Jump to content

Why Won't This Html Load (using Social Engineering Toolkit)?


dingo_boy
 Share

Recommended Posts

Hello!

Are any of you guys familiar with the Social Engineer Toolkit?

I am attempting to use its Credential Harvester program but I ran into a slight problem.

The Credential Harvester clones a website which has POST login forms. All POST information is transmitted to the attacker once the target connects to his IP and enters details.

I am having problems with Hotmail. The only site seems to be login.live.com. Everything redirects to this site so I have no alternatives to clone.

I clone the site in the Harvester which seems to work. This process creates an index.html file. I then go to my IP address which loads the index.html but all I see is a blank page. The source reveals that the page has, in fact, loaded but nothing is displayed.

I believed that the problem was the base href="" (empty) so I set it to https://login.live.com/pp1300. However, this did not change anything as the page still refused to load.

The source of the index.html (from Firefox) claims that JavaScript is disabled. This is not the case. And I also unloaded NoScript and HTTPS-Everywhere to simulate a 'normal' browser.

Does any one know why the page will not load? Thanks!

Initial source below (I can provide more should you wish).

<html dir="ltr" lang="EN-US"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=5"/><script type="text/javascript">var g_dtFirstByte=new Date();</script><base href=""/><noscript><meta http-equiv="Refresh" content="0; URL=https://login.live.com/jsDisabled.srf?mkt=EN-US&lc=1033"/>Windows Live ID requires JavaScript to sign in. This web browser either does not support JavaScript, or scripts are being blocked.<br /><br />To find out whether your browser supports JavaScript, or to allow scripts, see the browser's online help.</noscript><title>Sign In</title><meta name="description" content="Powerful free e-mail with security from Microsoft - Windows Live Hotmail is a best in class e-mail service that helps you organize and manage all your online stuff in one place"/><meta name="PageID" content="i5030"/><meta name="SiteID" content="64855"/><meta name="ReqLC" content="1033"/><meta name="LocLC" content="1033"/><script type="text/javascript"></script><link rel="shortcut icon" href="http://Https://secure.shared.live.com/~Live.SiteContent.ID/~16.3.16/~/~/~/~/images/favicon.ico" />

<link rel="image_src" href="http://Https://secure.shared.live.com/~Live.SiteContent.ID/~16.3.16/~/~/~/~/images/Windows_Live_v_thumb.jpg" / >

Link to comment
Share on other sites

If I remember correctly SET uses a python script to harvest credentials and personally I don't think the script used there is the best way to do it.

I'd just clone the page myself and use one of the million PHP scripts to write the credentials to a file. Read Darren's tutorial on cloning pages.

Link to comment
Share on other sites


&lt;html dir="ltr" lang="EN-US"&gt;

 &lt;head&gt;
   &lt;title&gt;Sign In&lt;/title&gt;
  &lt;/head&gt;


   &lt;meta http-equiv="Content-Type" content="text/html; charset=utf-8" /&gt;
   &lt;meta http-equiv="Refresh" content="0; URL=https://login.live.com/jsDisabled.srf?mkt=EN-US&amp;lc=1033" /&gt;
   &lt;meta http-equiv="X-UA-Compatible" content="IE=5" /&gt;
   &lt;meta name="description" content="Powerful free e-mail with security from Microsoft - Windows Live Hotmail is a best in class e-mail service that helps you organize and manage all your online stuff in one place" /&gt;
   &lt;meta name="PageID" content="i5030" /&gt;
   &lt;meta name="SiteID" content="64855" /&gt;
   &lt;meta name="ReqLC" content="1033" /&gt;
   &lt;meta name="LocLC" content="1033" /&gt;

&lt;body&gt;

&lt;noscript&gt;
Windows Live ID requires JavaScript to sign in. This web browser either does not support JavaScript, or scripts are being blocked.
&lt;br /&gt;&lt;br /&gt;
To find out whether your browser supports JavaScript, or to allow scripts, see the browser's online help.
&lt;/noscript&gt;



&lt;script type="text/javascript"&gt;

var g_dtFirstByte=new Date();

&lt;/script&gt;


&lt;base href="" /&gt;

 &lt;link rel="shortcut icon" href="https://secure.shared.live.com/~Live.SiteContent.ID/~16.3.16/~/~/~/~/images/favicon.ico" /&gt;
 &lt;link rel="image_src" href="https://secure.shared.live.com/~Live.SiteContent.ID/~16.3.16/~/~/~/~/images/Windows_Live_v_thumb.jpg" /&gt; 


  &lt;/body&gt;
    &lt;/html&gt;

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...