background image

The Social-Engineer Toolkit

137

use that as the address for the reverse connection and web servers. If you are 
using multiple interfaces or your reverse payload listener is housed at a dif-
ferent location, turn this flag 

OFF

. When this option is 

OFF

, SET will allow you 

to specify multiple scenarios to ensure that the proper IP address scheme is 
used, for example, in a scenario that includes NAT and port forwarding. 
These options are reflected within the SET interface.

AUTO_DETECT=OFF

When you use the toolkit, by default it uses a built-in Python web-based 

server. To optimize performance, set the 

APACHE_SERVER

 flag to 

ON

, and SET 

will use Apache for the attacks.

APACHE_SERVER=ON

Those are the basics of the configuration file. As you can see, you can 

significantly change SET’s behavior depending on which flags are set in the 
tool. Now let’s run the tool.

Spear-Phishing Attack Vector

The 

spear-phishing attack vector

 specially crafts file-format exploits (such as 

Adobe PDF exploits) and primarily sends email attacks containing attach-
ments to a target, which, when opened, compromise the target’s machine. 
SET can use Simple Mail Transport Protocol (SMTP) open relays (both 
anonymous and credentialed), Gmail, and Sendmail to send email. SET 
can also use standard email or HTML-based email to perform the phishing 
attack.

Let’s consider a real-world penetration test targeting the company 

CompanyXYZ. You register a domain name similar to Company XYZ, say

 

coompanyxyz.com

. You then register the subdomain 

coom.panyXYZ.com

. Next, 

you send a spear-phishing attack to the target organization, knowing that 
most employees only glance at email and will open any attachment that 
appears to be legitimate. In this case, we will send a PDF file format bug to 
our target, like so.

root@bt:/pentest/exploits/set#

 ./set

Select from the menu:

 1.  Spear-Phishing Attack Vectors

2.  Website Attack Vectors
3.  Infectious Media Generator
4.  Create a Payload and Listener
5.  Mass Mailer Attack
6.  Teensy USB HID Attack Vector
7.  SMS Spoofing Attack Vector
8.  Wireless Access Point Attack Vector
9.  Third Party Modules