Search the Community

The website cloner is not working for external viewers to my IP, it works from the host computer but no other one, I am quite new to this and would like a detailed responce on how I make it work for external clients visiting the IP. ~Thankyou

Hello fellows! Once again I need your help ! I have a problem with the ports I'm using on the Social Engineering Toolkit. By default the Credentials Harvester runs on port 80 but I wanted to change the port to another one like 443 or 4444 etc. However when I change the port from the set.config file the Credentials Harvester doesn't work so I changed the port that apache2 was listening on to the same port the Creds Harvester was listening on and when I try to run it I get this message: The best way to use this attack is if username and password form fields are available. Regardless, this captures all POSTs on a website. [*] The Social-Engineer Toolkit Credential Harvester Attack [*] Credential Harvester is running on port 4444 [*] Information will be displayed to you as it arrives below: [*] Looks like the web_server can't bind to 80. Are you running Apache? Do you want to attempt to disable Apache? [y/n]: Also I enabled APACHE_SERVER in the set.config file. Can anybody enlighten me with their knowledge?! Thanks in advance!

Just curious if its possible to use the Social Engineering Toolkit with the Wifi Pineapple. Here is what i am thinking about but due to my hardware limitations at the moment and my friend who i test this stuff with is on holiday with his family i can not test this legally and i would never break the law so right now i am unable to test this out and i keep thinking about it and the more i think about it the more i want to know if its possible. I have say a Wifi Pineapple Nano or Tetra as it doesn't matter which one and a laptop running Kali Linux with the Social Engineering toolkit installed. I use SET to clone say facebook as an example (before my hardware limitations as was able to use evil portal to do the same thing but i have never tried it this way before). So i have my pineapple plugged in and it is up and running with no errors to my computer running SET with facebook as my example. On the pineapple i run dnsspoof to make sure that anyone connected to my pineapple the tries to go to "facebook" is redirected to my kali machine running my SET server. Now since they are connected to my network via the pineapple when using the dnsspoof module i should only need to spoof the internal IP address of my kali machine which SET is running, right? Is this possible? As i said i can't test this out yet but i am very curious. Thanks guys

Heya! I'm trying to clone a site via Credential harvester attack method provided by SETkit but I receive the following error: Link: https://ibb.co/hFJuy5 When I proceed to disable apache by ''y'' I receive the error: Link: https://ibb.co/nFXnJ5 Workarounds that I already tried: Reboot apache2ctl start|stop etc Reinstalling apache2 Reinstalling kali Trying on a non HTTPS site apt-get update & updgrade I'm running Linux kali 4.9.0-kali4-amd64 #1 SMP Debian 4.9.25-1kali1 (2017-05-04) x86_64 GNU/Linux on a Oracle VM Virtual Box and yes I'm attempting it on LAN and for EDUCATIONAL purpose only. P.S: Recommend me some site with active members willing to help newbies like me so that I might be able to get help from there as well in the upcoming future. Peace.

guys, I ve made a payload with SET that isnt detectable by windows defender, I can perfectly get a meterpreter session without beign detected, anyway i can do most of the actions that are possible in meterpterer , but when I run the persistence command , Windows Defender gives a report of a trojan Swrort.A . some info Victim pc is running windows 10 64-bit I am attacking localy the attacker is kali sana 2.0 So the question is how can I avoid detection?

I've been exploring some client side attacks lately. What are some good references on client side exploitation? Stuff I've been reading up on lately: Social Engineering Toolkit, Metasploit payloads, Stegosploit. exploit kits, phishing. Always looking for more dirty tricks. If you know of a good client side sucker punch. Books, websites etc.

Hey! Tested on the iPhone 4 running Ios 7 jail broken by using evasion7 I wanted to talk about using a iDevice (ios 7)as a pen testing device . [ Noob Friendly ] First off , why should you use a iDevice as a pen testing device ? Its portable Not noticeable it looks cool :) its pretty fast IOS == Unix It can easily be used with the pineapple ;) Let's move on , so how do you make your iDevice into a pentesting device ? First you need jailbreak your iDevice (eg ; Evasion7) Open Cydia Adding repositories by going to "Manage" and then "Sources" and then "edit" and then "add" Then add all these repositories :: http://cydia.myrepospace.com/Boo/ http://ininjas.com/repo/ http://cydia.xsellize.com/ When that's done . click on "http://ininjas.com/repo/" and scroll down until you see "Metasploit" then click on "Metasploit" and then click on "edit" and then click on "Install" When that's done go back and scroll until you see "Aircrack-ng" and the click on it and install just like previous when thats done install Auto Reconnect , Mobile terminal ,beEF, CUPP, Dsniff Suite , dsniff-fr0g , Ettercap-ng GTk , Ettercap No GTK , Evil Grade ,iAHT, iPwN ,John the Ripper, Low Orbit Ion Cannon , NBTScan, Nikto2, Nmap , Pirni ,Ruby 1.8.6 , Searchsploit , SSLstrip , Wordlists , XSSer , xterm , IWep , SET (not the one thats called Social Engineering Toolkit but the one thats called SET!!) , OpenSSH ! , iSSH I know that are alot of tools and it will take you some time but when its done you have an awesome pentesting device ! When you Installed all those Tools open Mobile terminal or xterm and type "su" and fill in your password "standard password is :: alpine " then type cd /pentest and there are all your tools . Make sure you go to /pentest/exploits/SET/config and open the set_config and change the metasploit path to the path where metasploit is instaleld. If you need help setting up the other tools (should work fine) or if you have any problems feel free to leave them below . Enjoy your simple but powerful pen testing device ;) Merry Christmas! :) - Jesse

Hi hackers, could you please help a noob, I only want to use the setoolkit for external networks so i can link my mates with a link that setoolkit creates but I can only access it on my local network. Im a cert3 I.T student and need expert advice please tell me in detail what the steps are precisely to forward my port from my routers external public address which is classA i live in Australia where we use BIGPOND as our ISP and a Technicolor t587nv3 modem/router i read on this forum that i need to do some port forwarding and use something called no-ip + kali forwarding, but its very vague and i got no actual instructions steps that I can follow, but i checked it out and fiddled and couldnt figure it out so I undid the forwarding and undid the no-ip stuff could you please help me out with this guys I'm desperate to get it working so i can prank my mates so i can give em a proper external ip address shortened by goo.gle and have them forwarded to my kali virtual box thats running setoolkit im sure someone know the steps and has been in my situation. modem/router = Thompson Technicolor T587nV3 ISP = Telstra BigPond and uses a ClassA network structured by NAT(?) VirtualBox Ver = 4.3.12 r93733 Host OS = Windows 7 (x64) Guest OS = Kali 1.09 Linux 3.14.5

I am having a issue thatry to whenever I try to clone page using SET , the facebook page comes in my local language , can anybody help me how can I make in default english language ? I am using VMWare on Wondows 7 , all my default lang is "English"

Hello guys, So with the latest kali linux/backbox i have one huge problem with the SET toolkit for example When i cloned my website and the set toolkit is running it says apache is set to - everything will be placed in your web root directory of apache. Files wil lbe written out to the root directory of apache All files are within your apache directory since you spefied it to on Apache maybe not runiing do you want set to start the process [y/n] So i strungle with this alot because i dont want to have my harvester logs in the apache web root folder i just want it to be displayed in the terminal like in kali 1.0.6 or something without all this apache crap :( I hope some of u know the solution for this problem :) Thank you,

Hello everyone, So I got my Pineapple Mark V and I was trying to use the dns_spoof with the SET on my Kali machine. Here is my scenario: I have the dns_spoof infusion on my MKV running with the line: 172.16.42.110 * (Kali Machine's IP address ) And on my Kali i have SET running a java applet attack on 172.16.42.110. If i go to my victim PC(172.16.42.174, for example) and I type the IP 172.16.42.110 on my browser I get to the SET page. However the Dns Spoof doesn't seem to be spoofing any website to the IP. If i were to browse to www.google.com I just get a blank page. Is there any other configuration I'm missing? Thank you, Joe Almeida

Hi, I'm trying the site cloner from se-toolkit but got a problem for using it external.. On LAN it works fine but I want to use it for external networks. I port forwarded port 80 to my external IP and set up the site cloner with my external IP but I can't connect to it. Why is this?

Hello I have been a SET user for a long time, recently I have tried to use the website vector's site cloning hack and everything seems to work well until I try to use the cloning of the hotmail page, no matter what i try i get a blank page, it loads and shows up in SET but all I get is a blank, I have tried saving an offline page and the only way to get anything is to save as html NOT a complete web page and the sign in bars are tiny and not cloned correctly. Can anyone please give me some advice or help, I am stumped. Please and thanks

Hello all, I am having an issue with DNS spoofing in backtrack 5 r3 ove rmy wireless interface. My attacking computer is a hp pavilion laptop with 2 gigs of ram, x64 processor, backtrack 5 r3, and my wireless card is a Atheros AR2425 with driver ath5k. My victim computer is a windows 7 serv pack 1 box with kasperski antivirus (turned off) and firewall down. I first modified my set_config file to set ETTERCAP=ON and the ETTERCAP_INTERFACE=wlan0. I then ran SET and chose >Social-Engineering Attacks>Website Attack Vectors>Java Applet Attack Method>Site Cloner>Nat/protforwarding NO>Ip addy for reverse connection"192.168.0.8">url to clone: http://www.google.com>Windows'>http://www.google.com>Windows Reverse_TCP Meterpreter>Backdoored Executable>Port 443>It tells me Arp Cache Poisoning is ON>Site to redirect: http://www.google.com>Says'>http://www.google.com>Says its launching attack,loads up metasploit and starts two listners. At this point when I browse to http://www.google.com on my victim computer using ie it simply loads the real google website. Now if I type my subnet ip for the attackign computer SET is hosting the server on it will take me to the fake page and the java applet will appear and work when clicked. My problem is it does not seem to be redirectiong traffic on my wifi network to the fake site when i try to go to the real one. I have tried doing this the old way as well and turning off ETTERCAP inside the SET_config file. I then would launch my fake site in SET and then edit the ETTER.dns file wif the website connect info and my attacker ip. This did not work either. I have also apt-get updated and upgraded backtrack, as well as msfupdate for metasploit and svn updates for set and ettercap. What could I be missing about getting Ettercap to redirect my network traffic? Thank you for your help and let me know if there is any more information you need to help you trouble shoot this issue!