Jump to content

Need help with SET!


isaac_204
 Share

Recommended Posts

Hello fellows! Once again I need your help :lol: ! I have a problem with the ports I'm using on the Social Engineering Toolkit. By default the Credentials Harvester runs on port 80 but I wanted to change the port to another one like 443 or 4444 etc. However when I change the port from the set.config file the Credentials Harvester doesn't work so I changed the port that apache2 was listening on to the same port the Creds Harvester was listening on and when I try to run it I get this message:

The best way to use this attack is if username and password form
fields are available. Regardless, this captures all POSTs on a website.
[*] The Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 4444
[*] Information will be displayed to you as it arrives below:
[*] Looks like the web_server can't bind to 80. Are you running Apache?
Do you want to attempt to disable Apache? [y/n]: 

 

Also I enabled APACHE_SERVER in the set.config file. Can anybody enlighten me with their knowledge?!

Thanks in advance!

Link to comment
Share on other sites

  • isaac_204 changed the title to Need help with SET!

Isn't it a bit more sus for a person that has that website in front of them to see a weird number after the URL? Just use port 80, most web browsers don't show HTTP and HTTPS ports by default.

Also, you've already stated your answer.

Quote

[*] Looks like the web_server can't bind to 80. Are you running Apache?
Do you want to attempt to disable Apache? [y/n]: 

Also I enabled APACHE_SERVER in the set.config file.

You enabled Apache, and it doesn't want Apache to run on the same port. Run the webserver on port 80 and the backend on another port.

Edited by Dave-ee Jones
Link to comment
Share on other sites

Okay so I reset the settings to default and I stopped apache2 and everything is working fine. However the reason I wanted to change the port from 80 to a different one is, because I can't port forward port 80 as it's blocked by my ISP. Also I don't mind how the URL looks since I'm just experimenting with  SET. So my question is how can I change the port the Credentials Harvester runs on to another one? I've already tried to change the port in the set.config file "WEB_PORT=443" and when I access the cloned site by typing in the URL bar "192.168.1.16:443" it loads normaly but when I type anything on the email or password field and press enter instead of getting the credentials I get this error in the terminal:

 

The best way to use this attack is if username and password form
fields are available. Regardless, this captures all POSTs on a website.
[*] The Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 443
[*] Information will be displayed to you as it arrives below:
192.168.1.4 - - [17/Nov/2017 09:08:09] "GET / HTTP/1.1" 200 -
[*] WE GOT A HIT! Printing the output:
POSSIBLE USERNAME FIELD FOUND: __user=0
PARAM: __a=1
PARAM: __dyn=7AzHK4GgO649UrJxm2q3miWGey8jrWo466ES2Sq2i5U4e2O2K48jyRyUrxuF98qDKaxeUW2ei5pQ14DBxe6ohx3ypUb8uz8bo5aayrgS2m4o9EfEmCxK9geE84eCUmzpEowWCwk84e9xCWK6oc9oy6oswgE-2mbx-8K4uazrwjQEzyUWf-4Uy68sKbxqfyBgoUhyo947Ey
PARAM: __req=1
PARAM: __be=-1
PARAM: __pc=PHASED:DEFAULT
PARAM: __rev=3463961
PARAM: lsd=AVqk3QFo
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.


[*] WE GOT A HIT! Printing the output:
PARAM: __a=1
PARAM: __be=-1
PARAM: __dyn=7AzHK4GgO649UrJxm2q3miWGey8jrWo466ES2Sq2i5U4e2O2K48jyRyUrxuF98qDKaxeUW2ei5pQ14DBxe6ohx3ypUb8uz8bo5aayrgS2m4o9EfEmCxK9geE84eCUmzpEowWCwk84e9xCWK6oc9oy6oswgE-2mbx-8K4uazrwjQEzyUWf-4Uy68sKbxqfyBgoUhyo947Ey
PARAM: __pc=PHASED:DEFAULT
PARAM: __req=2
PARAM: __rev=3463961
POSSIBLE USERNAME FIELD FOUND: __user=0
PARAM: lsd=AVqk3QFo
PARAM: ph=C3
POSSIBLE USERNAME FIELD FOUND: q=[{"user":"0","page_id":"9ji6lu","posts":[["gk2_exposure",{"identifier":"AT4VyfQf3AxNUabC3SATM7_xd3xkC31NlKa_FXDE7lw97X0965wlsUibcquLjraBX7mXtYDQGZnGD-wbNL5JRq1O","hash":"AT69GYK4kJlcg4KX"},1510902488583,0],["script_path_change",{"source_path":null,"source_token":null,"dest_path":"/login.php","dest_token":"ad976420","impression_id":"104d7e83","cause":"load","referrer":""},1510902488591,0],["scuba_sample",{"int":{"clientWidth":1583,"clientHeight":940},"normal":{"view":"normal"},"_ds":"www_tinyview_port","_options":{"addBrowserFields":true}},1510902488649,0],["time_spent_bit_array",{"tos_id":"9ji6lu","start_time":1510902488,"tos_array":[505,0],"tos_len":9,"tos_seq":0,"tos_cum":7},1510902496587,0],["ods:ms.time_spent.qa.www",{"time_spent.bits.js_initialized":[1]},1510902496590,0]],"trigger":"ods:ms.time_spent.qa.www","send_method":"ajax"}]
PARAM: ts=1510902496594
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.

Edited by isaac_204
Link to comment
Share on other sites

Can you redirect all traffic on port 8080 to port 80 after changing the port of the webserver to 8080? You can do this with iptables, but I'm not sure if you're on a Linux machine or not..

It's not technically port forwarding but it should solve your problem (hopefully). Also, I don't see why an ISP would block you trying to host a webserver on port 80. Port-forwarding port 80 would probably be blocked, but I don't understand why you can't host a webserver locally on port 80. Seems silly..

Just host it on port 8080 and type ':8080' at the end of your URL, maybe? For testing purposes.

Link to comment
Share on other sites

  • 4 years later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...