Working with the spear-phishing attack vector
A spear-phishing attack vector is an email attack scenario that is used to send malicious emails to target/specific user(s). In order to spoof your own email address, you will require a sendmail
server. Change the config setting to SENDMAIL=ON
. If you do not have sendmail
installed on your Debian-based machine, then it can be downloaded by entering the following command:
apt install sendmail
How to do it...
The spear-phishing module has three different attack vectors at our disposal:
![](https://static.packt-cdn.com/products/9781788623179/graphics/a75f3aa1-b023-4a5e-89db-29027cb2f380.png)
- Let's analyze first. Passing the first option will start the mass email attack. The attack vector starts by selecting a payload. You can select any vulnerability from the list of available Metasploit exploit modules:
![](https://static.packt-cdn.com/products/9781788623179/graphics/eab42a18-1429-428e-96de-327897cfeb71.png)
- Then, we will be prompted to select a payload and specify the IP address or URL and the port for the listener.
- In the next few steps, we will be starting the
sendmail
server, setting a template for a malicious file format, and selecting a single or mass-mail...