I recently started experimenting with SET on my penetration testing network, and I have been unable to get the web attack vectors option to work. I run through the options correctly, I get a msf handler set up, but when I try to navigate to the web page on my victim machine nothing ever happens.
Let me break it down:
Everything is ran in Virtual Box!
Attacker Machine: BT5R3
(I believe I have modified my set config file appropriately to allow for this attack by turning WEBATTACK_EMAIL=ON.)
Windows XP sp2:
Browser: Firefox v14.0.1
I use the following options in SET to try to execute my attack:
(Fill all the fields with bob or w/e)
URL to clone: www.hulu.com
start sendmail: no
fill in victim email
fill in attacker email
flag message: no
Craft Email subject
opt for html message
craft email body
Press <return> to continue
[-] * WARNING: Database support has been disabled
SET then launches msfconsole and starts a handler waiting for the connection from the victim machine.
If anyone has any insight on what I am doing wrong I would really appreciate it. SET seems really interesting and I look forward to experimenting with it more. Unfortunately, there doesn't seem to be a lot of good resources out there for learning about it.
I also tried playing with some of the other options, thinking that maybe it was just the specific things I was trying. I was unable to find any success no matter what I did.