################################################## ################################################
# The following config file will allow you to customize settings within
# the Social Engineer Toolkit. The lines that do not have comment code
# ("#") are the fields you want to toy with. They are pretty easy to
# understand.
#
# The Metasploit path is the default path for where Metasploit is located.
# Metasploit is required for SET to function properly.
#
# The ETTERCAP function specifies if you want to use ARP Cache poisoning in
# conjunction with the web attacks, note that ARP Cache poisoning is only
# for internal subnets only and does not work against people on the internet.
#
# The SENDMAIL option allows you to spoof source IP addresses utilizing an
# application called SendMail. Sendmail is installed by default on BackTrack 4
# and can be used to spoof email addresses when performing the mass email
# attacks.
#
# Note that ETTERCAP and SENDMAIL flags only accept ON or OFF switches.
#
# Note that the Metasploit_PATH cannot have a / after the folder name.
#
# There are additional options, read the comments for additional descriptions.
#
################################################## ##############################################
#
# DEFINE THE PATH TO METASPLOIT HERE, FOR EXAMPLE /pentest/exploits/framework3
METASPLOIT_PATH=/pentest/exploits/framework3
#
# DEFINE TO USE ETTERCAP OR NOT WHEN USING WEBSITE ATTACK ONLY SET TO ON AND OFF
ETTERCAP=OFF
#
# SPECIFY WHAT INTERFACE YOU WANT ETTERCAP TO LISTEN ON, IF NOTHING WILL DEFAULT
# EXAMPLE: ETTERCAP_INTERFACE=wlan0
ETTERCAP_INTERFACE=eth0
#
# ETTERCAP HOME DIRECTORY (NEEDED FOR DNS_SPOOF)
ETTERCAP_PATH=/usr/share/ettercap
#
# SENDMAIL ON OR OFF FOR SPOOFING EMAIL ADDRESSES
SENDMAIL=OFF
#
# SET TO ON IF YOU WANT TO USE EMAIL IN CONJUNCTION WITH WEB ATTACK
WEBATTACK_EMAIL=OFF
#
# CREATE SELF-SIGNED JAVA APPLETS AND SPOOF PUBLISHER NOTE THIS REQUIRES YOU TO
# INSTALL ---> JAVA 6 JDK, BT4 OR UBUNTU USERS: apt-get install openjdk-6-jdk
# IF THIS IS NOT INSTALLED IT WILL NOT WORK. CAN ALSO DO apt-get install sun-java6-jdk
SELF_SIGNED_APPLET=OFF
#
# THIS FLAG WILL SET THE JAVA ID FLAG WITHIN THE JAVA APPLET TO SOMETHING DIFFERENT.
# THIS COULD BE TO MAKE IT LOOK MORE BELIEVABLE OR FOR BETTER OBFUSCATION
JAVA_ID_PARAM=Secure Java Applet
#
# JAVA APPLET REPEATER OPTION WILL CONTINUE TO PROMPT THE USER WITH THE JAVA APPLET IF
# THE USER HITS CANCEL. THIS MEANS IT WILL BE NON STOP UNTIL RUN IS EXECUTED. THIS GIVES
# A BETTER SUCCESS RATE FOR THE JAVA APPLET ATTACK
JAVA_REPEATER=ON
#
# JAVA REPEATER TIMING WHICH IS THE DELAY IT TAKES BETWEEN THE USER HITTING CANCEL TO
# WHEN THE NEXT JAVA APPLET RUNS. BE CAREFUL SETTING TO LOW AS IT WILL SPAWM THEM OVER
# AND OVER EVEN IF THEY HIT RUN. 200 EQUALS 2 SECONDS.
JAVA_TIME=200
#
# AUTO DETECTION OF IP ADDRESS INTERFACE UTILIZING GOOGLE, SET THIS ON IF YOU WANT
# SET TO AUTODETECT YOUR INTERFACE
AUTO_DETECT=ON
#
# SPECIFY WHAT PORT TO RUN THE HTTP SERVER OFF OF THAT SERVES THE JAVA APPLET ATTACK
# OR METASPLOIT EXPLOIT. DEFAULT IS PORT 80.
WEB_PORT=80
#
# CUSTOM EXE YOU WANT TO USE FOR METASPLOIT ENCODING, THIS USUALLY HAS BETTER AV
# DETECTION. CURRENTLY IT IS SET TO LEGIT.BINARY WHICH IS JUST CALC.EXE. AN EXAMPLE
# YOU COULD USE WOULD BE PUTTY.EXE SO THIS FIELD WOULD BE /pathtoexe/putty.exe
CUSTOM_EXE=src/exe/legit.binary
#
# MAN LEFT IN THE MIDDLE PORT, THIS WILL BE USED FOR THE WEB SERVER BIND PORT
MLITM_PORT=80
#
# USE APACHE INSTEAD OF STANDARD PYTHON WEB SERVERS, THIS WILL INCREASE SPEED OF
# THE ATTACK VECTOR
APACHE_SERVER=OFF
#
# PATH TO THE APACHE WEBROOT
APACHE_DIRECTORY=/var/www
#
# TURN ON SSL CERTIFICATES FOR SET SECURE COMMUNICATIONS THROUGH WEB_ATTACK VECTOR
WEBATTACK_SSL=OFF
#
# PATH TO THE PEM FILE TO UTILIZE CERTIFICATES WITH THE WEB ATTACK VECTOR (REQUIRED)
# YOU CAN CREATE YOUR OWN UTILIZING SET, JUST TURN ON SELF_SIGNED_CERT
# IF YOUR USING THIS FLAG, ENSURE OPENSSL IS INSTALLED!
#
SELF_SIGNED_CERT=OFF
#
# BELOW IS THE CLIENT/SERVER (PRIVATE) CERT, THIS MUST BE IN PEM FORMAT IN ORDER TO WORK
# SIMPLY PLACE THE PATH YOU WANT FOR EXAMPLE /root/ssl_client/server.pem
PEM_CLIENT=/root/newcert.pem
PEM_SERVER=/root/newreq.pem
#
# TWEAK THE WEB JACKING TIME USED FOR THE IFRAME REPLACE, SOMETIMES IT CAN BE A LITTLE SLOW
# AND HARDER TO CONVINCE THE VICTIM. 5000 = 5 seconds
WEBJACKING_TIME=2000
#
# PORT FOR THE COMMAND CENTER
COMMAND_CENTER_PORT=44444
#
# COMMAND CENTER INTERFACE TO BIND TO BY DEFAULT IT IS LOCALHOST ONLY. IF YOU WANT TO ENABLE IT
# SO YOU CAN HIT THE COMMAND CENTER REMOTELY PUT THE INTERFACE TO 0.0.0.0 TO BIND TO ALL INTERFACES.
COMMAND_CENTER_INTERFACE=127.0.0.1
#
# HOW MANY TIMES SET SHOULD ENCODE A PAYLOAD IF YOU ARE USING STANDARD METASPLOIT ENCODING OPTIONS
ENCOUNT=4
#
# WHAT DO YOU WANT TO USE FOR YOUR DEFAULT TERMINAL WITHIN THE COMMAND CENTER. THE DEFAULT IS XTERM
# THE OPTIONS YOU HAVE ARE AS FOLLOW - GNOME, KONSOLE, XTERM, SOLO. IF YOU SELECT SOLO IT WILL PLACE
# ALL RESULTS IN THE SAME SHELL YOU USED TO OPEN THE SET-WEB INTERFACE. THIS IS USEFUL IF YOUR USING
# SOMETHING THAT ONLY HAS ONE CONSOLE, LETS SAY A IPHONE OR IPAD.
TERMINAL=XTERM
#
#
# IF THIS OPTION IS SET, THE METASPLOIT PAYLOADS WILL AUTOMATICALLY MIGRATE TO
# NOTEPAD ONCE THE APPLET IS EXECUTED. THIS IS BENEFICIAL IF THE VICTIM CLOSES
# THE BROWSER HOWEVER CAN INTRODUCE BUGGY RESULTS WHEN AUTO MIGRATING.
AUTO_MIGRATE=OFF
#
################################################## #################################################
Social Engineering Toolkit Help!!
Originally Posted by sickness
Posting Permissions