SET (SOCIAL ENGINEERING TOOLKIT) PART 1
HEY GUYS SEEKER HERE.......FROM TODAY I WILL DISCUSS THE USAGE OF SET(SOCIAL ENGINEERING TOOLKIT) IN MY COMING POSTS.SO TODAY I WILL TEACH U THE BASICS OF SOCIAL ENGINEERING..
What is SET???
Social engg toolkit is specially designed to perform attacks against human elements.As we all know and use social engineering in day to day life some do it for there personal use some do it for there organization.But here we will perform social engineering from a point of view of a Penetration Tester.
TODAY HERE BEFORE STARTING PERFORMING SOCIAL ENGINEERING ATTACKS WE NEED TO UNDERSTAND ITS CONFIGURATION FILE. BECAUSE WE NEED TO CHANGE THE CONFIGURATION FOR EVERY ATTACK WE PERFORM.
1 seeker@bt#vi /pentest/exploits/set/config/set-config
///This is the location of the path where set config file is stored ///
///One of the web-based attacks available in SET is the Java applet attack,which uses self-signed Java applets. By default, this attack uses Microsoft asthe publisher name; however, if the Java Development Kit (JDK) has beeninstalled, you can turn this option ON and sign the applet with whatever nameyou want. When you turn this flag ON, additional options will be availablethrough the interface.///
///By Default the SET uses the Python web server .But SET gives u option to use apache with your set we just need to set APACHE_SERVER flag ON to use apache ////
///As You might know that whenever the METASPLOIT creates the backdoor in victim machine it binds itself in svchost.exe file but in SET if you set AUTO MIGRATE=ON then it will migrate the metasploit paylaod to notepad.exe and it is useful if victim closes the browser then also the session will be there ///
///The AUTO_DETECT setting is one of the most important flags and is turned ON by default. It tells SET to detect your local IP address automatically .If you are using multiple interfaces or your reverse payload listener is housed at a different location, turn this flag OFF. When this option is OFF, SET will allow you to specify multiple scenarios to ensure that the proper IP address scheme is used, for example, in a scenario that includes NAT and port forwarding. These options are reflected within the SET interface.///
What is SET???
Social engg toolkit is specially designed to perform attacks against human elements.As we all know and use social engineering in day to day life some do it for there personal use some do it for there organization.But here we will perform social engineering from a point of view of a Penetration Tester.
TODAY HERE BEFORE STARTING PERFORMING SOCIAL ENGINEERING ATTACKS WE NEED TO UNDERSTAND ITS CONFIGURATION FILE. BECAUSE WE NEED TO CHANGE THE CONFIGURATION FOR EVERY ATTACK WE PERFORM.
1 seeker@bt#vi /pentest/exploits/set/config/set-config
///This is the location of the path where set config file is stored ///
///Below the METASPLOIT_PATH flag is used to define the deafult path of your metasploit farmework that will be used in various attacks in SET///
///When using the SET web-based attack vectors, you can turn ON the WEBATTACK_EMAIL flag to perform email phishing in conjunction with the web attack. This flag is turned OFF by default, which means that you will configure SET and use the web attack vector without the support of email phishing.///
///One of the web-based attacks available in SET is the Java applet attack,which uses self-signed Java applets. By default, this attack uses Microsoft asthe publisher name; however, if the Java Development Kit (JDK) has beeninstalled, you can turn this option ON and sign the applet with whatever nameyou want. When you turn this flag ON, additional options will be availablethrough the interface.///
///By Default the SET uses the Python web server .But SET gives u option to use apache with your set we just need to set APACHE_SERVER flag ON to use apache ////
///As You might know that whenever the METASPLOIT creates the backdoor in victim machine it binds itself in svchost.exe file but in SET if you set AUTO MIGRATE=ON then it will migrate the metasploit paylaod to notepad.exe and it is useful if victim closes the browser then also the session will be there ///
///The AUTO_DETECT setting is one of the most important flags and is turned ON by default. It tells SET to detect your local IP address automatically .If you are using multiple interfaces or your reverse payload listener is housed at a different location, turn this flag OFF. When this option is OFF, SET will allow you to specify multiple scenarios to ensure that the proper IP address scheme is used, for example, in a scenario that includes NAT and port forwarding. These options are reflected within the SET interface.///
No comments:
Post a Comment