Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@Kali:~# se-toolkit
- [-] New set_config.py file generated on: 2013-06-30 23:57:04.940106
- [-] Verifying configuration update...
- [*] Update verified, config timestamp is: 2013-06-30 23:57:04.940106
- [*] SET is using the new config, no need to restart
- .M"""bgd `7MM"""YMM MMP""MM""YMM
- ,MI "Y MM `7 P' MM `7
- `MMb. MM d MM
- `YMMNq. MMmmMM MM
- . `MM MM Y , MM
- Mb dM MM ,M MM
- P"Ybmmd" .JMMmmmmMMM .JMML.
- [---] The Social-Engineer Toolkit (SET) [---]
- [---] Created by: David Kennedy (ReL1K) [---]
- [---] Version: 5.1 [---]
- [---] Codename: 'Name of the Doctor' [---]
- [---] Follow us on Twitter: @trustedsec [---]
- [---] Follow me on Twitter: @dave_rel1k [---]
- [---] Homepage: https://www.trustedsec.com [---]
- Welcome to the Social-Engineer Toolkit (SET). The one
- stop shop for all of your social-engineering needs.
- Join us on irc.freenode.net in channel #setoolkit
- The Social-Engineer Toolkit is a product of TrustedSec.
- Visit: https://www.trustedsec.com
- Select from the menu:
- 1) Social-Engineering Attacks
- 2) Fast-Track Penetration Testing
- 3) Third Party Modules
- 4) Update the Metasploit Framework
- 5) Update the Social-Engineer Toolkit
- 6) Update SET configuration
- 7) Help, Credits, and About
- 99) Exit the Social-Engineer Toolkit
- set> 1
- .--. .--. .-----.
- : .--': .--'`-. .-'
- `. `. : `; : :
- _`, :: :__ : :
- `.__.'`.__.' :_;
- [---] The Social-Engineer Toolkit (SET) [---]
- [---] Created by: David Kennedy (ReL1K) [---]
- [---] Version: 5.1 [---]
- [---] Codename: 'Name of the Doctor' [---]
- [---] Follow us on Twitter: @trustedsec [---]
- [---] Follow me on Twitter: @dave_rel1k [---]
- [---] Homepage: https://www.trustedsec.com [---]
- Welcome to the Social-Engineer Toolkit (SET). The one
- stop shop for all of your social-engineering needs.
- Join us on irc.freenode.net in channel #setoolkit
- The Social-Engineer Toolkit is a product of TrustedSec.
- Visit: https://www.trustedsec.com
- Select from the menu:
- 1) Spear-Phishing Attack Vectors
- 2) Website Attack Vectors
- 3) Infectious Media Generator
- 4) Create a Payload and Listener
- 5) Mass Mailer Attack
- 6) Arduino-Based Attack Vector
- 7) SMS Spoofing Attack Vector
- 8) Wireless Access Point Attack Vector
- 9) QRCode Generator Attack Vector
- 10) Powershell Attack Vectors
- 11) Third Party Modules
- 99) Return back to the main menu.
- set> 6
- The Arduino-Based Attack Vector utilizes the Arduin-based device to
- program the device. You can leverage the Teensy's, which have onboard
- storage and can allow for remote code execution on the physical
- system. Since the devices are registered as USB Keyboard's it
- will bypass any autorun disabled or endpoint protection on the
- system.
- You will need to purchase the Teensy USB device, it's roughly
- $22 dollars. This attack vector will auto generate the code
- needed in order to deploy the payload on the system for you.
- This attack vector will create the .pde files necessary to import
- into Arduino (the IDE used for programming the Teensy). The attack
- vectors range from Powershell based downloaders, wscript attacks,
- and other methods.
- For more information on specifications and good tutorials visit:
- http://www.irongeek.com/i.php?page=security/programmable-hid-usb-keystroke-dongle
- To purchase a Teensy, visit: http://www.pjrc.com/store/teensy.html
- Special thanks to: IronGeek, WinFang, and Garland
- This attack vector also attacks X10 based controllers, be sure to be leveraging
- X10 based communication devices in order for this to work.
- Select a payload to create the pde file to import into Arduino:
- 1) Powershell HTTP GET MSF Payload
- 2) WSCRIPT HTTP GET MSF Payload
- 3) Powershell based Reverse Shell Payload
- 4) Internet Explorer/FireFox Beef Jack Payload
- 5) Go to malicious java site and accept applet Payload
- 6) Gnome wget Download Payload
- 7) Binary 2 Teensy Attack (Deploy MSF payloads)
- 8) SDCard 2 Teensy Attack (Deploy Any EXE)
- 9) SDCard 2 Teensy Attack (Deploy on OSX)
- 10) X10 Arduino Sniffer PDE and Libraries
- 11) X10 Arduino Jammer PDE and Libraries
- 12) Powershell Direct ShellCode Teensy Attack
- 13) Peensy Multi Attack Dip Switch + SDCard Attack
- 99) Return to Main Menu
- set:arduino>12
- [*] Generating the Powershell - Shellcode injection pde..
- The powershell - shellcode injection leverages powershell to send a meterpreter session straight into memory without ever touching disk.
- This technique was introduced by Matthew Graeber (http://www.exploit-monday.com/2011/10/exploiting-powershells-features-not.html)
- Select payload you want to delivery via the powershell - shellcode injection
- 1. Metasploit Meterpreter (x86)
- 2. Metasploit Meterpreter (x64)
- Enter your choice: 2
- [!] Something went wrong, printing the error: name 'setdir' is not defined
- root@Kali:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement