background image

The Social-Engineer Toolkit

157

attack. While you wouldn’t have a Meterpreter shell, because the target didn’t 
click Run, you would still be able to intercept the credentials:

[*] WE GOT A HIT! Printing the output:
POSSIBLE USERNAME FIELD FOUND: Email=thisismyusername
POSSIBLE PASSWORD FIELD FOUND: Passwd=thisismypassword
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.

As you’ve seen in the preceding examples, you can see that SET offers a 

number of powerful web-based attack vectors in its arsenal. It can be difficult 
to persuade a target to think that a cloned site is legitimate. Most knowl-
edgeable users are generally cautious about unfamiliar sites and try to avoid 
potential security issues as they browse the Internet. SET tries to leverage this 
cautiousness and, by letting you mimic a known website, fool even some of 
the savviest technical folks.

Infectious Media Generator

The Infectious Media Generator is a relatively simple attack vector. With this 
vector, SET creates a folder for you that you can either burn to a CD/DVD or 
store on a USB thumb drive. The 

autorun.inf

 file is used, which, once inserted 

into a target’s machine, will execute whatever you specify during attack cre-
ation. Currently, SET supports executables (such as Meterpreter) as well as 
file-format bugs (such as Adobe exploits).

Teensy USB HID Attack Vector

The Teensy USB HID (human interface device) attack vector is a remarkable 
combination of customized hardware and restriction bypass via keyboard 
emulation. Traditionally, when you insert a CD/DVD or USB into your 
computer, if autorun is disabled, 

autorun.inf 

isn’t called and you can’t execute 

your code automatically. However, using the Teensy USB HID, you can emu-
late a keyboard and mouse. When you insert the device, it will be detected as 
a keyboard, and using the microprocessor and onboard flash memory storage, 
you can send a very fast set of keystrokes to the target’s machine and com-
pletely compromise it, regardless of autorun. You can order a Teensy USB 
HID at 

http://www.prjc.com/

.

Let’s set up a Teensy USB HID to perform a WScript download of a 

Metasploit payload. In the following example, a small WScript file will be 
written that will download an executable and execute it. This will be our 
Metasploit payload, and it’s all handled through SET.

Select from the menu:

 6.  Teensy USB HID Attack Vector

Enter your choice: 

6