background image

138

Chapter 10

10. Update the Metasploit Framework
11. Update the Social-Engineer Toolkit
12. Help, Credits, and About
13. Exit the Social-Engineer Toolkit

Enter your choice: 

1

Welcome to the SET E-Mail attack method. This module allows you
to specially craft email messages and send them to a large (or small)
number of people with attached fileformat malicious payloads. If you
want to spoof your email address, be sure "Sendmail" is installed (it
is installed in BT4) and change the config/set_config SENDMAIL=OFF flag
to SENDMAIL=ON.

There are two options, one is getting your feet wet and letting SET do
everything for you (option 1), the second is to create your own FileFormat
payload and use it in your own attack. Either way, good luck and enjoy!

 1. Perform a Mass Email Attack

2. Create a FileFormat Payload
3. Create a Social-Engineering Template
4. Return to Main Menu

Enter your choice: 

1

Select the file format exploit you want.
The default is the PDF embedded EXE.

********** PAYLOADS **********

1.  SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
2.  SET Custom Written Document UNC LM SMB Capture Attack
3.  Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow
4.  Microsoft Word RTF pFragments Stack Buffer Overflow (MS10-087)
5.  Adobe Flash Player 'Button' Remote Code Execution
6.  Adobe CoolType SING Table 'uniqueName' Overflow
7.  Adobe Flash Player 'newfunction' Invalid Pointer Use

 8.  Adobe Collab.collectEmailInfo Buffer Overflow

9.  Adobe Collab.getIcon Buffer Overflow
10. Adobe JBIG2Decode Memory Corruption Exploit
11. Adobe PDF Embedded EXE Social Engineering
12. Adobe util.printf() Buffer Overflow
13. Custom EXE to VBA (sent via RAR) (RAR required)
14. Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
15. Adobe PDF Embedded EXE Social Engineering (NOJS)
16. Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow
17. Nuance PDF Reader v6.0 Launch Stack Buffer Overflow

Enter the number you want (press enter for default): 

8

1. Windows Reverse TCP Shel

Spawn a command shell on victim and send back to 

attacker.

2. Windows Meterpreter Reverse_TCP

Spawn a meterpreter shell on victim and send back 

to attacker.