Shinigami Posted June 29, 2012 Share Posted June 29, 2012 1) Web Templates 2) Site Cloner 3) Custom Import 99) Return to Webattack Menu set:webattack>2 [-] Credential harvester will allow you to utilize the clone capabilities within SET [-] to harvest credentials or parameters from a website as well as place them into a report [-] This option is used for what IP the server will POST to. [-] If you're using an external IP, use your external IP for this set:webattack> IP address for the POST back in Harvester/Tabnabbing:*********** [-] SET supports both HTTP and HTTPS [-] Example: http://www.thisisafakesite.com set:webattack> Enter the url to clone:https://*****.com [*] Cloning the website: https://*****.com [*] This could take a little bit... The best way to use this attack is if username and password form fields are available. Regardless, this captures all POSTs on a website. [*] I have read the above message. [*] Press {return} to continue. [*] Social-Engineer Toolkit Credential Harvester Attack [*] Credential Harvester is running on port ***** [*] Information will be displayed to you as it arrives below: localhost - - [29/Jun/2012 13:39:44] "GET / HTTP/1.1" 200 - Problem is, the CLONED_SITE is BLANK. Locating the INDEX.HTML file in the WEB_CLONE folder, its BLANK. I'm not sure why this is happening. It worked perfect until yesterday. I deleted the PROGRAM_JUNK data, also reloaded an old Snapshot of SET, and I still have this issue. It DOES connects to the internet to clone the specified Site, but the cloned_site is just EMPTY/BLANK. I did try plenty of other sites to clone. They all take a while in cloning from the Internet, and smoothly proceeds with listening to incoming connections, but the Index is empty. Could it be a bug in the Update? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 30, 2012 Share Posted June 30, 2012 Try doing an update on SET, to see if that fixes the problem. Quote Link to comment Share on other sites More sharing options...
Shinigami Posted June 30, 2012 Author Share Posted June 30, 2012 Try doing an update on SET, to see if that fixes the problem. I actually tried that, even tried reloading an older release via VMWARE snapshot. Doesn't help. Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted June 30, 2012 Share Posted June 30, 2012 I personally found the SET credential harvesting pages to be quite buggy. If you're trying to harvest credentials, I reccomend using the PHP method. The same method they use on the pineapple, but instead of httpd, use apache2 and instead of a pineapple use a server. You can read all about it in the pineapple tutorials. Quote Link to comment Share on other sites More sharing options...
Skorpinok Rover Posted June 30, 2012 Share Posted June 30, 2012 Try doing an update on SET, to see if that fixes the problem. It dosent work bro.. any other solution ? same problem here.. Thanks. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 1, 2012 Share Posted July 1, 2012 It dosent work bro.. any other solution ? same problem here.. Thanks. Might want to check, if SET is not saving the files into another directory. Quote Link to comment Share on other sites More sharing options...
Skorpinok Rover Posted July 1, 2012 Share Posted July 1, 2012 (edited) Might want to check, if SET is not saving the files into another directory. ok it got its saved on root directory of apache.. sorry for earlier reply.. ok its created on root directory of apache.. root@bt:~# cd //var/www root@bt://var/www# ls eOnplnL index.html nix.bin wstool yqCp6VAwWcLZJx exW2xtOjnmUc mac.bin oeaXoGX2WlBuc x.exe HKDdwwdPqM9Tm msf.exe Signed_Update.jar yGATokQUkcUHvUE -------------------------------------------------------------------------------------------- Edited July 3, 2012 by skorpinok Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.