SETOOLKIT Problems on Kali & Backtrack

[siker]

Hi,
I'm trying to test some Spear Phishing attacks and here is what the steps Im using. Version of SET 5.3.5

1. Spear Phishing Attack Vectors
2. Performs a Mass Email Attack
3.SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
4. I enter the IP address of the payload as requested
5. Windows Reverse_TCP Meterpreter
6. Backdoored Executable
7. I entered the tcp PORT of the listener

-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds...[*] Backdoor completed successfully. Payload is now hidden within a legit executable.

The DLL Hijacker vulnerability will allow normal file extenstions to
call local (or remote) .dll files that can then call your payload or
executable. In this scenario it will compact the attack in a zip file
and when the user opens the file extension, will trigger the dll then
ultimately our payload. During the time of this release, all of these
file extensions were tested and appear to work and are not patched. This
will continiously be updated as time goes on.

Enter the choice of the file extension you want to attack:

8. Windows Address Book (UNIVERSAL)
9 File name entered

THe next step is where the issues happens. If I choose Zip or RAR I get the following crash and error:
[!] Something went wrong, printing the error: not all arguments converted during string formatting

Ive tied these steps on different distros with the same error produced with these steps.

Any ideas?
Yes, Ive updated SET.

Thanks in advance.

Siker

[Mr-Protocol]

https://www.trustedsec.com/downloads/social-engineer-toolkit/

If you tweet at them, they will respond ;). Good people at TrustedSec.

[siker]

THanks. Just Tweetef the TrustedSec . Hopefully I'll get something back soon as its been rattling my brain for a while. QUick question for you, do you remember UberHarvest ? its gone now. Cant find it anywhere. Do you happen to have a copy ?

[Mr-Protocol]

No clue what that is. So nope.

[digip]

THanks. Just Tweetef the TrustedSec . Hopefully I'll get something back soon as its been rattling my brain for a while. QUick question for you, do you remember UberHarvest ? its gone now. Cant find it anywhere. Do you happen to have a copy ?

Never heard of UberHarvest but if you're MITM'ing things try dsniff and the like. Even wireshark or tcpdump and filter manually.

[siker]

Uberharvest is not a MITM tool.

The uberharvest tool was designed in the Python language. It requires Python version 2.52 and UP to work properly. If you are using Ubuntu/Backtrack and you have a Python version that is lower than the Python 2.52 supported version, please refer my blog for instructions on downloading and switching a newer version of Python.

Uberharvest also require the user to manually download and install Network Mapper (NMAP) from http://www.insecure.org

Uberharvest Features

— Harvest for email addresses from one website or many at once

— Get target website domain name, domain IP and Geo location

— Scan target website for Mail Exchange (MX) servers IP address.

— Test whether the target MX servers are open-relay server

— Get the target web server version and x-powered-by from the header

— Harvest information using evasion techniques through the use of anonymous proxy and different user-agents.

— Get target server domains from Google search engine

— Use the UP ARROW to reuse old input to increase time efficiency

— Print out results in XML format and XSL style-sheet.

- See more at: http://www.ehacking.net/2012/01/uberharvest-email-domain-harvesting.html#sthash.fq4FDDAQ.dpuf

Edited December 10, 2013 by Mr-Protocol
Fix the dupication, wtf?

[Mr-Protocol]

Omfg someone fix that huge post. I am on mobile.

[mreidiv]

Here is the creaters linked in page maybe you can message him and get it.

http://www.linkedin.com/in/yakovgoldberg

Or ask for it in the backtrack forums

Or you can just use the email harvester in metasploit.

Edited December 10, 2013 by mreidiv