background image

The Social-Engineer Toolkit


use that as the address for the reverse connection and web servers. If you are 
using multiple interfaces or your reverse payload listener is housed at a dif-
ferent location, turn this flag 


. When this option is 


, SET will allow you 

to specify multiple scenarios to ensure that the proper IP address scheme is 
used, for example, in a scenario that includes NAT and port forwarding. 
These options are reflected within the SET interface.


When you use the toolkit, by default it uses a built-in Python web-based 

server. To optimize performance, set the 


 flag to 


, and SET 

will use Apache for the attacks.


Those are the basics of the configuration file. As you can see, you can 

significantly change SET’s behavior depending on which flags are set in the 
tool. Now let’s run the tool.

Spear-Phishing Attack Vector


spear-phishing attack vector

 specially crafts file-format exploits (such as 

Adobe PDF exploits) and primarily sends email attacks containing attach-
ments to a target, which, when opened, compromise the target’s machine. 
SET can use Simple Mail Transport Protocol (SMTP) open relays (both 
anonymous and credentialed), Gmail, and Sendmail to send email. SET 
can also use standard email or HTML-based email to perform the phishing 

Let’s consider a real-world penetration test targeting the company 

CompanyXYZ. You register a domain name similar to Company XYZ, say

. You then register the subdomain

. Next, 

you send a spear-phishing attack to the target organization, knowing that 
most employees only glance at email and will open any attachment that 
appears to be legitimate. In this case, we will send a PDF file format bug to 
our target, like so.



Select from the menu:

 1.  Spear-Phishing Attack Vectors

2.  Website Attack Vectors
3.  Infectious Media Generator
4.  Create a Payload and Listener
5.  Mass Mailer Attack
6.  Teensy USB HID Attack Vector
7.  SMS Spoofing Attack Vector
8.  Wireless Access Point Attack Vector
9.  Third Party Modules