ethical.blue Magazine

// Cybersecurity clarified.

Phishing Simulations with Collector Application

2022-03-10   Dawid Farbaniec
...
Enjoy phishing simulations and pentests with awesome Blazor app.

The Idea Behind Collector Program

The Collector program can be used when there is no need to perform a real red team operation in the company. The general idea is that one doesn't have to break glass windows, shot to security cameras and break down the doors to tell your boss that he has a weakly secured office. Of course, this does not completely exclude the use of Collector during red team operations. For example: Link in campaign can lead to custom dangerous payloads coded by red teams or only to harmless web pages with warning to educate employees.

One is clear: Project Collector does not contain any malware.

Password Protected Web Panel

The Collector web panel is protected by login and password. There is no support for multiple accounts but the credentials can be shared with the team. Notice that login credentials stored in SQLite database file are not in clear text. The password hash algorithm is SHA512 with salt. There is also incorrect login detection for monitoring attacks on login form.



Easy Management of Link Campaigns

Links used in penetration test (for example phishing simulation) are categorized into campaigns for clarity and easy management. One can create new links, sort links, export links, delete links and view details of specified link.


Every link used in campaign has guid, campaign name, description, click counter, hostname/IP and last activity timestamp. Notice also that every link can be redirected to specified URL.


File Campaigns

In addition to link campaigns it is also possible to perform file campaigns. Main object of link campaign is to check how many people have clicked the link. The file campaign main object is to check how many people have run executable file.



The sample included in Collector program is not malware. The task is to get username, machine name and BIOS serial number to identify which machine have executed the payload. The data collected by executable file is then posted to web panel using HTTP POST method.

Program.cs (C#.NET)
// See https://aka.ms/new-console-template for more information


using System.Management;

#region Sample settings
string collectorURL = "https://localhost:7096/collect";
string campaignName = "campaign001";
#endregion

#pragma warning disable CA1416 // Walidacja zgodności z platformą
ManagementObjectSearcher searcher = new("SELECT * FROM Win32_BIOS");
#pragma warning restore CA1416 // Walidacja zgodności z platformą
ManagementObject? obj = searcher.Get().Cast<ManagementObject>().FirstOrDefault();

if (obj == null)
    return;

string? BIOSSerialNumber = obj["SerialNumber"].ToString();

HttpClient httpClient = new();
var content = new FormUrlEncodedContent(new[]
{
    new KeyValuePair<string, string>("CampaignField", campaignName),
    new KeyValuePair<string, string>("UserNameField", Environment.UserName),
    new KeyValuePair<string, string>("MachineNameField", Environment.MachineName),
    new KeyValuePair<string, string>("BIOSSerialNumberField", BIOSSerialNumber ?? "empty")
});

await httpClient.PostAsync(collectorURL, content);

According to VirusTotal service there is only one detection of the C#.NET sample used in Collector project.
Harmless means harmless!


Elegant Reports

Probably every boss and customer likes to have it all served on a plate.




Sample Application Scenario

Overview of example phishing simulation (pentest) using Collector application.

0x01. Complete documents with company or people which will be tested. Act legally.
0x02. Prepare e-mail addresses (you can buy domains), message templates and program or script to send e-mails. You can also send e-mails manually.
Here comes Collector application. 🙂
0x03. Create campaigns and links in Collector app web panel.
0x04. Embed links in messages and send prepared e-mails to targets.
0x05. Monitor which links have been clicked. There are also IP addresses and timestamps collected.
0x06. Print elegant reports for your boss/customer.
0x07. Educate employees and retest on a regular basis.

Bibliography

https://github.com/ethicalblue/Collector [access: 2022-03-10]

ethical.blue Appz

Categories

Archives


Donate to ethical.blue Magazine website maintenance with cryptocurrency or PayPal.

aspnet
Connections: 23

bitcoin diesel