The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

[HackNCr@ck3r]

Wow, I would say he does not need to be concerned with it.

Quite the bio, I just thought that adding such a function to the msfconsole was worthy of involvement with the project.

Rel1k..I apologize for not looking before I leaped.

[jaykay232]

Great tutorial!

However, I am having some problems running the Java Website attack. I updated to 0.41, BT4 Final.

I can set everything up according to the tutorial, encode the payload, name the port etc.

When I do that though I get this error:
[*] ERROR: You have something running on port 80. (Apache?)
Exit whatever is listening and restart SET.

I can't make that error stop. I have tried to rebooting and shutting down my firefox to no avail. Any thoughts?

[purehate]

You seem to have a apache server starting with your system. You will have to stop whatever is running on port 80 which is the web server port.

[jaykay232]

Thanks for the tip. I got it to work and was able to exploit my old laptop that I have running XP. Great tool and thanks for the write up!

However, I couldn't exploit my Macbook running OSX 10.6.2. Maybe because it tries to run and osx/x86/ payload where the new Snow Leopard is x64? Maybe that is the case but I don't know. The java security certificate came up and I allowed it on the victim computer but nothing happened on my attacking one. There is only osx/x86, osx/armle, osx/ppc.
Does this mean that the 64 bit version can't be exploited?

[lordplagueis]

[QUOTE=However, I couldn't exploit my Macbook running OSX 10.6.2. Maybe because it tries to run and osx/x86/ payload where the new Snow Leopard is x64? Maybe that is the case but I don't know. The java security certificate came up and I allowed it on the victim computer but nothing happened on my attacking one. There is only osx/x86, osx/armle, osx/ppc.
Does this mean that the 64 bit version can't be exploited?[/QUOTE]

unless you held the numbers 6 and 4 keys while booting you are running snow leo in 32 bit mode

[jaykay232]

This is getting slightly off topic but it seems that almost all the programs on OS X SL are written in 64-bit code, but then I am assuming the OS itself is 32 bit?

Needless to say, the Java attack did not work with my Snow Leopard Mac. Can anyone comment on this? Has it been used successfully with the newest OS?

[thetom]

Hello jaykay232,

to check if this is a bug in java applet i need some information:
a) existis a /tmp/ folder ? If not where is /tmp/ folder in snow ?
b) exists /bin/sh ? If not what is default Shell of snow and where is it located ?

Thx
thetom

[jaykay232]

Yes both of those exist. Default shell is /bin/sh. /tmp/ is also there.

[thetom]

OK, that are good news ( and bad ones to you).
So applet seems to have no bug.
Which means your problem seems to be somewhere else ...

Maybe you should try the custom exe feature and supply binary of texteditor from snow. This way you have a binary that must run and can track down where the problem is.

good luck.

[theyhadsaid]

does anyone know how to obfuscate msf payloads? because many av vendors have already done something about it