organization involved. Otherwise, sending emails like this is
illegal.
After clicking "Send" an email with the specified
Subject and Body will be sent. The attachment in this case is a
.doc file containing VBA code.
You can select multiple
target email addresses inside "Block 1" to send bulk fake emails to
the chosen addresses.
|
| Email received by target |
|
| Email Opened by target |
When the target opens the email, opens the attachment, and selects 'Enable Content' the system will automatically update in the Result page. This section contains all the information about the fake emails that have been sent out.
|
| Sent Fake Mails result |
The tracking information will include the Subject of the email, the time,
and the target's IP address. If the "Exec" field is left blank, it
indicates that the target only opened the email.
2. How to create an email body using MS Word
- Draft the content of the email.
- Select the File menu, then choose Save As.
- In the "Save as type" section, select "Web Page, Filtered (*.htm, *.html)".
- Click Save to finish.
-
Import saved file into Kaburra
I hope you can set up and conduct phishing attack tests on your own without
spending too much budget on expensive tools like KnowBe4, Wizer, etc.
Comments
Post a Comment