Results 1 to 6 of 6

Thread: SET encription

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Location
    uk
    Posts
    23

    Default SET encription

    hello
    I am clonning a website using social engineering tool kit and can dowload the exploit OK and get a meterpreter session only if my AV is disabled. With AV enabled it gets caught ever time.
    Is it possible to re-encript the file using metersploit and if so which file has been created by SET.
    SET does not seem allow the option to use multi encoders like you can in metersploit unless I have missed something.
    thanks very much

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: SET encription

    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    Senior Member voidnecron's Avatar
    Join Date
    May 2010
    Posts
    132

    Default Re: SET encription

    Another great tut which helped me : YouTube - Windows 7 AV Bypass with -x in msfencode
    "The difference between RAID1 and RAID0 is that the zero stands for how many files you're gonna have after a harddisk failure."

  4. #4
    Just burned his ISO
    Join Date
    Feb 2010
    Location
    uk
    Posts
    23

    Default Re: SET encription

    thanks for info, I have found these before but revisited.
    My problems:-
    1 Using Java Applet Method. Works find with No AV, but AVG catches it.
    Am I correct in thinking the HTML and signed update.jar are located in /src/site/template.
    These two files show 0/43 when sent to VirusTotal.
    Is /src/exe/legit.binary the file that is inserted into the cloned site, this file is also clean in VirusTotal. I know how to make another encripted exe in metersplot, by editing the set_config to the new exe does not solve the problem.

    2 If set_config SENDMAIL=OFF and WEBATTACK_EMAIL=OFF should this stop set asking for the email info. I am trying this on my local LAN and do not wish to eMail, I am entering the IP of the attacker machine in the browser.
    thanks

  5. #5
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    19

    Default Re: SET encription

    If SENDMAIL=OFF and WEBATTACK_EMAIL are OFF, you shouldn't be getting prompted for email's using the Java Applet attack. That's pretty strange the AV is hitting it, it's not hitting the applet, thats safe, the backdoored executable may be getting caught, your just going to hav eto play with it. What A/V are you getting snagged by? If you go into src/web_clone/site/template you'll see the executable there, that's the one getting snagged. What you can do is import your own executable that isn't getting flagged if the MSF ones are not getting past AV properly.

    Hope that helps.

    -Dave

  6. #6
    Just burned his ISO
    Join Date
    Feb 2010
    Location
    uk
    Posts
    23

    Default Re: SET encription

    Thanks for confirming what I thought was the file at src/web_clone/site/template.
    I am using AVG as my AV.
    Will now create my own file using metasploit, I just can't figure out why it tries to Email but it's not the end of the world, just wastes time when testing.
    Thanks for your help.

Similar Threads

  1. Drive Encription and BT4
    By nebusoku in forum OLD BackTrack 4 General Support
    Replies: 4
    Last Post: 08-05-2009, 09:33 PM
  2. Wireless no encription and pppoe
    By magnusum9999 in forum OLD Newbie Area
    Replies: 0
    Last Post: 03-28-2007, 06:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •