Mass Email Attack Kali Tutorial : Kali Linux SET Tutorial
Mass email senders is not a new topic for ethical hacking
community . Certainly we need to send mass emails during
penetration test / phishing tests (to be more specific) . While
Phishing tests penetration testers often need to send Bulk emails
to the employees of an organisation we are conducting the
penetration test for .
Though there are many Bulk Mail sending softwares available out
there but there is nothing as good as bulk sending tool that is
already present in our favourate penetration testing OS : KALI
Linux
In this post I will be sending mass emails using Kali
Linux and SET (Social Engineering Toolkit)
To begin with the Mass email attack , you first we need a
Email list that we have either harvested or has been supplied to
us by the organisation we are conducting the penetration test for
.
Incase if you dont have a email list , please refer to this link
to view my tutorial on Email Harvesting : Click Here
For this tutorial I will be using email list file , email_list.txt
Now I will be opening Social Engineering Toolkit , SET :
Simply Open Termial and type :
se-toolkit
And SET opens Up
SET-Mass-mailer-compressed
Select Social engineering i.e Option 1
Option 1 : Social-Engineering Attacks
SET-compressed
Now as we need to do a mass email Attack (Mass Mailer
attack select option 5)
Option 5 : Mass Mailer Attack
Then select Option 2 for email mass mailer as this tutorial we
deal with Email Mass sender and not the Single Email Address .
The Option 1 might be useful spear-phish attacks .
Option 2 : Email Attack Mass Mailer
Now you need to define the path to the email list . This is
email_list.txt in our case , just add the file-name with the
path .
Easiest way is to drag and drop the email_list.txt file into the
terminal .
Now select Option 1 as we will be using a gmail account for
sending the Mass emails as we dont have our own SMTP server
. In case you have a self email server / SMTP (as done by the
proffessional spammers)server feel free to explore the other
options .
Option 1 : Use a Gmail account for email
attack
Enter the gmail address . The email address must be correct and
you must also have the password for the same to successfully
send the emails .
Now enter the name that you want the email recipients to see
in the Inbox . This is the Name that will flash first in front of
your victim . Pay attention to this field specifically , as this
where the actual social engineering takes place .
This could be “Admin” in case of a spear phish
attack .
Now the SET will ask you to enter the password for the email
account .
Enter the gmail password
Now you have an option to specify weather or not you want to
flag this message as high priority . Sometimes this may work
and sometimes might make the victim suspicious . So I suggest
to use this option as per your suitability .
Screenshot
Now SET will ask you to enter the subject of the email .
Enter the subject of the email
Now the SET will ask you if you want the body of the message
to be HTML or Plain Text .
P for plain text or H for html
Enter the body text
Enter the body of the email here . If you chose HTML message
then add the HTML tags as well .
Enter Control+C to send the email .
Enter to go back to the main menu
This is how hackers perform mass email attack.
#Purely for educational purposes . Penetration
testing without Authorization is Illegal .