isaac_204 Posted November 16, 2017 Share Posted November 16, 2017 Hello fellows! Once again I need your help ! I have a problem with the ports I'm using on the Social Engineering Toolkit. By default the Credentials Harvester runs on port 80 but I wanted to change the port to another one like 443 or 4444 etc. However when I change the port from the set.config file the Credentials Harvester doesn't work so I changed the port that apache2 was listening on to the same port the Creds Harvester was listening on and when I try to run it I get this message: The best way to use this attack is if username and password form fields are available. Regardless, this captures all POSTs on a website. [*] The Social-Engineer Toolkit Credential Harvester Attack [*] Credential Harvester is running on port 4444 [*] Information will be displayed to you as it arrives below: [*] Looks like the web_server can't bind to 80. Are you running Apache? Do you want to attempt to disable Apache? [y/n]: Also I enabled APACHE_SERVER in the set.config file. Can anybody enlighten me with their knowledge?! Thanks in advance! Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted November 16, 2017 Share Posted November 16, 2017 (edited) Isn't it a bit more sus for a person that has that website in front of them to see a weird number after the URL? Just use port 80, most web browsers don't show HTTP and HTTPS ports by default. Also, you've already stated your answer. Quote [*] Looks like the web_server can't bind to 80. Are you running Apache? Do you want to attempt to disable Apache? [y/n]: Also I enabled APACHE_SERVER in the set.config file. You enabled Apache, and it doesn't want Apache to run on the same port. Run the webserver on port 80 and the backend on another port. Edited November 16, 2017 by Dave-ee Jones Quote Link to comment Share on other sites More sharing options...
isaac_204 Posted November 17, 2017 Author Share Posted November 17, 2017 (edited) Okay so I reset the settings to default and I stopped apache2 and everything is working fine. However the reason I wanted to change the port from 80 to a different one is, because I can't port forward port 80 as it's blocked by my ISP. Also I don't mind how the URL looks since I'm just experimenting with SET. So my question is how can I change the port the Credentials Harvester runs on to another one? I've already tried to change the port in the set.config file "WEB_PORT=443" and when I access the cloned site by typing in the URL bar "192.168.1.16:443" it loads normaly but when I type anything on the email or password field and press enter instead of getting the credentials I get this error in the terminal: The best way to use this attack is if username and password form fields are available. Regardless, this captures all POSTs on a website. [*] The Social-Engineer Toolkit Credential Harvester Attack [*] Credential Harvester is running on port 443 [*] Information will be displayed to you as it arrives below: 192.168.1.4 - - [17/Nov/2017 09:08:09] "GET / HTTP/1.1" 200 - [*] WE GOT A HIT! Printing the output: POSSIBLE USERNAME FIELD FOUND: __user=0 PARAM: __a=1 PARAM: __dyn=7AzHK4GgO649UrJxm2q3miWGey8jrWo466ES2Sq2i5U4e2O2K48jyRyUrxuF98qDKaxeUW2ei5pQ14DBxe6ohx3ypUb8uz8bo5aayrgS2m4o9EfEmCxK9geE84eCUmzpEowWCwk84e9xCWK6oc9oy6oswgE-2mbx-8K4uazrwjQEzyUWf-4Uy68sKbxqfyBgoUhyo947Ey PARAM: __req=1 PARAM: __be=-1 PARAM: __pc=PHASED:DEFAULT PARAM: __rev=3463961 PARAM: lsd=AVqk3QFo [*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. [*] WE GOT A HIT! Printing the output: PARAM: __a=1 PARAM: __be=-1 PARAM: __dyn=7AzHK4GgO649UrJxm2q3miWGey8jrWo466ES2Sq2i5U4e2O2K48jyRyUrxuF98qDKaxeUW2ei5pQ14DBxe6ohx3ypUb8uz8bo5aayrgS2m4o9EfEmCxK9geE84eCUmzpEowWCwk84e9xCWK6oc9oy6oswgE-2mbx-8K4uazrwjQEzyUWf-4Uy68sKbxqfyBgoUhyo947Ey PARAM: __pc=PHASED:DEFAULT PARAM: __req=2 PARAM: __rev=3463961 POSSIBLE USERNAME FIELD FOUND: __user=0 PARAM: lsd=AVqk3QFo PARAM: ph=C3 POSSIBLE USERNAME FIELD FOUND: q=[{"user":"0","page_id":"9ji6lu","posts":[["gk2_exposure",{"identifier":"AT4VyfQf3AxNUabC3SATM7_xd3xkC31NlKa_FXDE7lw97X0965wlsUibcquLjraBX7mXtYDQGZnGD-wbNL5JRq1O","hash":"AT69GYK4kJlcg4KX"},1510902488583,0],["script_path_change",{"source_path":null,"source_token":null,"dest_path":"/login.php","dest_token":"ad976420","impression_id":"104d7e83","cause":"load","referrer":""},1510902488591,0],["scuba_sample",{"int":{"clientWidth":1583,"clientHeight":940},"normal":{"view":"normal"},"_ds":"www_tinyview_port","_options":{"addBrowserFields":true}},1510902488649,0],["time_spent_bit_array",{"tos_id":"9ji6lu","start_time":1510902488,"tos_array":[505,0],"tos_len":9,"tos_seq":0,"tos_cum":7},1510902496587,0],["ods:ms.time_spent.qa.www",{"time_spent.bits.js_initialized":[1]},1510902496590,0]],"trigger":"ods:ms.time_spent.qa.www","send_method":"ajax"}] PARAM: ts=1510902496594 [*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT. Edited November 17, 2017 by isaac_204 Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted November 20, 2017 Share Posted November 20, 2017 Can you redirect all traffic on port 8080 to port 80 after changing the port of the webserver to 8080? You can do this with iptables, but I'm not sure if you're on a Linux machine or not.. It's not technically port forwarding but it should solve your problem (hopefully). Also, I don't see why an ISP would block you trying to host a webserver on port 80. Port-forwarding port 80 would probably be blocked, but I don't understand why you can't host a webserver locally on port 80. Seems silly.. Just host it on port 8080 and type ':8080' at the end of your URL, maybe? For testing purposes. Quote Link to comment Share on other sites More sharing options...
Hackmenot Posted December 6, 2021 Share Posted December 6, 2021 Stai utilizzando Nethunter su Android? Quote Link to comment Share on other sites More sharing options...
Irukandji Posted December 6, 2021 Share Posted December 6, 2021 Ehi, questo è vero! vecchio post di 4 anni. E sto usando google translate Quote Link to comment Share on other sites More sharing options...
John Smith77 Posted December 24, 2022 Share Posted December 24, 2022 Hello, did you find the answer to this question? I have exactly the same issue when I am trying to use SET with the my public IP. My ISP is blocking inbound traffic on port 80, so I tried using port 443 and 8080 and in the same way I am able to open my webpage from outside IP addresses, but when I enter test credentials and hit sign in - the page keeps loading and SET does not capture anything. I went one step further, and configured to get HTTP request traffic on myPublicIPaddress:443 and then forward it to myPrivateIPaddress:80 , and in the same way when I try to test from my cellphone connection, I can open the webpage, but I can not capture the credentials (I am using Credential Harvester > Web Templates > Google) Please let me know if you found a solution or an alternative method to that can be used with the public IP addresses Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.