API tools faq
paste
Advertisement
viprajput

G2s10

viprajput
Jul 16th, 2018
54
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.80 KB | None | 0 0
raw download clone embed print report
  1. SOCIAL ENGINEERING TOOLKIT (SET)
  2. ================================
  3. The Social Engineering Toolkit (SET) is an automated python based toolkit, specifically designed to perform advanced attacks against the human elements and is pre-installed in Kali Linux. It is very easy to use and deploy some Social Engineering Attacks, if as layman has some knowledge of Kali Linux and SET, they can use it very easily. A user just have to enter the numbers, IP Addresses, domain names etc etc just for exploiting the entities.
  4.  
  5.  
  6. Spear Phishing : Phishing done via emails.
  7.  
  8. WALKTHROUGH STEPS
  9. =================
  10.  
  11. = Opening up Kali Linux, make sure VMmachine is in Bridged Mode.
  12. = In the Terminal type > "setoolkit"
  13. = This will show you options like these :
  14. The Social-Engineer Toolkit is a product of TrustedSec.
  15. Select from the menu:
  16.  
  17. 1) Social-Engineering Attacks
  18. 2) Penetration Testing (Fast-Track)
  19. 3) Third Party Modules
  20. 4) Update the Social-Engineer Toolkit
  21. 5) Update SET configuration
  22. 6) Help, Credits, and About
  23.  
  24. 99) Exit the Social-Engineer Toolkit
  25.  
  26.  
  27. ATTACK VECTORS
  28. ==============
  29. 1. Going through Web Attacks
  30. = By pressing 1 for "Social-Engineering Attacks" we will get :
  31. Select from the menu:
  32.  
  33. 1) Spear-Phishing Attack Vectors
  34. 2) Website Attack Vectors
  35. 3) Infectious Media Generator
  36. 4) Create a Payload and Listener
  37. 5) Mass Mailer Attack
  38. 6) Arduino-Based Attack Vector
  39. 7) Wireless Access Point Attack Vector
  40. 8) QRCode Generator Attack Vector
  41. 9) Powershell Attack Vectors
  42. 10) SMS Spoofing Attack Vector
  43. 11) Third Party Modules
  44.  
  45. 99) Return back to the main menu.
  46.  
  47. = Going for "2) Website Attack Vectors" :
  48.  
  49. 1) Java Applet Attack Method
  50. 2) Metasploit Browser Exploit Method
  51. 3) Credential Harvester Attack Method
  52. 4) Tabnabbing Attack Method
  53. 5) Web Jacking Attack Method
  54. 6) Multi-Attack Web Method
  55. 7) Full Screen Attack Method
  56. 8) HTA Attack Method
  57.  
  58. 99) Return to Main Menu
  59.  
  60. = Going with Credential Harvester Attack which uses Advanced Phishing Techniques :
  61. 1) Web Templates
  62. 2) Site Cloner
  63. 3) Custom Import
  64.  
  65. 99) Return to Webattack Menu
  66.  
  67. = In this either we can go for 2) Site Cloner OR 3) Custom Import, Entering Web Site Path, IP Address to run the Harvestor, and getting the Data.
  68.  
  69.  
  70. 2. Mass Mailer Attack
  71. = SElecting from 1) Social Engineering Attacks, the next is 5) Mass Mailer Attack.
  72. = Select 2) Email Mass Mailer Attack
  73. = Create a Mail lists on the Attacker's Machine.
  74. = Give the path of the Mail List
  75. = Select a Gmail account and enter the details.
  76. = Add further details of the Dependencies for Mass Mailer Attack
  77. = Use ^C for sending the mails.
  78.  
  79. 3. Powershell Attack Vectors
  80. = Selecting from 1) Social Engineering Attacks, the next is 9) Powershell Attack Vectors.
  81. = Selecting 1) Powershell Alphanumeric Shellcode Injector
  82. = Enter LHOST and LPORT
  83. = Go to the path where the Powershell Exploit File is saved, which is : "/root/.set/reports/powershell/"
  84. = Copy the text file, and save it to Desktop.
  85. = Change the extension from .txt to .bat .
  86. = Share the .bat file to the Victim's PC.
  87. = Run the listener on Attacking Machine.
  88. = Run the powershell.bat PAYLOAD file.
  89. = Get the Meterpreter Session.
  90.  
  91. 4. Spear Phishing
  92. = SElecting from 1) Social Engineering Attacks, the next is 1) Spear-Phishing Attack Vectors.
  93. = Select 2) Create a FileFormat Payload.
  94. = Select a Payload.
  95. = Enter the requirements of sending spear phishing mails.
  96. = Trigger the Victim.
  97.  
  98.  
  99. BEEF FRAMEWORK
  100. ===============
  101.  
  102. BEEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. BEEF is in-built in Kali Linux, and it can be started as a service and can be accessed via a web browser on your localhost machine. We can easily hook a particular Victim through BEEF.
  103.  
  104. STARTING UP BEEF FRAMEWORK
  105. ===========================
  106. = Applications > Search BEEF > Click on "BEEF Start"
  107. = It automatically runs and open up in the Browser using localhost IP Address and Port Number 3000.
  108. http://127.0.0.1:3000/ui/panel
  109. = First it will be opening up a Authentication Page with the URL. The default credentials are beef:beef .
  110. http://localhost:3000/ui/authentication
  111.  
  112. = Now we have to trigger the Victim to open the IP of the attacker where BEEF is running and then further exploiting through the framework after hooking.
  113.  
  114. = It will be showing the Victim's IP in the Online Browser, further when selecting the Victim, we can navigate through "Commands" section for further Exploitation.
  115.  
  116.  
  117. HOOKING URL :
  118.  
  119. ATTACKER'SIP:3000/demos/butcher/index.html
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!