dingo_boy Posted June 6, 2012 Share Posted June 6, 2012 Hello! Are any of you guys familiar with the Social Engineer Toolkit? I am attempting to use its Credential Harvester program but I ran into a slight problem. The Credential Harvester clones a website which has POST login forms. All POST information is transmitted to the attacker once the target connects to his IP and enters details. I am having problems with Hotmail. The only site seems to be login.live.com. Everything redirects to this site so I have no alternatives to clone. I clone the site in the Harvester which seems to work. This process creates an index.html file. I then go to my IP address which loads the index.html but all I see is a blank page. The source reveals that the page has, in fact, loaded but nothing is displayed. I believed that the problem was the base href="" (empty) so I set it to https://login.live.com/pp1300. However, this did not change anything as the page still refused to load. The source of the index.html (from Firefox) claims that JavaScript is disabled. This is not the case. And I also unloaded NoScript and HTTPS-Everywhere to simulate a 'normal' browser. Does any one know why the page will not load? Thanks! Initial source below (I can provide more should you wish). <html dir="ltr" lang="EN-US"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=5"/><script type="text/javascript">var g_dtFirstByte=new Date();</script><base href=""/><noscript><meta http-equiv="Refresh" content="0; URL=https://login.live.com/jsDisabled.srf?mkt=EN-US&lc=1033"/>Windows Live ID requires JavaScript to sign in. This web browser either does not support JavaScript, or scripts are being blocked.<br /><br />To find out whether your browser supports JavaScript, or to allow scripts, see the browser's online help.</noscript><title>Sign In</title><meta name="description" content="Powerful free e-mail with security from Microsoft - Windows Live Hotmail is a best in class e-mail service that helps you organize and manage all your online stuff in one place"/><meta name="PageID" content="i5030"/><meta name="SiteID" content="64855"/><meta name="ReqLC" content="1033"/><meta name="LocLC" content="1033"/><script type="text/javascript"></script><link rel="shortcut icon" href="http://Https://secure.shared.live.com/~Live.SiteContent.ID/~16.3.16/~/~/~/~/images/favicon.ico" /> <link rel="image_src" href="http://Https://secure.shared.live.com/~Live.SiteContent.ID/~16.3.16/~/~/~/~/images/Windows_Live_v_thumb.jpg" / > Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted June 6, 2012 Share Posted June 6, 2012 If I remember correctly SET uses a python script to harvest credentials and personally I don't think the script used there is the best way to do it. I'd just clone the page myself and use one of the million PHP scripts to write the credentials to a file. Read Darren's tutorial on cloning pages. Quote Link to comment Share on other sites More sharing options...
digip Posted June 7, 2012 Share Posted June 7, 2012 Well, edit the page, and clean up all the "http://Https" to be just http://. See if that fixes it. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 12, 2012 Share Posted June 12, 2012 <html dir="ltr" lang="EN-US"> <head> <title>Sign In</title> </head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="Refresh" content="0; URL=https://login.live.com/jsDisabled.srf?mkt=EN-US&lc=1033" /> <meta http-equiv="X-UA-Compatible" content="IE=5" /> <meta name="description" content="Powerful free e-mail with security from Microsoft - Windows Live Hotmail is a best in class e-mail service that helps you organize and manage all your online stuff in one place" /> <meta name="PageID" content="i5030" /> <meta name="SiteID" content="64855" /> <meta name="ReqLC" content="1033" /> <meta name="LocLC" content="1033" /> <body> <noscript> Windows Live ID requires JavaScript to sign in. This web browser either does not support JavaScript, or scripts are being blocked. <br /><br /> To find out whether your browser supports JavaScript, or to allow scripts, see the browser's online help. </noscript> <script type="text/javascript"> var g_dtFirstByte=new Date(); </script> <base href="" /> <link rel="shortcut icon" href="https://secure.shared.live.com/~Live.SiteContent.ID/~16.3.16/~/~/~/~/images/favicon.ico" /> <link rel="image_src" href="https://secure.shared.live.com/~Live.SiteContent.ID/~16.3.16/~/~/~/~/images/Windows_Live_v_thumb.jpg" /> </body> </html> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.