Back on the attacking PC, it will list the session that the user opened to you.Once they click “yes” or “accept” you now have a meterpreter shell to their PC. Then a Java certificate warning pops up, and like any user, they trustingly follow the directions. It says something like the CEO is giving a presentation and you need Java installed and need to run the Java applet that pops up to view the broadcast. On the Victim’s PC, just surf to the attacker PC’s IP Address through a browser and you will see a generic, kinda plain test website that SET creates. The SET webserver will launch, and it will start up Metasploit to listen for incoming connections. Next option is “Do you want to create a Linux/OSX payload too?” I hit no, my target is a Windows PC.Īnd that is it.Next chose port for the Metasploit Listener, 80 is default, I just hit enter.I have never had anything detect number 2 – Shikata_Ga_Nai with 3 encryption passes (encryption passes is next option). Next chose the encoder to bypass anti-virus.Next select the type of payload for the attack, I like option 2 – Windows Reverse_TCP Meterpreter.Next select 1- Java Required (Notice other options…).Next is your choice for attack methods, the Java attack works well, chose 1 – Java Applet Attack Method.(Notice options to clone websites to match the company that you are doing the penetration test for…) Next, chose Option 1, Web Templates, Let SET create a website for you.Now, click on main option 2 – Website Attack Vectors (Notice step 3 – Infections USB/CD/DVD Generator…).Next, I had to reboot my machine to get it to work right after the updates.This will bring up a program menu you need to update both the Social Engineering Toolkit and the Metasploit Framework.Then click on Backtrack, and then the Penetration Menu and finally Social Engineering Toolkit. First click on the menu button, Start the networking service.Obtain Backtrack 4, the VMWare image works great.One last note, turn off Apache or the SET won’t run. And remember that this is a tool for the good guys, who knows what the bad guys are using. Okay, I am kidding, it is a really simple, menu driven process. The following is for informational purposes only, if you chose to try this, you do so at your own risk.Īll right, follow along, this is really technical and there are a lot of steps. Doing so could cost you your job and you could end up in jail. Never attempt to use any security checks or tools on a network that you do not have the authorization and written permission to do so. Or on any machine that will be connected to a live network. Okay, timeout for a disclaimer: This is for security experts only, and should only be done in a testing environment (VMWare images on a PC works great) and not on a live network. If social engineering attacks for penetration testers could be made any simpler, I do not know how. Under the penetration menu is a program called the Social Engineering Toolkit (SET). You don’t believe me? I was once told by a security instructor that instead of trying to convince people that their systems could be at risk, you need to show them.īacktrack 4 has included a program that you do not hear much about in the main stream security media. But it is really complicated and I need to make several bad choices in a row right? No, one wrong mouse click could be all that is needed. ![]() This may not make any difference at all if you allow the program to run. But I have Windows 7 with the latest security updates and my anti-virus is up to date. ![]() Be it a video codex that you must install to watch a video that you really want to watch or even a webpage that tells you that you have a virus and you must install and run the latest online anti-virus scanner to remove it.ĭoing either of these could place the control of your machine into a hacker’s hand. ![]() Hackers will disguise their malware shell and make it look very appealing. People do not understand how dangerous it is to click on unknown links in an e-mail or even on a website. *** Update – Looking for a Backtrack 5 based tutorial? I have created an updated tutorial to cover the newer Backtrack 5 SET.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |