SET Issue

1. root@Kali:~# se-toolkit
2. [-] New set_config.py file generated on: 2013-06-30 23:57:04.940106
3. [-] Verifying configuration update...
4. [*] Update verified, config timestamp is: 2013-06-30 23:57:04.940106
5. [*] SET is using the new config, no need to restart
6.  
7. .M"""bgd `7MM"""YMM MMP""MM""YMM
8. ,MI "Y MM `7 P' MM `7
9. `MMb. MM d MM
10. `YMMNq. MMmmMM MM
11. . `MM MM Y , MM
12. Mb dM MM ,M MM
13. P"Ybmmd" .JMMmmmmMMM .JMML.
14.  
15. [---] The Social-Engineer Toolkit (SET) [---]
16. [---] Created by: David Kennedy (ReL1K) [---]
17. [---] Version: 5.1 [---]
18. [---] Codename: 'Name of the Doctor' [---]
19. [---] Follow us on Twitter: @trustedsec [---]
20. [---] Follow me on Twitter: @dave_rel1k [---]
21. [---] Homepage: https://www.trustedsec.com [---]
22.  
23. Welcome to the Social-Engineer Toolkit (SET). The one
24. stop shop for all of your social-engineering needs.
25.  
26. Join us on irc.freenode.net in channel #setoolkit
27.  
28. The Social-Engineer Toolkit is a product of TrustedSec.
29.  
30. Visit: https://www.trustedsec.com
31.  
32. Select from the menu:
33.  
34. 1) Social-Engineering Attacks
35. 2) Fast-Track Penetration Testing
36. 3) Third Party Modules
37. 4) Update the Metasploit Framework
38. 5) Update the Social-Engineer Toolkit
39. 6) Update SET configuration
40. 7) Help, Credits, and About
41.  
42. 99) Exit the Social-Engineer Toolkit
43.  
44. set> 1
45.  
46. .--. .--. .-----.
47. : .--': .--'`-. .-'
48. `. `. : `; : :
49. _`, :: :__ : :
50. `.__.'`.__.' :_;
51.  
52. [---] The Social-Engineer Toolkit (SET) [---]
53. [---] Created by: David Kennedy (ReL1K) [---]
54. [---] Version: 5.1 [---]
55. [---] Codename: 'Name of the Doctor' [---]
56. [---] Follow us on Twitter: @trustedsec [---]
57. [---] Follow me on Twitter: @dave_rel1k [---]
58. [---] Homepage: https://www.trustedsec.com [---]
59.  
60. Welcome to the Social-Engineer Toolkit (SET). The one
61. stop shop for all of your social-engineering needs.
62.  
63. Join us on irc.freenode.net in channel #setoolkit
64.  
65. The Social-Engineer Toolkit is a product of TrustedSec.
66.  
67. Visit: https://www.trustedsec.com
68.  
69. Select from the menu:
70.  
71. 1) Spear-Phishing Attack Vectors
72. 2) Website Attack Vectors
73. 3) Infectious Media Generator
74. 4) Create a Payload and Listener
75. 5) Mass Mailer Attack
76. 6) Arduino-Based Attack Vector
77. 7) SMS Spoofing Attack Vector
78. 8) Wireless Access Point Attack Vector
79. 9) QRCode Generator Attack Vector
80. 10) Powershell Attack Vectors
81. 11) Third Party Modules
82.  
83. 99) Return back to the main menu.
84.  
85. set> 6
86.  
87. The Arduino-Based Attack Vector utilizes the Arduin-based device to
88. program the device. You can leverage the Teensy's, which have onboard
89. storage and can allow for remote code execution on the physical
90. system. Since the devices are registered as USB Keyboard's it
91. will bypass any autorun disabled or endpoint protection on the
92. system.
93.  
94. You will need to purchase the Teensy USB device, it's roughly
95. $22 dollars. This attack vector will auto generate the code
96. needed in order to deploy the payload on the system for you.
97.  
98. This attack vector will create the .pde files necessary to import
99. into Arduino (the IDE used for programming the Teensy). The attack
100. vectors range from Powershell based downloaders, wscript attacks,
101. and other methods.
102.  
103. For more information on specifications and good tutorials visit:
104.  
105. http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongle
106.  
107. To purchase a Teensy, visit: http://www.pjrc.com/store/teensy.html
108. Special thanks to: IronGeek, WinFang, and Garland
109.  
110. This attack vector also attacks X10 based controllers, be sure to be leveraging
111. X10 based communication devices in order for this to work.
112.  
113. Select a payload to create the pde file to import into Arduino:
114.  
115. 1) Powershell HTTP GET MSF Payload
116. 2) WSCRIPT HTTP GET MSF Payload
117. 3) Powershell based Reverse Shell Payload
118. 4) Internet Explorer/FireFox Beef Jack Payload
119. 5) Go to malicious java site and accept applet Payload
120. 6) Gnome wget Download Payload
121. 7) Binary 2 Teensy Attack (Deploy MSF payloads)
122. 8) SDCard 2 Teensy Attack (Deploy Any EXE)
123. 9) SDCard 2 Teensy Attack (Deploy on OSX)
124. 10) X10 Arduino Sniffer PDE and Libraries
125. 11) X10 Arduino Jammer PDE and Libraries
126. 12) Powershell Direct ShellCode Teensy Attack
127. 13) Peensy Multi Attack Dip Switch + SDCard Attack
128.  
129. 99) Return to Main Menu
130.  
131. set:arduino>12
132. [*] Generating the Powershell - Shellcode injection pde..
133.  
134. The powershell - shellcode injection leverages powershell to send a meterpreter session straight into memory without ever touching disk.
135.  
136. This technique was introduced by Matthew Graeber (http://www.exploit-monday.com/2011/10/exploiting-powershells-features-not.html)
137.  
138. Select payload you want to delivery via the powershell - shellcode injection
139.  
140. 1. Metasploit Meterpreter (x86)
141. 2. Metasploit Meterpreter (x64)
142.  
143. Enter your choice: 2
144.  
145.  
146. [!] Something went wrong, printing the error: name 'setdir' is not defined
147. root@Kali:~#