The Social-Engineer Toolkit
137
use that as the address for the reverse connection and web servers. If you are
using multiple interfaces or your reverse payload listener is housed at a dif-
ferent location, turn this flag
OFF
. When this option is
OFF
, SET will allow you
to specify multiple scenarios to ensure that the proper IP address scheme is
used, for example, in a scenario that includes NAT and port forwarding.
These options are reflected within the SET interface.
AUTO_DETECT=OFF
When you use the toolkit, by default it uses a built-in Python web-based
server. To optimize performance, set the
APACHE_SERVER
flag to
ON
, and SET
will use Apache for the attacks.
APACHE_SERVER=ON
Those are the basics of the configuration file. As you can see, you can
significantly change SET’s behavior depending on which flags are set in the
tool. Now let’s run the tool.
Spear-Phishing Attack Vector
The
spear-phishing attack vector
specially crafts file-format exploits (such as
Adobe PDF exploits) and primarily sends email attacks containing attach-
ments to a target, which, when opened, compromise the target’s machine.
SET can use Simple Mail Transport Protocol (SMTP) open relays (both
anonymous and credentialed), Gmail, and Sendmail to send email. SET
can also use standard email or HTML-based email to perform the phishing
attack.
Let’s consider a real-world penetration test targeting the company
CompanyXYZ. You register a domain name similar to Company XYZ, say
coompanyxyz.com
. You then register the subdomain
coom.panyXYZ.com
. Next,
you send a spear-phishing attack to the target organization, knowing that
most employees only glance at email and will open any attachment that
appears to be legitimate. In this case, we will send a PDF file format bug to
our target, like so.
root@bt:/pentest/exploits/set#
./set
Select from the menu:
1. Spear-Phishing Attack Vectors
2. Website Attack Vectors
3. Infectious Media Generator
4. Create a Payload and Listener
5. Mass Mailer Attack
6. Teensy USB HID Attack Vector
7. SMS Spoofing Attack Vector
8. Wireless Access Point Attack Vector
9. Third Party Modules