na1

Well I assumed AV was still off.... because I turned it off. But I will go back and double check. Other reverse tcp bind payloads do work.... I like your suggestion on manually running the attack. I could benefit from looking at the java app, the other stuff I tend to deal with already on a daily basis. (work). If I read and understood the material from the SET page correctly, SET uses its own python based server, unless you enable/setup the apache server. I'm pretty sure I was using the default python SET server. I'll go back and look at some of your other suggestions as well. ~~~ The backtrack forums are all but dead. I did post there last week and still no response. Also I have tried the SET irc channel, repeatedly. The only thing I found was some russian dude trying to send 30k emails for god knows what. This is the only place where I got any responses, and I have appreciated the assistance.

Well Backtrack just released R3, and trustedsec just rapid fired on several releases following defcon, so there is a chance that I have encountered a legitimate bug that will be resolved in the future.

It is what it is. I appreciate your help. I have mixed opinions on Armitage. I got my start fooling around with it, but in my humblest of opinions, I didn't feel like it lent itself to gaining a deeper understanding of what was being done. I spent a lot of time just clicking shit, not knowing what I was clicking/doing, and not a lot of learning was getting accomplished. Atleast, that is how I felt about it. Armitage is a pretty well put together product though. I will try the SET interface inside armitage and see if I get the same results. Thank you for the suggestion.

I took my laptop with me to work yesturday and ran the attack with some limited success. I was not able to execute the java applet attack, and still have not been able to do so. But I was able to execute a client side attack and gain access to the victim machine via meterpreter. I was only able to get a connection after spamming the reload button on the victim machine. Unfortunately, that looks like it was a one time only event. I know not every attack is going to be successfull all the time, but I haven't been able to duplicate my own success since the other night. When I navigate to the attacker machine from the victim machine the webpages either don't load right or don't load at all. If I select the "clone" option from SET, the page simply will not load. The listener will pick up the connection then all activity will stop, and the attack doesn't go through. If I use a template a garbled looking website will load up, with out any images and only entry fields. Again, the listener/handler from msf will pick up some activity, try to execute the attack but nothing will go through.

I am pretty sure it doesn't matter what directory it is ran out of. Regardless of the directory I have not experienced any error messages. My rig was allready fully updated and I had this problem before I uninstalled/reinstalled SET. I reinstalled as apart of the troubleshooting process. I have reinstalled and nothing has changed. I am not getting any error messages that would suggest my uninstalling/reinstalling has damaged anything. Besides, breaking stuff is how you learn how to fix it. So even somehow if that was the issue I would welcome the opportunity to fix it. Everything seems legit on the attacker machine. The attack sets up exactly how it should, but regardless of what happens on the attacker machine, I am never displayed the cloned web page on the victim machine. Yes, the two machines are on the same subnet, yes, they can communicate with each other. Yes I am using the IP address of the attacker machine for the reverse connection on the internal network I set up inside virtual box.

Thank you for the reply Mr-protocol. i will try to follow what you did to replicate your results. I will post what I come up with.

Dude you actually insinuated I installed SET on a system that already had a SET installed, after I clearly stated that I had removed set and then reinstalled it. Also, if you had ever used SET you would know that it isn't configured for BT5 at all. You have to go into the config file and set it up yourself. Also, while in most circumstances, running "apt-get update && apt-get dist-upgrade," is a very valid troubleshooting step. However, R3 is less than three weeks old, and I already stated that I am running it. So how much value can we assume that updating my distro is going to add to our trouble shooting process? I don't want to disuade or discourage anyone from helping me, but if you're not going to read anything I post, or follow along at all I could do with out the comments. If all you're going to do is pop in and suggest some very mundane uninformed steps I could do with out it. Also, your comment that, "most everything works out of the box in backtrack," just isn't true at all, if I had to guess you haven't dug very deep into what backtrack has to offer. Or hell, maybe you've just had phenomenal luck, what do I know. What would be very helpful, is if someone tried to replicate my results on their own system. Or run it with the same settings and let me know they where sucessful. I have updated my SET previously, I forgot to say that in here, I noticed that your version is sitting at 525 pwnd, while mine is sitting at 1488. Are you using v3.7.1 as I am? I am wondering if I pull an older version from sourceforge or some other site that it would proove more stable.

..... Anyways I uninstalled and reinstalled SET and I tried to rerun the attack, Pretty much the same thing occured. I decided to take some screen shots to help demonstrate my difficulties. Unfortunately, I can't load them into this forum so I posted them to my blog. http://na1king.blogspot.com/

You where able to execute the attack on a similiar/the same set up with out doing anything special? Perhaps I need to uninstall and reinstall SET. What are the speks on your test network?

I have watched the videos on that site. I have two problems with them: They are very general how too videos that do not lend themselves to a deeper understanding of what is going on with the attack or the program. They are more like what I would make for a friend that doesn't know anything about hacking, not someone trying to understand the mechanics of a hack or a program. So their troubleshooting value is a zero. Secondly, none of his material covers anything past v.0.7, the current version is v3.7.1. It maybe the same program but you'll find that things can change dramatically. For example: even though I have tried tweakin the config file to see if I have/had something wrong in there. There could be a setting some where that I don't have right that I am unaware of that may not of been present in the v0.7, but is present in 3.7.1. There appear to be numerous features relevent to the webattacks vector that are present in 3.7.1, but not present in any of his videos. Right now, I just finished trying some of the other options on the web attack vector thinking that maybe it was just site cloning that was not working. Unfortunately nothing worked. I'm pretty stuck on this, kind of wondering if there is a bug in the current version, but there is no forum on the SE website or trustedsec.com.

I recently started expirmenting with SET on my penetration testing network, and I have been unable to get the web attack vectors option to work. I run through the options correctly, I get a msf handler set up, but when I try to navigate to the web page on my victim machine nothing ever happens. Let me break it down: Everything is ran in Virtual Box! Attacker Machine: BT5R3 SET V3.7.1 (I believe I have modified my set config file appropriately to allow for this attack by turning WEBATTACK_EMAIL=ON.) Victime Machine: Windows XP sp2: Browser: Firefox v14.0.1 I use the following options in SET to try to execute my attack: 1 2 1 2 (Fill all the fields with bob or w/e) URL to clone: www.hulu.com 2 16 443 start sendmail: no 1 fill in victim email fill in attacker email flag message: no Craft Email subject opt for html message craft email body ~~~~~ Press <return> to continue [-] *** [-] * WARNING: Database support has been disabled [-] *** SET then launcher msfconsole and starts a handler waiting for the connection from the victim machine. If anyone has any insight on what I am doing wrong I would really appreciate it. SET seems really interesting and I look forward to expirimenting with it more. Unfortunately, there doesn't seem to be a lot of good resources out there for learning about it.