Pentest_Notes

🎭 Social Engineering & Phishing

Organized notes for social engineering and phishing attacks. Last Updated: 2026-03-27

---

Overview

Social engineering targets the human element. In penetration testing, this includes phishing emails, pretexting, and client-side attacks to gain initial access.

---

Phishing Techniques

Checklist

• Enumerate email addresses (OSINT)
• Identify mail server configuration
• Test for open relay
• Prepare phishing pretext
• Create malicious payload
• Test email delivery
• Send phishing emails
• Monitor for callbacks

Email Discovery

# theHarvester
theHarvester -d domain.com -l 500 -b google

# SMTP user enumeration
smtp-user-enum -M VRFY -U users.txt -t <MAIL_IP>
smtp-user-enum -M RCPT -U users.txt -D domain.com -t <MAIL_IP>

Open Relay Testing

swaks --from attacker@domain.com --to target@domain.com --header 'Subject: Test' --body 'Test message' --server <MAIL_IP>

SMB Hash Theft via Email

From the AD context: If a mail server is present, send an email containing a config.Library-ms file or a link to a UNC path to capture NTLM hashes.

---

Client-Side Attacks

Malicious Office Documents

• Macro-enabled documents (.docm, .xlsm)
• Template injection
• OLE objects
• DDE (Dynamic Data Exchange) payloads

Link-Based Attacks

• Links to credential harvesting pages
• Links triggering NTLM authentication (UNC paths)
• HTML smuggling payloads

---

Common Pitfalls / Gotchas

• Not verifying email deliverability before the actual campaign
• Using obvious phishing indicators (misspelled domains, suspicious attachments)
• Not having a credible pretext

References & Further Reading

• HackTricks - Phishing
• Gophish ```