metasploit的SET的Credential Harvester Attack Method

环境:BT5,XP或者Win7,IE6、IE8、谷歌浏览器

操作如下:

root@bt:/pentest/exploits/set# ./set


             01011001011011110111010100100000011100
             10011001010110000101101100011011000111
             10010010000001101000011000010111011001
             10010100100000011101000110111100100000
             01101101011101010110001101101000001000
             00011101000110100101101101011001010010
             00000110111101101110001000000111100101
             10111101110101011100100010000001101000
             01100001011011100110010001110011001000
             00001110100010110100101001001000000101
             01000110100001100001011011100110101101
             11001100100000011001100110111101110010
             00100000011101010111001101101001011011
             10011001110010000001110100011010000110
             01010010000001010011011011110110001101
             10100101100001011011000010110101000101
             01101110011001110110100101101110011001
             01011001010111001000100000010101000110
             11110110111101101100011010110110100101
             11010000100000001010100110100001110101
             011001110111001100101010

  [---]        The Social-Engineer Toolkit (SET)         [---]        
  [---]        Created by: David Kennedy (ReL1K)         [---]
  [---]        Development Team: JR DePre (pr1me)        [---]
  [---]        Development Team: Joey Furr (j0fer)       [---]
  [---]        Development Team: Thomas Werth            [---]
  [---]        Development Team: Garland                 [---]
  [---]                  Version: 3.6                    [---]
  [---]          Codename: 'MMMMhhhhmmmmmmmmm'           [---]
  [---]        Report bugs: [email protected]         [---]
  [---]         Follow me on Twitter: dave_rel1k         [---]
  [---]       Homepage: https://www.trustedsec.com       [---]

   Welcome to the Social-Engineer Toolkit (SET). Your one
    stop shop for all of your social-engineering needs..
    
    Join us on irc.freenode.net in channel #setoolkit

  The Social-Engineer Toolkit is a product of TrustedSec.

           Visit: https://www.trustedsec.com

 Select from the menu:

   1) Social-Engineering Attacks
   2) Fast-Track Penetration Testing
   3) Third Party Modules
   4) Update the Metasploit Framework
   5) Update the Social-Engineer Toolkit
   6) Update SET configuration
   7) Help, Credits, and About

  99) Exit the Social-Engineer Toolkit

set> 1


                 .M"""bgd `7MM"""YMM MMP""MM""YMM 
                ,MI    "Y   MM    `7 P'   MM   `7 
                `MMb.       MM   d        MM      
                  `YMMNq.   MMmmMM        MM      
                .     `MM   MM   Y  ,     MM      
                Mb     dM   MM     ,M     MM      
                P"Ybmmd"  .JMMmmmmMMM   .JMML.

  [---]        The Social-Engineer Toolkit (SET)         [---]        
  [---]        Created by: David Kennedy (ReL1K)         [---]
  [---]        Development Team: JR DePre (pr1me)        [---]
  [---]        Development Team: Joey Furr (j0fer)       [---]
  [---]        Development Team: Thomas Werth            [---]
  [---]        Development Team: Garland                 [---]
  [---]                  Version: 3.6                    [---]
  [---]          Codename: 'MMMMhhhhmmmmmmmmm'           [---]
  [---]        Report bugs: [email protected]         [---]
  [---]         Follow me on Twitter: dave_rel1k         [---]
  [---]       Homepage: https://www.trustedsec.com       [---]

   Welcome to the Social-Engineer Toolkit (SET). Your one
    stop shop for all of your social-engineering needs..
    
    Join us on irc.freenode.net in channel #setoolkit

  The Social-Engineer Toolkit is a product of TrustedSec.

           Visit: https://www.trustedsec.com

 Select from the menu:

   1) Spear-Phishing Attack Vectors
   2) Website Attack Vectors
   3) Infectious Media Generator
   4) Create a Payload and Listener
   5) Mass Mailer Attack
   6) Arduino-Based Attack Vector
   7) SMS Spoofing Attack Vector
   8) Wireless Access Point Attack Vector
   9) QRCode Generator Attack Vector
  10) Powershell Attack Vectors
  11) Third Party Modules

  99) Return back to the main menu.

set> 2

 The Web Attack module is  a unique way of utilizing multiple web-based attacks
 in order to compromise the intended victim.

 The Java Applet Attack method will spoof a Java Certificate and deliver a 
 metasploit based payload. Uses a customized java applet created by Thomas
 Werth to deliver the payload.

 The Metasploit Browser Exploit method will utilize select Metasploit
 browser exploits through an iframe and deliver a Metasploit payload.

 The Credential Harvester method will utilize web cloning of a web-
 site that has a username and password field and harvest all the 
 information posted to the website.

 The TabNabbing method will wait for a user to move to a different
 tab, then refresh the page to something different.

 The Man Left in the Middle Attack method was introduced by Kos and 
 utilizes HTTP REFERER's in order to intercept fields and harvest 
 data from them. You need to have an already vulnerable site and in-
 corporate 
                    
                    

你可能感兴趣的:(metasploit,SET,backtrack)