Page 2 of 7 FirstFirst 1234 ... LastLast
Results 11 to 20 of 67

Thread: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

  1. #11
    Just burned his ISO
    Join Date
    Jan 2010
    Location
    35° 47' N/ 78° 39' W
    Posts
    6

    Default Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    Wow, I would say he does not need to be concerned with it.

    Quite the bio, I just thought that adding such a function to the msfconsole was worthy of involvement with the project.

    Rel1k..I apologize for not looking before I leaped.

  2. #12
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    16

    Default Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    Great tutorial!

    However, I am having some problems running the Java Website attack. I updated to 0.41, BT4 Final.

    I can set everything up according to the tutorial, encode the payload, name the port etc.

    When I do that though I get this error:
    [*] ERROR: You have something running on port 80. (Apache?)
    Exit whatever is listening and restart SET.

    I can't make that error stop. I have tried to rebooting and shutting down my firefox to no avail. Any thoughts?

  3. #13
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    You seem to have a apache server starting with your system. You will have to stop whatever is running on port 80 which is the web server port.

  4. #14
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    16

    Default Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    Thanks for the tip. I got it to work and was able to exploit my old laptop that I have running XP. Great tool and thanks for the write up!

    However, I couldn't exploit my Macbook running OSX 10.6.2. Maybe because it tries to run and osx/x86/ payload where the new Snow Leopard is x64? Maybe that is the case but I don't know. The java security certificate came up and I allowed it on the victim computer but nothing happened on my attacking one. There is only osx/x86, osx/armle, osx/ppc.
    Does this mean that the 64 bit version can't be exploited?

  5. #15
    Senior Member lordplagueis's Avatar
    Join Date
    Jan 2010
    Location
    Virginia
    Posts
    106

    Default Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    [QUOTE=However, I couldn't exploit my Macbook running OSX 10.6.2. Maybe because it tries to run and osx/x86/ payload where the new Snow Leopard is x64? Maybe that is the case but I don't know. The java security certificate came up and I allowed it on the victim computer but nothing happened on my attacking one. There is only osx/x86, osx/armle, osx/ppc.
    Does this mean that the 64 bit version can't be exploited?[/QUOTE]

    unless you held the numbers 6 and 4 keys while booting you are running snow leo in 32 bit mode
    HP DV7
    8GB DDR3
    Core i7-720QM
    Nvidia GeForce GT 320M

    BT5-64bit x WIN7-64bit DualBoot

  6. #16
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    16

    Default Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    This is getting slightly off topic but it seems that almost all the programs on OS X SL are written in 64-bit code, but then I am assuming the OS itself is 32 bit?

    Needless to say, the Java attack did not work with my Snow Leopard Mac. Can anyone comment on this? Has it been used successfully with the newest OS?

  7. #17
    Junior Member
    Join Date
    Jan 2010
    Posts
    53

    Default Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    Hello jaykay232,

    to check if this is a bug in java applet i need some information:
    a) existis a /tmp/ folder ? If not where is /tmp/ folder in snow ?
    b) exists /bin/sh ? If not what is default Shell of snow and where is it located ?

    Thx
    thetom

  8. #18
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    16

    Default Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    Yes both of those exist. Default shell is /bin/sh. /tmp/ is also there.

  9. #19
    Junior Member
    Join Date
    Jan 2010
    Posts
    53

    Default Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    OK, that are good news ( and bad ones to you).
    So applet seems to have no bug.
    Which means your problem seems to be somewhere else ...

    Maybe you should try the custom exe feature and supply binary of texteditor from snow. This way you have a binary that must run and can track down where the problem is.

    good luck.

  10. #20
    theyhadsaid
    Guest

    Default Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    does anyone know how to obfuscate msf payloads? because many av vendors have already done something about it

Page 2 of 7 FirstFirst 1234 ... LastLast

Similar Threads

  1. Help Creating Dial-Up, PPPoE Connection
    By MASTERofMINDS in forum Beginners Forum
    Replies: 4
    Last Post: 04-05-2011, 06:00 AM
  2. A Question about Fake Authentication
    By jasontschk in forum Beginners Forum
    Replies: 6
    Last Post: 02-18-2010, 03:06 PM
  3. creating BT4 USB persistent video
    By jimmy in forum Beginners Forum
    Replies: 0
    Last Post: 02-12-2010, 11:45 PM
  4. Replies: 0
    Last Post: 02-11-2010, 02:06 AM
  5. probleme social engineering toolkit 0.3
    By CX4STORM in forum Beginners Forum
    Replies: 1
    Last Post: 01-25-2010, 04:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •