The Social-Engineer Toolkit
157
attack. While you wouldn’t have a Meterpreter shell, because the target didn’t
click Run, you would still be able to intercept the credentials:
[*] WE GOT A HIT! Printing the output:
POSSIBLE USERNAME FIELD FOUND: Email=thisismyusername
POSSIBLE PASSWORD FIELD FOUND: Passwd=thisismypassword
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.
As you’ve seen in the preceding examples, you can see that SET offers a
number of powerful web-based attack vectors in its arsenal. It can be difficult
to persuade a target to think that a cloned site is legitimate. Most knowl-
edgeable users are generally cautious about unfamiliar sites and try to avoid
potential security issues as they browse the Internet. SET tries to leverage this
cautiousness and, by letting you mimic a known website, fool even some of
the savviest technical folks.
Infectious Media Generator
The Infectious Media Generator is a relatively simple attack vector. With this
vector, SET creates a folder for you that you can either burn to a CD/DVD or
store on a USB thumb drive. The
autorun.inf
file is used, which, once inserted
into a target’s machine, will execute whatever you specify during attack cre-
ation. Currently, SET supports executables (such as Meterpreter) as well as
file-format bugs (such as Adobe exploits).
Teensy USB HID Attack Vector
The Teensy USB HID (human interface device) attack vector is a remarkable
combination of customized hardware and restriction bypass via keyboard
emulation. Traditionally, when you insert a CD/DVD or USB into your
computer, if autorun is disabled,
autorun.inf
isn’t called and you can’t execute
your code automatically. However, using the Teensy USB HID, you can emu-
late a keyboard and mouse. When you insert the device, it will be detected as
a keyboard, and using the microprocessor and onboard flash memory storage,
you can send a very fast set of keystrokes to the target’s machine and com-
pletely compromise it, regardless of autorun. You can order a Teensy USB
HID at
http://www.prjc.com/
.
Let’s set up a Teensy USB HID to perform a WScript download of a
Metasploit payload. In the following example, a small WScript file will be
written that will download an executable and execute it. This will be our
Metasploit payload, and it’s all handled through SET.
Select from the menu:
6. Teensy USB HID Attack Vector
Enter your choice:
6