The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

Printable View

Show 40 post(s) from this thread on one page

02-23-2010, 02:48 PM
purehate

The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

I did a little write up on the new Java applet attack in the social engineering toolkit. I use it to clone a web site and trick a target into visiting it.

The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes
02-23-2010, 04:35 PM
Snayler

Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

Really interesting attack, pureh@te. I will take a look at it soon. Thanks for sharing!
02-23-2010, 08:23 PM
brtw2003

Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

here the attack presented by rel1k itself during Shmoocon 2010:

download all the firetalk's videos - must see...lot of fun ;-)

http://blip.tv/file/get/Irongeek-shm...ks20101888.mp4
http://blip.tv/file/get/Irongeek-shm...ks20102210.mp4

P.S: epsecially the Pentoo one ;-)
....hehehe I like these gentoo folks...

/brtw2003
02-23-2010, 08:45 PM
purehate

Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

I know I was there.
02-24-2010, 12:07 AM
Corleone

Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

I'm trying the website attack vectors option in SET.
Al goes well untill i look at the email and open the link ,a
jave applet should appear but it doesnt!

On my bt4 machine i have sun java and openjdk installed.
On my victim machine i've installed java too.

Any ideas on what i'm doin wrong?

SET's other options work great!!I love this tool!

c
02-24-2010, 02:46 AM
nightlybuild

Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

There was a writeup on this over here if you want some more to read:

Metasploit Unleashed - Mastering the Framework
Ch.8 / Social-Engineering Toolkit

It's a pretty interesting toolkit.
02-24-2010, 04:12 PM
b_114

Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

Are theire any ways to spoof Emails.

like From test@test.com
to: potter@gmail.com

And this should not go automatically in SPAM!

In the Config File you can change Sendmail to ON but my tes Email went to Spam ;-(

Thanks
02-25-2010, 12:40 AM
HackNCr@ck3r

Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

Nice, I wonder if the applet could be modified to mask the URL...

ReL1k, you should see if Rapid7 is hiring...:cool:

HackNCr@ck3r
02-26-2010, 02:39 AM
lupin

Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

Nice one ph!

@b_114 - The spoofing of the sender address in an email is easy. Bypassing a spam filter takes slightly more work. If you want to learn how to do this I'd recommend you read up on how various spam filtering methods work. SPF (Sender Policy Framework), for example, is one spam prevention method that works based on the sender address...
02-26-2010, 01:22 PM
Archangel-Amael

Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

Quote:

Originally Posted by HackNCr@ck3r

ReL1k, you should see if Rapid7 is hiring...:cool:

ReL1k probably doesn't need the job. You might wanna check his bio out.

Show 40 post(s) from this thread on one page

All times are GMT. The time now is 12:46 AM.