API tools faq
paste
Advertisement
viprajput

socialeng..

viprajput
Jul 3rd, 2018
50
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.76 KB | None | 0 0
raw download clone embed print report
  1. SOCIAL ENGINEERING TOOLKIT (SET)
  2. ================================
  3. The Social Engineering Toolkit (SET) is an automated python based toolkit, specifically designed to perform advanced attacks against the human elements and is pre-installed in Kali Linux. It is very easy to use and deploy some Social Engineering Attacks, if as layman has some knowledge of Kali Linux and SET, they can use it very easily. A user just have to enter the numbers, IP Addresses, domain names etc etc just for exploiting the entities.
  4. Created by Trusted Sec.
  5.  
  6. WALKTHROUGH STEPS
  7. =================
  8.  
  9. = Opening up Kali Linux, make sure VMmachine is in Bridged Mode.
  10. = In the Terminal type > "setoolkit"
  11. = This will show you options like these :
  12. The Social-Engineer Toolkit is a product of TrustedSec.
  13. Select from the menu:
  14.  
  15. 1) Social-Engineering Attacks
  16. 2) Penetration Testing (Fast-Track)
  17. 3) Third Party Modules
  18. 4) Update the Social-Engineer Toolkit
  19. 5) Update SET configuration
  20. 6) Help, Credits, and About
  21.  
  22. 99) Exit the Social-Engineer Toolkit
  23.  
  24.  
  25. ATTACK VECTORS
  26. ==============
  27. 1. Going through Web Attacks
  28. = By pressing 1 for "Social-Engineering Attacks" we will get :
  29. Select from the menu:
  30.  
  31. 1) Spear-Phishing Attack Vectors
  32. 2) Website Attack Vectors
  33. 3) Infectious Media Generator
  34. 4) Create a Payload and Listener
  35. 5) Mass Mailer Attack
  36. 6) Arduino-Based Attack Vector
  37. 7) Wireless Access Point Attack Vector
  38. 8) QRCode Generator Attack Vector
  39. 9) Powershell Attack Vectors
  40. 10) SMS Spoofing Attack Vector
  41. 11) Third Party Modules
  42.  
  43. 99) Return back to the main menu.
  44.  
  45. = Going for "2) Website Attack Vectors" :
  46.  
  47. 1) Java Applet Attack Method
  48. 2) Metasploit Browser Exploit Method
  49. 3) Credential Harvester Attack Method
  50. 4) Tabnabbing Attack Method
  51. 5) Web Jacking Attack Method
  52. 6) Multi-Attack Web Method
  53. 7) Full Screen Attack Method
  54. 8) HTA Attack Method
  55.  
  56. 99) Return to Main Menu
  57.  
  58. = Going with Credential Harvester Attack which uses Advanced Phishing Techniques :
  59. 1) Web Templates
  60. 2) Site Cloner
  61. 3) Custom Import
  62.  
  63. 99) Return to Webattack Menu
  64.  
  65. = In this either we can go for 2) Site Cloner OR 3) Custom Import, Entering Web Site Path, IP Address to run the Harvestor, and getting the Data.
  66.  
  67.  
  68. 2. Mass Mailer Attack
  69. = SElecting from 1) Social Engineering Attacks, the next is 5) Mass Mailer Attack.
  70. = Select 2) Email Mass Mailer Attack
  71. = Create a Mail lists on the Attacker's Machine.
  72. = Give the path of the Mail List
  73. = Select a Gmail account and enter the details.
  74. = Add further details of the Dependencies for Mass Mailer Attack
  75. = Use ^C for sending the mails.
  76.  
  77. 3. Powershell Attack Vectors
  78. = SElecting from 1) Social Engineering Attacks, the next is 9) Powershell Attack Vectors.
  79. = Selecting 1) Powershell Alphanumeric Shellcode Injector
  80. = Enter LHOST and LPORT
  81. = Go to the path where the Powershell Exploit File is saved, which is : "/root/.set/reports/powershell/"
  82. = Copy the text file, and save it to Desktop.
  83. = Change the extension from .txt to .bat .
  84. = Share the .bat file to the Victim's PC.
  85. = Run the listener on Attacking Machine.
  86. = Run the powershell.bat PAYLOAD file.
  87. = Get the Meterpreter Session.
  88.  
  89. 4. Spear Phishing
  90. = SElecting from 1) Social Engineering Attacks, the next is 1) Spear-Phishing Attack Vectors.
  91. = Select 2) Create a FileFormat Payload.
  92. = Select a Payload.
  93. = Enter the requirements of sending spear phishing mails.
  94. = Trigger the Victim.
  95.  
  96.  
  97. BEEF FRAMEWORK
  98. ===============
  99.  
  100. BEEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. BEEF is in-built in Kali Linux, and it can be started as a service and can be accessed via a web browser on your localhost machine. We can easily hook a particular Victim through BEEF.
  101.  
  102. STARTING UP BEEF FRAMEWORK
  103. ===========================
  104. = Applications > Search BEEF > Click on "BEEF Start"
  105. = It automatically runs and open up in the Browser using localhost IP Address and Port Number 3000.
  106. http://127.0.0.1:3000/ui/panel
  107. = First it will be opening up a Authentication Page with the URL. The default credentials are beef:beef .
  108. http://localhost:3000/ui/authentication
  109.  
  110. = Now we have to trigger the Victim to open the IP of the attacker where BEEF is running and then further exploiting through the framework after hooking.
  111.  
  112. = It will be showing the Victim's IP in the Online Browser, further when selecting the Victim, we can navigate through "Commands" section for further Exploitation.
  113.  
  114.  
  115.  
  116. 192.168.43.197:3000/demos/butcher/index.html
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!