SET's Error of Sendmail
Hi,
A Engineering Social Toolkit Error I'm encountering is with sendmail. "Something went wrong, printing the error: (530: '5.7.0 MUST ISSUE A STARTTLS COMMAND FIRST . m5sm1906592pbh.70', 'XXXX@gmail.com')" I am attempting to send with a Gmail account.
Here are my options.
Anyone else has similar experiences? ThanksCode:Select from the menu: 1. Spear-Phishing Attack Vectors 2. Website Attack Vectors 3. Infectious Media Generator 4. Create a Payload and Listener 5. Mass Mailer Attack 6. Teensy USB HID Attack Vector 7. SMS Spoofing Attack Vector 8. Wireless Access Point Attack Vector 9. Third Party Modules 10. Update the Metasploit Framework 11. Update the Social-Engineer Toolkit 12. Help, Credits, and About 13. Exit the Social-Engineer Toolkit Enter your choice: 2 The Social-Engineer Toolkit "Web Attack" vector is a unique way of utilizing multiple web-based attacks in order to compromise the intended victim. Enter what type of attack you would like to utilize. The Java Applet attack will spoof a Java Certificate and deliver a metasploit based payload. Uses a customized java applet created by Thomas Werth to deliver the payload. The Metasploit browser exploit method will utilize select Metasploit browser exploits through an iframe and deliver a Metasploit payload. The Credential Harvester Method will utilize web cloning of a website that has a username and password field and harvest all the information posted to the website. The TabNabbing Method will wait for a user to move to a different tab, then refresh the page to something different. The Man Left in the Middle Attack Method was introduced by Kos and utilizes HTTP REFERER's in order to intercept fields and harvest data from them. You need to have an already vulnerable site and incorporate <script src="http://YOURIP/">. This could either be from a compromised site or through XSS. The web jacking attack method was introduced by white_sheep, Emgent and the Back|Track team. This method utilizes iframe replacements to make the highlighted URL link to appear legitimate however when clicked a window pops up then is replaced with the malicious link. You can edit the link replacement settings in the set_config if its too slow/fast. The multi-attack will add a combination of attacks through the web attack menu. For example you can utilize the Java Applet, Metasploit Browser, Credential Harvester/Tabnabbing, and the Man Left in the Middle attack all at once to see which is successful. 1. The Java Applet Attack Method 2. The Metasploit Browser Exploit Method 3. Credential Harvester Attack Method 4. Tabnabbing Attack Method 5. Man Left in the Middle Attack Method 6. Web Jacking Attack Method 7. Multi-Attack Web Method 8. Return to the previous menu Enter your choice (press enter for default): 3 The first method will allow SET to import a list of pre-defined web applications that it can utilize within the attack. The second method will completely clone a website of your choosing and allow you to utilize the attack vectors within the completely same web application you were attempting to clone. The third method allows you to import your own website, note that you should only have an index.html when using the import website functionality. [!] Website Attack Vectors [!] 1. Web Templates 2. Site Cloner 3. Custom Import 4. Return to main menu Enter number (1-4): 2 Email harvester will allow you to utilize the clone capabilities within SET to harvest credentials or parameters from a website as well as place them into a report. SET supports both HTTP and HTTPS Example: http://www.thisisafakesite.com Enter the url to clone: https://gmail.com [*] Cloning the website: https://gmail.com[*] This could take a little bit... The best way to use this attack is if username and password form fields are available. Regardless, this captures all POSTs on a website.[*] I have read the above message.[*] Press {return} to continue. Sendmail is a Linux based SMTP Server, this can be used to spoof email addresses. Sendmail can take up to three minutes to start FYI. Sendmail is set to ON. Would you like to start the server now? Would you like to start Sendmail yes or no: yes Be patient, it takes up to 3-5 minutes to start sometimes. Starting sendmail: Social Engineer Toolkit Mass E-Mailer There are two options on the mass e-mailer, the first would be to send an email to one individual person. The second option will allow you to import a list and send it to as many people as you want within that list. What do you want to do: 1. E-Mail Attack Single Email Address 2. E-Mail Attack Mass Mailer 3. Return to main menu. Enter your choice: 1 Enter who you want to send email to: xxxx@163.com What option do you want to use? 1. Use a GMAIL Account for your email attack. 2. Use your own server or open relay Enter your choice: 1 Enter your GMAIL email address: xxxx@gmail.com Enter your password for gmail (it will not be displayed back to you): Do you want to flag this message/s as high priority? yes or no: yes Enter the subject of the email: just cc Do you want to send the message as html or plain? 1. HTML 2. Plain Enter your choice (enter for plain): 2 Enter the body of the message, hit return for a new line. Type your body and enter control+c when you are finished: 192.168.159.21 Next line of the body: fsdf Next line of the body: fasdf Next line of the body: ^C Something went wrong, printing the error: (530, '5.7.0 Must issue a STARTTLS command first. m5sm1906592pbh.70', 'xxxx@gmail.com')
