na1 Posted August 31, 2012 Share Posted August 31, 2012 (edited) I recently started expirmenting with SET on my penetration testing network, and I have been unable to get the web attack vectors option to work. I run through the options correctly, I get a msf handler set up, but when I try to navigate to the web page on my victim machine nothing ever happens. Let me break it down: Everything is ran in Virtual Box! Attacker Machine: BT5R3 SET V3.7.1 (I believe I have modified my set config file appropriately to allow for this attack by turning WEBATTACK_EMAIL=ON.) Victime Machine: Windows XP sp2: Browser: Firefox v14.0.1 I use the following options in SET to try to execute my attack: 1 2 1 2 (Fill all the fields with bob or w/e) URL to clone: www.hulu.com 2 16 443 start sendmail: no 1 fill in victim email fill in attacker email flag message: no Craft Email subject opt for html message craft email body ~~~~~ Press <return> to continue [-] *** [-] * WARNING: Database support has been disabled [-] *** SET then launcher msfconsole and starts a handler waiting for the connection from the victim machine. If anyone has any insight on what I am doing wrong I would really appreciate it. SET seems really interesting and I look forward to expirimenting with it more. Unfortunately, there doesn't seem to be a lot of good resources out there for learning about it. Edited August 31, 2012 by na1 Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.