不多說,直接上干貨!
首先,如果你是用的BT5,則set的配置文件是在 /pentest/exploits/set/set_config下。
APACHE_SERVER=ON
SELF_SIGNED_APPLEF=ON
AUTO_DETECT=ON
如果,你也是跟我一樣,使用的是kali linux 2016.2(rolling),則set的安裝目錄默認是在
這也是本博文的重心。默認現在,是不需如BT5那樣配置了。
社會工程學工具包(SET)是一個開源的、Python驅動的社會工程學滲透測試工具。這套工具包由David Kenned設計,而且已經成為業界部署實施社會工程學攻擊的標准。SET利用人們的好奇心、信任、貪婪及一些愚蠢的錯誤,攻擊人們自身存在的弱點。使用SET可以傳遞攻擊載荷到目標系統,收集目標系統數據,創建持久后門,進行中間人攻擊等。本博客將介紹社會工程學工具包和MetaSploit的使用。
本博文的主要內容是
- Java Applet實例演示(作為攻擊者的我,弄出一個網頁來,騙取被害者上鈎,從而控制到它的機器,來進一步攻擊)
- 克隆站點釣魚攻擊
- 綜合攻擊
啟動社會工程學工具包(兩種方式都可以)
使用社會工程學工具包之前,需要啟動該工具。具體操作步驟如下所示。
(1)啟動SET。在終端執行如下所示的命令:
root@kali:~# setoolkit [-] New set.config.py file generated on: 2017-05-22 11:04:09.737611 [-] Verifying configuration update... [*] Update verified, config timestamp is: 2017-05-22 11:04:09.737611 [*] SET is using the new config, no need to restart ..######..########.######## .##....##.##..........##... .##.......##..........##... ..######..######......##... .......##.##..........##... .##....##.##..........##... ..######..########....##... [---] The Social-Engineer Toolkit (SET) [---] [---] Created by: David Kennedy (ReL1K) [---] Version: 7.4.1 Codename: 'Recharged' [---] Follow us on Twitter: @TrustedSec [---] [---] Follow me on Twitter: @HackingDave [---] [---] Homepage: https://www.trustedsec.com [---] Welcome to the Social-Engineer Toolkit (SET). The one stop shop for all of your SE needs. Join us on irc.freenode.net in channel #setoolkit The Social-Engineer Toolkit is a product of TrustedSec. Visit: https://www.trustedsec.com It's easy to update using the PenTesters Framework! (PTF) Visit https://github.com/trustedsec/ptf to update all your tools! There is a new version of SET available. Your version: 7.4.1 Current version: 7.6.3 Please update SET to the latest before submitting any git issues. Select from the menu: 1) Social-Engineering Attacks 2) Penetration Testing (Fast-Track) 3) Third Party Modules 4) Update the Social-Engineer Toolkit 5) Update SET configuration 6) Help, Credits, and About 99) Exit the Social-Engineer Toolkit set>
以上顯示了社會工程學工具包的創建者、版本、代號及菜單信息。此時可以根據自己的需要,選擇相應的編號進行操作。
或者在桌面上依次選擇“應用程序”|Kali Linux|“漏洞利用工具集”|Social Engineering Toolkit|setoolkit命令,將自動打開一個顯示setoolkit命令運行的終端。
案例1 Java Applet實例演示(作為攻擊者的我,弄出一個網頁來,騙取被害者上鈎,從而控制到它的機器,來進一步攻擊)
注意:這個工具set啊,一般我們是只用到編號1的社會工程學攻擊,這是經驗。其他的選項,如下,一般是作為輔助選項而已。
Select from the menu: 1) Social-Engineering Attacks 社會工程學攻擊 2) Penetration Testing (Fast-Track) 3) Third Party Modules 4) Update the Social-Engineer Toolkit 5) Update SET configuration 6) Help, Credits, and About 99) Exit the Social-Engineer Toolkit 返回上一級
這里選擇攻擊社會工程學,在菜單中的編號為1,所以在set>后面輸入1,將顯示如下所示的信息:
Select from the menu: 1) Social-Engineering Attacks 2) Penetration Testing (Fast-Track) 3) Third Party Modules 4) Update the Social-Engineer Toolkit 5) Update SET configuration 6) Help, Credits, and About 99) Exit the Social-Engineer Toolkit set> 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XX XX XX MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM XX XX MMMMMMMMMMMMMMMMMMMMMssssssssssssssssssssssssssMMMMMMMMMMMMMMMMMMMMM XX XX MMMMMMMMMMMMMMMMss''' '''ssMMMMMMMMMMMMMMMM XX XX MMMMMMMMMMMMyy'' ''yyMMMMMMMMMMMM XX XX MMMMMMMMyy'' ''yyMMMMMMMM XX XX MMMMMy'' ''yMMMMM XX XX MMMy' 'yMMM XX XX Mh' 'hM XX XX - - XX XX XX XX :: :: XX XX MMhh. ..hhhhhh.. ..hhhhhh.. .hhMM XX XX MMMMMh ..hhMMMMMMMMMMhh. .hhMMMMMMMMMMhh.. hMMMMM XX XX ---MMM .hMMMMdd:::dMMMMMMMhh.. ..hhMMMMMMMd:::ddMMMMh. MMM--- XX XX MMMMMM MMmm'' 'mmMMMMMMMMyy. .yyMMMMMMMMmm' ''mmMM MMMMMM XX XX ---mMM '' 'mmMMMMMMMM MMMMMMMMmm' '' MMm--- XX XX yyyym' . 'mMMMMm' 'mMMMMm' . 'myyyy XX XX mm'' .y' ..yyyyy.. '''' '''' ..yyyyy.. 'y. ''mm XX XX MN .sMMMMMMMMMss. . . .ssMMMMMMMMMs. NM XX XX N` MMMMMMMMMMMMMN M M NMMMMMMMMMMMMM `N XX XX + .sMNNNNNMMMMMN+ `N N` +NMMMMMNNNNNMs. + XX XX o+++ ++++Mo M M oM++++ +++o XX XX oo oo XX XX oM oo oo Mo XX XX oMMo M M oMMo XX XX +MMMM s s MMMM+ XX XX +MMMMM+ +++NNNN+ +NNNN+++ +MMMMM+ XX XX +MMMMMMM+ ++NNMMMMMMMMN+ +NMMMMMMMMNN++ +MMMMMMM+ XX XX MMMMMMMMMNN+++NNMMMMMMMMMMMMMMNNNNMMMMMMMMMMMMMMNN+++NNMMMMMMMMM XX XX yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy XX XX m yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy m XX XX MMm yMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMy mMM XX XX MMMm .yyMMMMMMMMMMMMMMMM MMMMMMMMMM MMMMMMMMMMMMMMMMyy. mMMM XX XX MMMMd ''''hhhhh odddo obbbo hhhh'''' dMMMM XX XX MMMMMd 'hMMMMMMMMMMddddddMMMMMMMMMMh' dMMMMM XX XX MMMMMMd 'hMMMMMMMMMMMMMMMMMMMMMMh' dMMMMMM XX XX MMMMMMM- ''ddMMMMMMMMMMMMMMdd'' -MMMMMMM XX XX MMMMMMMM '::dddddddd::' MMMMMMMM XX XX MMMMMMMM- -MMMMMMMM XX XX MMMMMMMMM MMMMMMMMM XX XX MMMMMMMMMy yMMMMMMMMM XX XX MMMMMMMMMMy. .yMMMMMMMMMM XX XX MMMMMMMMMMMMy. .yMMMMMMMMMMMM XX XX MMMMMMMMMMMMMMy. .yMMMMMMMMMMMMMM XX XX MMMMMMMMMMMMMMMMs. .sMMMMMMMMMMMMMMMM XX XX MMMMMMMMMMMMMMMMMMss. .... .ssMMMMMMMMMMMMMMMMMM XX XX MMMMMMMMMMMMMMMMMMMMNo oNNNNo oNMMMMMMMMMMMMMMMMMMMM XX XX XX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX .o88o. o8o . 888 `" `"' .o8 o888oo .oooo.o .ooooo. .ooooo. oooo .ooooo. .o888oo oooo ooo 888 d88( "8 d88' `88b d88' `"Y8 `888 d88' `88b 888 `88. .8' 888 `"Y88b. 888 888 888 888 888ooo888 888 `88..8' 888 o. )88b 888 888 888 .o8 888 888 .o 888 . `888' o888o 8""888P' `Y8bod8P' `Y8bod8P' o888o `Y8bod8P' "888" d8' .o...P' `XER0' [---] The Social-Engineer Toolkit (SET) [---] [---] Created by: David Kennedy (ReL1K) [---] Version: 7.4.1 Codename: 'Recharged' [---] Follow us on Twitter: @TrustedSec [---] [---] Follow me on Twitter: @HackingDave [---] [---] Homepage: https://www.trustedsec.com [---] Welcome to the Social-Engineer Toolkit (SET). The one stop shop for all of your SE needs. Join us on irc.freenode.net in channel #setoolkit The Social-Engineer Toolkit is a product of TrustedSec. Visit: https://www.trustedsec.com It's easy to update using the PenTesters Framework! (PTF) Visit https://github.com/trustedsec/ptf to update all your tools! There is a new version of SET available. Your version: 7.4.1 Current version: 7.6.3 Please update SET to the latest before submitting any git issues. Select from the menu: 1) Spear-Phishing Attack Vectors 2) Website Attack Vectors web攻擊模塊 3) Infectious Media Generator 4) Create a Payload and Listener 5) Mass Mailer Attack 6) Arduino-Based Attack Vector 7) Wireless Access Point Attack Vector 無線AP偽基站建立攻擊 8) QRCode Generator Attack Vector 9) Powershell Attack Vectors 10) SMS Spoofing Attack Vector 社交圈子的攻擊 11) Third Party Modules 第三方的攻擊模塊 99) Return back to the main menu. set>
以上信息顯示了攻擊社會工程學的菜單選項,這時就可以選擇攻擊工程學的類型,然后進行攻擊。
我這里,選擇編號2 Website Attack Vectors。
Select from the menu: 1) Spear-Phishing Attack Vectors 2) Website Attack Vectors 3) Infectious Media Generator 4) Create a Payload and Listener 5) Mass Mailer Attack 6) Arduino-Based Attack Vector 7) Wireless Access Point Attack Vector 8) QRCode Generator Attack Vector 9) Powershell Attack Vectors 10) SMS Spoofing Attack Vector 11) Third Party Modules 99) Return back to the main menu. set> 2 The Web Attack module is a unique way of utilizing multiple web-based attacks in order to compromise the intended victim. The Java Applet Attack method will spoof a Java Certificate and deliver a metasploit based payload. Uses a customized java applet created by Thomas Werth to deliver the payload. The Metasploit Browser Exploit method will utilize select Metasploit browser exploits through an iframe and deliver a Metasploit payload. The Credential Harvester method will utilize web cloning of a web- site that has a username and password field and harvest all the information posted to the website. The TabNabbing method will wait for a user to move to a different tab, then refresh the page to something different. The Web-Jacking Attack method was introduced by white_sheep, emgent. This method utilizes iframe replacements to make the highlighted URL link to appear legitimate however when clicked a window pops up then is replaced with the malicious link. You can edit the link replacement settings in the set_config if its too slow/fast. The Multi-Attack method will add a combination of attacks through the web attack menu. For example you can utilize the Java Applet, Metasploit Browser, Credential Harvester/Tabnabbing all at once to see which is successful. The HTA Attack method will allow you to clone a site and perform powershell injection through HTA files which can be used for Windows-based powershell exploitation through the browser. 1) Java Applet Attack Method 2) Metasploit Browser Exploit Method 3) Credential Harvester Attack Method 4) Tabnabbing Attack Method 5) Web Jacking Attack Method 6) Multi-Attack Web Method 7) Full Screen Attack Method 8) HTA Attack Method 99) Return to Main Menu set:webattack>
這里,我暫時選項編號1,Java Applet Attack Method
1) Java Applet Attack Method 2) Metasploit Browser Exploit Method 3) Credential Harvester Attack Method 4) Tabnabbing Attack Method 5) Web Jacking Attack Method 6) Multi-Attack Web Method 7) Full Screen Attack Method 8) HTA Attack Method 99) Return to Main Menu set:webattack>1 The first method will allow SET to import a list of pre-defined web applications that it can utilize within the attack. The second method will completely clone a website of your choosing and allow you to utilize the attack vectors within the completely same web application you were attempting to clone. The third method allows you to import your own website, note that you should only have an index.html when using the import website functionality. 1) Web Templates 2) Site Cloner 3) Custom Import 99) Return to Webattack Menu set:webattack>
當然,如果大家選錯選項了,很簡單,輸入99,回車就可以了。
然后,我選擇的是,克隆站點的方式,
對生成的java框進,做一個免殺處理。
最后,要做的是,想辦法讓受害者,騙他來訪問我們設置的網站。一般都是之前,放個常用的域名,這樣會騙取到的機率大很多。
然后,我們再session,成功可以看到,得到了受害者的機器權限。
Java Applet實例演示(作為攻擊者的我,弄出一個網頁來,騙取被害者上鈎,從而控制到它的機器,來進一步攻擊)完畢!
案例2 克隆站點釣魚攻擊
這里192.168.1.103是受害者的機器
偽造出來的,跟真實相似度非常的高。
克隆站點釣魚攻擊完畢
案例3綜合攻擊
首先,要在set.config下,設置如下。
這里,大家可以單個去選,比如,1,2,3,4,5,6。當然,大家也可以選擇7,是選擇上面的所有。
然后,選擇2
這里,若攻擊者的我們,知道受害機的瀏覽器版本,可以相應選擇,如果不知道,直接選擇33就好。
綜合攻擊完畢!
參考:菜鳥騰飛安全網VIP《MetaSploit滲透測試平台之應用》