added the default structure for vishing in the

start_pentest function.
2025-05-20 09:45:11 -05:00
parent c4bda0022b
commit 76f153e981
1 changed files with 90 additions and 2 deletions
--- a/pentest_tool/src/start_pentest.rs
+++ b/pentest_tool/src/start_pentest.rs
@@ -322,6 +322,91 @@ powerup.ps1/sharpup.exe notes.
 }
 fn vishing(project: &Project){
    let mut notes_path = project.notes_folder.clone();
    let mknote_folder_res = fs::create_dir_all(&notes_path);
    if mknote_folder_res.is_err(){
        let error = mknote_folder_res.err().unwrap();
        println!("Error creating notes folder!");
        println!("{}", error);
        return;
    }
    notes_path.push("general.md");
    let general_notes_res = create_note_file(&notes_path);
    if general_notes_res.is_some(){
        let mut general_notes = general_notes_res.unwrap();
        write!(general_notes, "# Scope\n\n").unwrap();
        write!(general_notes, "
 Introductions
 have they been vished before?
 if yes ask what the purpose of that vishing was, gain a foothold, or other?
 ask the purpose of this test, just see if we can get creds or testing a vetting process, or any specific goals for the engagement.
 four main aspects
 1. verbal confirmation and verification of information
 2. run commands on the system they're on
 3. go to a specific website
 4. join a screen sharing session with us
 pretexts:
 default is third party it.
 they have 2 dudes for helpdesk so this may not be the best pretext.  Try to impersonate a specific helpdesk user. impersonate William sounds like our plan. 
 Vector - 
 ask for any questions, comments, or concerns. 
 ").unwrap();
    }
    notes_path.pop();
    notes_path.push("findings.md");
    let findings_res = create_note_file(&notes_path);
    if findings_res.is_some(){
        let mut findings_file = findings_res.unwrap();
        write!(findings_file, "# Findings to write up\n\n\n# Delivery Notes\n").unwrap();
    }
    notes_path.pop();
    notes_path.push("pretext.md");
    let pretext_res = create_note_file(&notes_path);
    if pretext_res.is_some(){
        let mut pretext_file = pretext_res.unwrap();
        write!(pretext_file, "\n\n\n#Script").unwrap();
        write!(pretext_file, "
 Hello I'm [name] from [Find Local IT Shop]. We were brought in to help your normal IT guys with some of the menial tasks so they can focus on more import improvement projects. As part of this we're making sure our inventory management system is checking in correctly and up to date, this should only take a minute or two. Is now bad time to talk?
 Great I just need to confirm that my inventory report here is accurate.
 Are you currently running Windows 11?
 can you confirm your user name is [metadata username]?
 Your primary browser is firfox?
 Oh thats strange it seems our report is wrong then... I don't think our program on your computer is checking in correctly... uhhh I want to make sure you're getting all the windows updates we need to be compliant.
 Hold the windows key on your keyboard and press the r button. in the box that opens up type cmd.exe and press enter.
 This will open a scary black box, but don't worry I'll walk you through what we need here, it'll be pretty easy.
 In that box type systemifo all one word and press enter.
 Scroll up through that output and find the section that talks about hotfixes, how many are installed?
 That doesn't seem like the right number to me, can you read me the last 3 that are listed there?
 yeah you're definitely not getting all of the windows updates. This is going to take a bit of troubleshooting to figure out. Would you mind hopping in a Zoom call with me and sharing your screen so I can check a few things? This should only take a couple of minutes.
 (open up the services manager and scroll through it, check some program files folders, and run a few commands in cmd to act like I'm troubleshooting.)
 Hmmm everything looks ok on this end. I'm going to do some troubleshooting on the server side and see if we can get to the bottom of this. I don't think we'll need anything else from you to fix this, but if that changes I'll let you know.  Thank you for your time.        
 ").unwrap();
    }
    notes_path.pop();
    notes_path.push("calls.md");
    create_note_file(&notes_path);
 }
 pub fn start_pentest(config_path: &PathBuf, projects: &mut Vec<Project>, id: i32, upcoming_files: &PathBuf, upcoming_notes: &PathBuf, boxtemplate: &String, password_spray_file: &PathBuf) {
    let mut project_files = upcoming_files.clone();
    let mut project_notes = upcoming_notes.clone();
@@ -343,12 +428,15 @@ pub fn start_pentest(config_path: &PathBuf, projects: &mut Vec<Project>, id: i32
    create_project_folder(&mut working, "delivery");
    let project_boxname = format!("{}_{}", boxtemplate, customer_name);
    let new_prject = Project{customer:customer_name.clone(), project_name:project_name.clone(), notes_folder:project_notes.clone(), files_folder:project_files.clone(),active:false, boxname:project_boxname.clone(),stage:"upcoming".to_owned(), id};
-    if project_name.contains("external"){
+    if project_name.to_lowercase().contains("external"){
        external(password_spray_file, &new_prject);
    }
-    else if project_name.contains("internal"){
+    else if project_name.to_lowercase().contains("internal"){
        internal(password_spray_file, &new_prject);
    }
    else if project_name.to_lowercase().contains("vishing"){
        vishing(&new_prject);
    }
    projects.push(new_prject);
    project_controls::save_projects(projects, config_path);
    println!("project created and saved to the projects config file!");