Jump to content

Why Won't This Html Load (using Social Engineering Toolkit)?

dingo_boy

By dingo_boy
in Security

 Share

Recommended Posts

dingo_boy Newbie

dingo_boy

Posted
Posted

Hello!

Are any of you guys familiar with the Social Engineer Toolkit?

I am attempting to use its Credential Harvester program but I ran into a slight problem.

The Credential Harvester clones a website which has POST login forms. All POST information is transmitted to the attacker once the target connects to his IP and enters details.

I am having problems with Hotmail. The only site seems to be login.live.com. Everything redirects to this site so I have no alternatives to clone.

I clone the site in the Harvester which seems to work. This process creates an index.html file. I then go to my IP address which loads the index.html but all I see is a blank page. The source reveals that the page has, in fact, loaded but nothing is displayed.

I believed that the problem was the base href="" (empty) so I set it to https://login.live.com/pp1300. However, this did not change anything as the page still refused to load.

The source of the index.html (from Firefox) claims that JavaScript is disabled. This is not the case. And I also unloaded NoScript and HTTPS-Everywhere to simulate a 'normal' browser.

Does any one know why the page will not load? Thanks!

Initial source below (I can provide more should you wish).

<html dir="ltr" lang="EN-US"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=5"/><script type="text/javascript">var g_dtFirstByte=new Date();</script><base href=""/><noscript><meta http-equiv="Refresh" content="0; URL=https://login.live.com/jsDisabled.srf?mkt=EN-US&lc=1033"/>Windows Live ID requires JavaScript to sign in. This web browser either does not support JavaScript, or scripts are being blocked.<br /><br />To find out whether your browser supports JavaScript, or to allow scripts, see the browser's online help.</noscript><title>Sign In</title><meta name="description" content="Powerful free e-mail with security from Microsoft - Windows Live Hotmail is a best in class e-mail service that helps you organize and manage all your online stuff in one place"/><meta name="PageID" content="i5030"/><meta name="SiteID" content="64855"/><meta name="ReqLC" content="1033"/><meta name="LocLC" content="1033"/><script type="text/javascript"></script><link rel="shortcut icon" href="http://Https://secure.shared.live.com/~Live.SiteContent.ID/~16.3.16/~/~/~/~/images/favicon.ico" />

<link rel="image_src" href="http://Https://secure.shared.live.com/~Live.SiteContent.ID/~16.3.16/~/~/~/~/images/Windows_Live_v_thumb.jpg" / >

Link to comment
Share on other sites
bobbyb1980 Newbie

bobbyb1980

Posted
Posted

If I remember correctly SET uses a python script to harvest credentials and personally I don't think the script used there is the best way to do it.

I'd just clone the page myself and use one of the million PHP scripts to write the credentials to a file. Read Darren's tutorial on cloning pages.

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted 

&lt;html dir="ltr" lang="EN-US"&gt;

 &lt;head&gt;
   &lt;title&gt;Sign In&lt;/title&gt;
  &lt;/head&gt;


   &lt;meta http-equiv="Content-Type" content="text/html; charset=utf-8" /&gt;
   &lt;meta http-equiv="Refresh" content="0; URL=https://login.live.com/jsDisabled.srf?mkt=EN-US&amp;lc=1033" /&gt;
   &lt;meta http-equiv="X-UA-Compatible" content="IE=5" /&gt;
   &lt;meta name="description" content="Powerful free e-mail with security from Microsoft - Windows Live Hotmail is a best in class e-mail service that helps you organize and manage all your online stuff in one place" /&gt;
   &lt;meta name="PageID" content="i5030" /&gt;
   &lt;meta name="SiteID" content="64855" /&gt;
   &lt;meta name="ReqLC" content="1033" /&gt;
   &lt;meta name="LocLC" content="1033" /&gt;

&lt;body&gt;

&lt;noscript&gt;
Windows Live ID requires JavaScript to sign in. This web browser either does not support JavaScript, or scripts are being blocked.
&lt;br /&gt;&lt;br /&gt;
To find out whether your browser supports JavaScript, or to allow scripts, see the browser's online help.
&lt;/noscript&gt;



&lt;script type="text/javascript"&gt;

var g_dtFirstByte=new Date();

&lt;/script&gt;


&lt;base href="" /&gt;

 &lt;link rel="shortcut icon" href="https://secure.shared.live.com/~Live.SiteContent.ID/~16.3.16/~/~/~/~/images/favicon.ico" /&gt;
 &lt;link rel="image_src" href="https://secure.shared.live.com/~Live.SiteContent.ID/~16.3.16/~/~/~/~/images/Windows_Live_v_thumb.jpg" /&gt; 


  &lt;/body&gt;
    &lt;/html&gt;

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...