siker Posted December 9, 2013 Share Posted December 9, 2013 Hi,I'm trying to test some Spear Phishing attacks and here is what the steps Im using. Version of SET 5.3.51. Spear Phishing Attack Vectors2. Performs a Mass Email Attack3.SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)4. I enter the IP address of the payload as requested5. Windows Reverse_TCP Meterpreter6. Backdoored Executable7. I entered the tcp PORT of the listener-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds...[*] Backdoor completed successfully. Payload is now hidden within a legit executable.The DLL Hijacker vulnerability will allow normal file extenstions tocall local (or remote) .dll files that can then call your payload orexecutable. In this scenario it will compact the attack in a zip fileand when the user opens the file extension, will trigger the dll thenultimately our payload. During the time of this release, all of thesefile extensions were tested and appear to work and are not patched. Thiswill continiously be updated as time goes on.Enter the choice of the file extension you want to attack:8. Windows Address Book (UNIVERSAL)9 File name enteredTHe next step is where the issues happens. If I choose Zip or RAR I get the following crash and error:[!] Something went wrong, printing the error: not all arguments converted during string formattingIve tied these steps on different distros with the same error produced with these steps.Any ideas?Yes, Ive updated SET.Thanks in advance. Siker Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.