In the first part of this series, we explained pre-hooking basics for reaching the maximum number of targets. In this post, we will go through the hooking process; taking into consideration the different social and technical aspects to hook the target’s browsers for as long as possible.
Preparing The Line
During recon of our target, Contoso.com, we harvested a few e-mails, and infiltrated some social media outlets. Some tips from the conversations we observed between employees led us to the non-official Facebook group for Contoso. Here, we learned that an internal football tournament is held yearly in a nearby stadium. It's organized by an internal "Sports Committee."
We even found some pictures of last year's winners holding a trophy. We also spotted a couple of people talking about internal e-mails with special discounts on sunglasses as part of an employee benefit program.
On Twitter, we found a couple of interesting hash tags: #screwContosoBoard with quite a bit of anger from employees towards Contoso's management and board of directors.
We also bought a phishing domain "Contso.com" and a valid SSL certificate for it. Finally, quick web vulnerability scanning identified a reflected cross-site scripting(XSS) vulnerability on Contoso's main website.
We will use this information to build our hooking strategy. We want to use our phishing domains and XSS exploit links to lure browsers at three main frontiers: Corporate email, Facebook and Twitter.