Jump to content

SETOOLKIT Problems on Kali & Backtrack


Recommended Posts

Posted

Hi,
I'm trying to test some Spear Phishing attacks and here is what the steps Im using. Version of SET 5.3.5

1. Spear Phishing Attack Vectors
2. Performs a Mass Email Attack
3.SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
4. I enter the IP address of the payload as requested
5. Windows Reverse_TCP Meterpreter
6. Backdoored Executable
7. I entered the tcp PORT of the listener

-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds...[*] Backdoor completed successfully. Payload is now hidden within a legit executable.

The DLL Hijacker vulnerability will allow normal file extenstions to
call local (or remote) .dll files that can then call your payload or
executable. In this scenario it will compact the attack in a zip file
and when the user opens the file extension, will trigger the dll then
ultimately our payload. During the time of this release, all of these
file extensions were tested and appear to work and are not patched. This
will continiously be updated as time goes on.

Enter the choice of the file extension you want to attack:

8. Windows Address Book (UNIVERSAL)
9 File name entered

THe next step is where the issues happens. If I choose Zip or RAR I get the following crash and error:
[!] Something went wrong, printing the error: not all arguments converted during string formatting

Ive tied these steps on different distros with the same error produced with these steps.

Any ideas?
Yes, Ive updated SET.

Thanks in advance.

Siker

Posted

THanks. Just Tweetef the TrustedSec . Hopefully I'll get something back soon as its been rattling my brain for a while. QUick question for you, do you remember UberHarvest ? its gone now. Cant find it anywhere. Do you happen to have a copy ?

Posted

THanks. Just Tweetef the TrustedSec . Hopefully I'll get something back soon as its been rattling my brain for a while. QUick question for you, do you remember UberHarvest ? its gone now. Cant find it anywhere. Do you happen to have a copy ?

Never heard of UberHarvest but if you're MITM'ing things try dsniff and the like. Even wireshark or tcpdump and filter manually.
Posted (edited)

Uberharvest is not a MITM tool.

The uberharvest tool was designed in the Python language. It requires Python version 2.52 and UP to work properly. If you are using Ubuntu/Backtrack and you have a Python version that is lower than the Python 2.52 supported version, please refer my blog for instructions on downloading and switching a newer version of Python.

Uberharvest also require the user to manually download and install Network Mapper (NMAP) from http://www.insecure.org


Uberharvest Features

Harvest for email addresses from one website or many at once

Get target website domain name, domain IP and Geo location

Scan target website for Mail Exchange (MX) servers IP address.

Test whether the target MX servers are open-relay server

Get the target web server version and x-powered-by from the header

Harvest information using evasion techniques through the use of anonymous proxy and different user-agents.

Get target server domains from Google search engine

Use the UP ARROW to reuse old input to increase time efficiency

Print out results in XML format and XSL style-sheet.


- See more at: http://www.ehacking.net/2012/01/uberharvest-email-domain-harvesting.html#sthash.fq4FDDAQ.dpuf
Edited by Mr-Protocol
Fix the dupication, wtf?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...