I am participating in a security council/pen-testing contest. It is run by my institution and basically we have to hack as many people as we can. There are different points for different things, and here is our scoring system (really simplified, ranked from the least points to the most points), obviously the more people you hack the more points you get:
Reconnaissance (gaining target IP address, mac address etc.)
Password cracking (Gmail, Facebook etc.)
Total control (Have REMOTE total control over computer)
Our team decided to use the beEF framework, with mass mailing, to hijack the school computers so whenever someone clicks on our link, the school computer’s browser is hooked. We then social-engineer and try to make them to run a “update”, which is actually a reverse_tcp backdoor, and gaining us total control over the target computer (which places us in tier 3).
TL;DR, security contest, need to gain total control over a large number of PCs. Idea is to use beef to hook and download backdoor. Problem: Social engineering (making them running the exe) and how to convince target to not close the website. Any suggestion is appreciated thank you!
Note: Please be rest-assured that this is not illegal. Our institution granted us permission to use its computer labs as a environment, so we are not hacking the personal devices of its members. All our hacks have to be checked by several judges and IT experts to ensure that they don’t do any lasting damage on the system.