Con

fide
ntial Cybersecurity Awareness

INDEX
Sr. No. Attacks Page No.
1 Phishing Attack Via SocialPhish tool 2
2 Fluxion tool Wi-Fi De- 5
authentication Attack

3 SQL Injection Attack 17

4 DoS (Denial Of Service) Attack 20
5 PSRansom (Ransomware attack) 25
6 SET Attack(Social Engineering 33
Toolkit)Website Cloner
Con
fide
ntial Cybersecurity Awareness

Phishing Attack Via SocialPhish tool

What is Phishing Attack: Phishing is a deceptive cyber attack where
attackers impersonate trusted entities, often through email, to trick
individuals into revealing sensitive information like passwords, credit card
details, or personal data. Victims are lured to fake websites or prompted
to download malicious attachments, compromising their security and
privacy. Phishing exploits human trust and can lead to identity theft,
financial loss, or unauthorized access to accounts. Always be cautious with
unsolicited messages, check sender legitimacy, and avoid clicking on
suspicious links to protect yourself from phishing attacks.

[*] Choose an option:

[*]Choose a port forwarding option:1 or 2

#Ngrok will be downloaded if not installed already.

Con
fide
ntial Cybersecurity Awareness

Ngrok allows you to expose a web server running on your local

machine to the internet. It helps to access the page from any device
since it port-forwards the local IP address.

Alternate method is you use first option of SSH tunnelling via Serveo it
is also a good option.

Now the link that is generated you have to forward it to your victim and
wait for victim to click it

You have to craft a phishing email to successfully land your email in

victim’s inbox.

This is how fake login page looks like.

In the above image you can see the username field is filled as 12345
and password field as 12345. Once you submit this form, the php
server listens for keystrokes from the victim which is shown on the
terminal and then recorded in the web template directory used in a file
saved as saved.usernames.txt

/opt/Socialphish/sites/”template”/saved.usernames.txt
Con
fide
ntial Cybersecurity Awareness

Credentials

Preventive measures: Awareness Training: Educate individuals about

recognizing phishing attempts and suspicious emails.
 Verify Sender: Always verify the legitimacy of the sender, especially
in unsolicited emails.

 Check URLs: Hover over links to see the actual URL before clicking.
Ensure it matches the legitimate site.

 Avoid Downloads: Refrain from downloading attachments or files

from untrusted sources.

 Use Security Software: Employ reputable antivirus and anti-

phishing software to detect and block phishing attempts.

 Report Phishing: Report phishing emails to your email provider and

relevant authorities.

 Multi-Factor Authentication: Enable multi-factor authentication

for added account security.

 Regular Password Changes: Change passwords regularly,

especially for critical accounts.
Con
fide
ntial Cybersecurity Awareness

Fluxion tool Wi-Fi De-authentication Attack

● To install Fluxion in Kali Linux run the commands:

● git clone https://github.com/FluxionNetwork/fluxion

● cd fluxion/
1
2 ● sudo ./fluxion.sh
3

What is Wi-Fi attack: Fluxion is a tool in Kali Linux used for a Wi-Fi hacking
attack. It creates a rogue access point, impersonates a trusted network,
and lures users to connect. When users enter their Wi-Fi credentials,
Fluxion captures them. This attack can compromise network security and
user privacy, making it vital to be cautious about connecting to unfamiliar
Wi-Fi networks to avoid falling victim to such attacks.
Con
fide
ntial Cybersecurity Awareness

Stop Network Manager and processes that can interfere:

sudo systemctl stop NetworkManager
1
2sudo airmon-ng check kill

Typical launch of the program, go to its folder:

1cd fluxion/
The program is updated very often, so to download the latest version, run
the command:

1sudo ./fluxion.sh
Select language:

We need to grab a handshake. It will not be used for brut-force (there will
not be brut-force at all). But it is necessary to check if the user entered the
correct password. Therefore, we select item two:

⮚ Select 2nd Option

1
Con
fide
ntial Cybersecurity Awareness

⮚ Select a wireless interface for target searching:

● Select the channel where you want to search for targets: Select for
3rd option.

● Five seconds after the target AP appears, close the FLUXION Scanner
(ctrl+c).
Con
fide
ntial Cybersecurity Awareness

● When you see the desired target, close the new window, the list of
access points will be displayed in the main program window:

● Select an interface for target tracking. We selected 1.

Con
fide
ntial Cybersecurity Awareness

● Select method for handshake retrieval. We select 2.

● Select a method of verification for the hash. We select 1 there could

be an another option on 1st it is called as cowpatty if you see that
select cowpatty it is recommended.

● How often should the verifier check for a handshake? Select 30

seconds mostly follow the recommended options.
Con
fide
ntial Cybersecurity Awareness

⮚ How should verification Occur. Select recommended that is 2.

● The synchronous option will halt data capturing before

attempting to check for a handshake, to prevent the issues
described before. The downside of this method is the fact it'll
stop listening while checking for handshakes, meaning it could
miss a handshake while checking for one.

⮚ Three additional windows will appear periodically. If a handshake is

captured, i.e. the attack succeeded, then one of the windows will
have such an entry, and the other windows will be closed and the
attack stopped:
Con
fide
ntial Cybersecurity Awareness

⮚ Now go to the Captive Portal attack.

⮚ Now select “Evil Twin Attack”

Con
fide
ntial Cybersecurity Awareness

⮚ Proceed with Yes.

⮚ Now choose the interface for jamming.

⮚ Select an interface for the access point.

⮚ Go with Recommended Option.

Con
fide
ntial Cybersecurity Awareness

⮚ If you have already captured a handshake, a message will appear

that it has been found. You can use it or specify a path to another:

⮚ Again select a method of verification for the hash: Usual appears

cowpatty then select cowpatty one it is also recommended.

⮚ Next, we select the source of the SSL certificate for the captive
portal.
Con
fide
ntial Cybersecurity Awareness

● Now select 1.

⮚ Select an internet connectivity type for the rogue network. Go with

Recommended.

⮚ This will cause all iOS clients, and some Android clients to not show
the captive portal immediately upon connecting to the rogue
network, however, the captive portal will still show up once the
clients try accessing any web site.
⮚ Select a captive portal interface for the rogue network. By default,
Generic Portal are available, suitable for all cases in different
languages:
Con
fide
ntial Cybersecurity Awareness

⮚ Now the attack starts, many windows will open.

Clients will be disconnected, and they will not be able to connect to the
true network during the entire duration of the attack. But for them there
will be another network, it is without a password, to which you can
connect with one tap.
If the client does this, then when he tries to open any site, he will be
redirected to the Captive Portal.
All the data entered is transmitted to Fluxion, which checks in real-time
whether the password is correct or not. If the password is not correct,
then such a window is displayed, and the attack continues.
If the password is correct, then it is shown to the attacker, and the attack
ceases immediately. After that, the client (victim) device will automatically
Con
fide
ntial Cybersecurity Awareness

connect to the original access point and he will receive his normal Internet
connection.
And you can Check the Credential of attack in folder: Fluxion > Attacks >
Captive Portal > netlog > open the file.

Preventive measures:
 Use Trusted Networks: Connect only to known and trusted Wi-Fi
networks, especially in public places.
 Enable WPA3: Use the latest Wi-Fi security protocol, WPA3, on your
network, which is more secure than older protocols.
 Avoid Open Networks: Avoid connecting to open, unsecured Wi-Fi
networks without passwords.
 Verify Network Name: Confirm the exact SSID (network name)
before connecting to a network.

SQL Injection Attack

Con
fide
ntial Cybersecurity Awareness

An SQL injection attack is a type of cyberattack where malicious actors

exploit vulnerabilities in a web application's input fields to manipulate an
application's database. By injecting malicious SQL code, attackers can gain
unauthorized access to the database, steal sensitive data, or modify and
delete records. It's a significant security risk, and web applications should
implement proper input validation and use prepared statements or
parameterized queries to prevent SQL injection vulnerabilities.

Bypassing Authentication:

First query to bypass the admin authentication

1. After we confirm that the site is vulnerable to SQL injection, the next
step is to type the appropriate payload(input) in the password field to gain
access to the account.

2. Enter the below-mentioned command in the vulnerable field and this

will result in a successful Authentication Bypass.

⮚ Select id from users where username=’username’ and

password=’password’ or 1=1--+

In the above command:

Since 1=1 is always true, and we combined 1=1 with an OR operator, now
we don’t have to know username or password as whatever be the
username, password, our 1=1 will always be true thus giving us access to
our account.

‘ or 1=1–+(in the password field) ‘ before OR operator is used to

terminating the single quotes of password(ie- Select id from users where
username=’username’ and password=’password’)

So after that we insert ‘ before OR operator, our SQL command becomes:

Select id from users where username=’username’ and password=’’ or 1=1–
+
Con
fide
ntial Cybersecurity Awareness

–+ is used to ignore the rest of the command. Its main use is to ignore the ‘
after the password and if we won’t use that ,we will get the following error.

Lets try the payload on our login portal(without writing –+ at the end of
the payload)

Note: Remember this is hit and trial method different websites aor
webapps can have different names and passords

Now lets try another method

This is our victim site:

Now we want access to Admin Privileges so we are going to enter a query to get
it.
Con
fide
ntial Cybersecurity Awareness

In above image you can see we have entered in username field admin’- -it means
it will ignore “admin” and add it in comment this query will manipulate so that it
will retrieve data for admin user. Now on password field we have entered ‘OR ‘1’
= ’1’ by using this query it manipulates as retrieve data where condition true as
‘1’ = ‘1’ as result it retrieves all data or gives access to admin privileges and
account.

Now lets enter.

Here we are with Admin Page.

Preventive measures:

 Input Validation: Implement strict input validation to block

malicious input from reaching the database.
 Prepared Statements: Use prepared statements or parameterized
queries in application code to separate data from SQL commands.
 Web Application Firewalls: Deploy web application firewalls that
can detect and block SQL injection attempts.
 Least Privilege: Limit database user permissions to only what's
necessary, reducing potential damage from an attack.
 Regular Updates: Keep software, frameworks, and libraries up to
date to patch known vulnerabilities.
 Security Training: Train developers to write secure code and
educate them about SQL injection risks.
Con
fide
ntial Cybersecurity Awareness

DoS (Denial Of Service) Attack

A Denial of Service (DoS) attack is a malicious attempt to disrupt the

normal functioning of a computer system, network, or website. Attackers
overwhelm the target with a flood of traffic, requests, or data, causing it to
become slow or unresponsive to legitimate users. DoS attacks can lead to
service outages, financial losses, and security vulnerabilities. Mitigation
techniques include firewalls, load balancing, and content delivery
networks (CDNs) to defend against such attacks and ensure system
availability. DoS attacks can be disruptive and damaging, and they are
often illegal and unethical when conducted without proper authorization.

Lets attack this this website:

Now we will attack this webpage by sending enormous amount of

requests from a tool called “RavenStorm” on kali Linux
Con
fide
ntial Cybersecurity Awareness

We will select the l7 one because we are doing http flood.

Now we select the following options like target in which we specify our target,
threads in which we select how much threads as mean requests will go on the
target machine.

Now we
execute
the
attack
Con
fide
ntial Cybersecurity Awareness

Now lets check our page and refresh it, but it will take time to load in this case
this is the sign that our requests are hitting the target.

And there we go the web page is down this causes the users to not access the
page give this error even after some time page reloads it will act very slow and
very annoying and will affect the users usage because we didn’t have stopped
our attack.

Note: After we stop attack page will restore to its normal state.
Con
fide
ntial Cybersecurity Awareness

Note: The attack will stop automatically after 600 threads.

Preventive measures:

 Traffic Filtering: Implement network and application-level traffic

filtering to block malicious traffic and reduce the impact of attacks.
 Intrusion Detection/Prevention Systems (IDS/IPS): Use IDS and
IPS solutions to identify and block suspicious or malicious activity in
real-time.
 Rate Limiting: Apply rate limiting to restrict the number of requests
from a single IP address within a specific time frame, preventing
abuse.
 Load Balancing: Distribute incoming traffic across multiple servers
to avoid overloading a single server.
 Security Updates: Keep software and systems up to date to patch
vulnerabilities that attackers might exploit.
 Monitoring and Alerts: Implement continuous monitoring and
automated alerting to detect unusual traffic patterns.Anomaly
Detection: Use systems that can identify and respond to abnormal
traffic or behavior.
 Incident Response Plan: Develop and practice an incident response
plan to quickly address and mitigate attacks when they occur.
Con
fide
ntial Cybersecurity Awareness

PSRansom (Ransomware attack)

A ransomware attack is a type of malicious cyberattack where hackers encrypt a
victim's data, making it inaccessible. They then demand a ransom, usually in
cryptocurrency, in exchange for a decryption key to unlock the data.
Ransomware can paralyze businesses, governments, and individuals, causing
data loss and financial damage. Prevention includes regular backups, robust
cybersecurity measures, employee training, and avoiding suspicious email
attachments or links. Ransomware attacks are illegal and can have severe
consequences, making it crucial to prioritize cybersecurity to mitigate the risk.

PSRansom is a PowerShell Ransomware Simulator with C2 Server capabilities.

This tool helps you simulate encryption process of a generic ransomware in any
system on any system with PowerShell installed on it.

We are using simulator to see how ransomware attack works

This is our victim machine and there are some sensitive files on it like password,
accounts, and Data

Lets see our victims device security how much it is secured

Con
fide
ntial Cybersecurity Awareness
Con
fide
ntial Cybersecurity Awareness
Con
fide
ntial Cybersecurity Awareness

Well the device is pretty vulnerable as all defender features are turned off

We will now start our attack we are attacking from kali linux and we are using
PSRansom Simulator it simulates the ransomware environment.
Con
fide
ntial Cybersecurity Awareness

So here we have started our server to host our directory in which our PSRansom
is located.

Next we start C2Server where we store our Ransom and from we will download
in our Victim System.
Con
fide
ntial Cybersecurity Awareness

Next we will execute a script in which we have written that the victim will click
the executable file and the files will get encrypted, script will use powershell to
execute this process

Here is Script

After saving the script

Con
fide
ntial Cybersecurity Awareness

Now when victim Double-Click the launcher file the files will get encrypted it will
look like this and you will get this message

As you can see the format of .txt file is changed to PSR

We will also get to know that victim is downloaded the file as it will get showed
here
Con
fide
ntial Cybersecurity Awareness

Now the decryption process in normal cases you have to pay ransom and will
not get the guarantee that your data will decrypt but since this our simulation so
we have the recovery key but when ransomware attack happens the similar
situation is there but you have to pay the ransom,

We will download the decryption file (In our Kali or host machine) to our Victim
machine and will use it to decrypt it.

Here you can see the PSRansom is our file and we are using it to decrypt the
data with unique recovery key. Here it is decrypted
Con
fide
ntial Cybersecurity Awareness

Preventive measures:

 Regular Backups: Maintain offline and automated backups of

critical data to ensure data recovery in case of an attack.
 Security Software: Use reputable antivirus and anti-ransomware
software to detect and block ransomware threats.
 Email Security: Be cautious with email attachments and links,
especially from unknown or suspicious sources.
 Software Updates: Keep operating systems and software up to
date with security patches to address vulnerabilities.
 User Training: Educate employees and users about ransomware
risks and best practices for safe online behavior.
 Least Privilege Access: Restrict user permissions to only what is
necessary to minimize the potential impact of an attack.
 Incident Response Plan: Develop and practice an incident response
plan to respond effectively if an attack happens.
Con
fide
ntial Cybersecurity Awareness

SET Attack(Social Engineering Toolkit)Webite

Cloner

A SET (Social Engineering Toolkit) site cloning attack is a form of social

engineering where an attacker creates a convincing replica of a legitimate
website. They trick users into visiting this fake site, often through
deceptive emails or messages, to steal sensitive information like login
credentials or financial details. These attacks exploit trust and familiarity
to deceive victims. Preventive measures include educating users about
phishing risks, verifying website URLs, and using security tools like email
filtering and web browsers with built-in security features. SET site cloning
attacks are illegal and unethical, emphasizing the importance of
cybersecurity awareness.

We will use SET to clone the Website we will clone the customised login
page of WatchGuard

This the Webpage that we are going to clone

To use we will go on our Kali Linux SET

Now we will chose 1st option.

Con
fide
ntial Cybersecurity Awareness

Now we will chose 2nd option.

Now we will chose 3rd option.

Here we choose 2nd option

Con
fide
ntial Cybersecurity Awareness

Will use ngrok for port forwarding also it generates the link that will shared to
victim to look like legit but it is not legit you can see it ny looking at link.

Provide the link in the postback for harvester

Con
fide
ntial Cybersecurity Awareness

Provide the watchguard login page link to clone it

Now press enter and interface will look like this.

Con
fide
ntial Cybersecurity Awareness

Now copy the whole ngrok link that is ready for phishing and send to victim as
phish mail.
Con
fide
ntial Cybersecurity Awareness

Once the victim clicks the link we will get to know

On Victim Side it will look like this

Victim have entered the credentials.

Con
fide
ntial Cybersecurity Awareness

Now we will get the credentials

Preventive measures: Awareness Training: Educate individuals about

recognizing phishing attempts and suspicious emails.
 Verify Sender: Always verify the legitimacy of the sender, especially
in unsolicited emails.

 Check URLs: Hover over links to see the actual URL before clicking.
Ensure it matches the legitimate site.

 Avoid Downloads: Refrain from downloading attachments or files

from untrusted sources.

 Use Security Software: Employ reputable antivirus and anti-

phishing software to detect and block phishing attempts.

 Report Phishing: Report phishing emails to your email provider and

relevant authorities.

 Multi-Factor Authentication: Enable multi-factor authentication

for added account security.

 Regular Password Changes: Change passwords regularly,

especially for critical accounts.
Con
fide
ntial Cybersecurity Awareness

Atharv Kaijkar

Trainee Security Engineer