credential harvester skips making html file

[AriaShishegaran]

i'm running 6.5.9 on a fully upgraded kali 2.0, my config file's apache setting is set to ON and root dir for both apache and SET are set tp /var/www/twitter. after giving an external ip x.x.x.x and a website to clone "https://twitter.com/login/", the interactive shell promps normal stuff as always and then after the last line it starts printing the explanation for each module instead of waiting for press [enter].

Output: set:webattack>2 [-] Credential harvester will allow you to utilize the clone capabilities within SET [-] to harvest credentials or parameters from a website as well as place them into a report [-] This option is used for what IP the server will POST to. [-] If you're using an external IP, use your external IP for this set:webattack> IP address for the POST back in Harvester/Tabnabbing:x.x.x.x [-] SET supports both HTTP and HTTPS [-] Example: http://www.thisisafakesite.com set:webattack> Enter the url to clone:twitter.com/login

[] Cloning the website: http://twitter.com/login [] This could take a little bit...

The best way to use this attack is if username and password form fields are available. Regardless, this captures all POSTs on a website. [] Apache is set to ON - everything will be placed in your web root directory of apache. [] Files will be written out to the root directory of apache. [*] ALL files are within your Apache directory since you specified it to ON. Apache webserver is set to ON. Copying over PHP file to the website. Please note that all output from the harvester will be found under apache_dir/harvester_date.txt Feel free to customize post.php in the /var/www/twitter directory

The Web Attack module is a unique way of utilizing multiple web-based attacks in order to compromise the intended victim.

The Java Applet Attack method will spoof a Java Certificate and deliver a metasploit based payload. Uses a customized java applet created by Thomas Werth to deliver the payload.

The Metasploit Browser Exploit method will utilize select Metasploit browser exploits through an iframe and deliver a Metasploit payload.

The Credential Harvester method will utilize web cloning of a web- site that has a username and password field and harvest all the information posted to the website.

The TabNabbing method will wait for a user to move to a different tab, then refresh the page to something different.

The Web-Jacking Attack method was introduced by white_sheep, emgent. This method utilizes iframe replacements to make the highlighted URL link to appear legitimate however when clicked a window pops up then is replaced with the malicious link. You can edit the link replacement settings in the set_config if its too slow/fast.

The Multi-Attack method will add a combination of attacks through the web attack menu. For example you can utilize the Java Applet, Metasploit Browser, Credential Harvester/Tabnabbing all at once to see which is successful.

The HTA Attack method will allow you to clone a site and perform powershell injection through HTA files which can be used for Windows-based powershell exploitation through the browser.

1) Java Applet Attack Method 2) Metasploit Browser Exploit Method 3) Credential Harvester Attack Method 4) Tabnabbing Attack Method 5) Web Jacking Attack Method 6) Multi-Attack Web Method 7) Full Screen Attack Method 8) HTA Attack Method

99) Return to Main Menu

set:webattack>

I would appreciate if you clear things out or point to a mistake that i'm making. i've followed every step with online videos and tutorials.

[trustedsec]

This is normal and expected behavior - read the last few words there. All files are copied to the var www directory which is normal. Go to the directory and there is a text file that will contain all the results when post data is there. If you want to see it real time turn Apache server to off.

[AriaShishegaran]

except nothing is copied there but post.php, there's not html files and apache doesn't run the php code, it shows the file itself. there's no style file on my var www to render in the browser...

[trustedsec]

If no files are copied it's not able to clone the site properly.. Will need to use the import method or try a different site...

[AriaShishegaran]

sure but i think it's not the soultion to this problem, obviously websites like twitter, gmail etc are the most used social networks and also the default templates of SET, so i believe they should definitely work. and if it's offering to clone a website but cannot do it, isn't it somekind of a bug?

[trustedsec]

Web cloning based on dynamic pages are often very difficult to get a 100 percent right which is why the import message is in there. Not a big - just the way sites are cloned. It works fine on most sites. If you save the website in a browser - clean it up and import it - should work fine.

[AriaShishegaran]

yes you are right, but isn't this against the whole philosophy of automation that you have implemented on SET? i'm currently testing it on a static html page and i get another error while the apache is OFF. there URL is : http://demo.hongkiat.com/html5-loginpage/index.html the error is :

[AriaShishegaran]

interactive shell records my ip and http version but there's nothing but that error on the browser.

[trustedsec]

Automation can never be 100 percent when dealing with something different each time.. Goal is to try to get as much as possible but it'll never be perfect. The import method works just fine as an alternative l.

[trustedsec]

I won't be responding here anymore unless you have a bug or code to add. Happy to take pull requests as well!

[AriaShishegaran]

thank you for responding :)

[trustedsec]

Just a heads up - I was able to do some improvements on a plane ride and incorporated them into version 7 - should make it a little bit more reliable - still no guarantees but twitter works fine now. Should be released next week..

[AriaShishegaran]

@trustedsec Super valuable, thanks for the headsup. btw, i was able to fully simulate twitter login page with one exception, the main bird icon doesnt show up (replaced by a blue rectangle) which i think i have to code inside the html file to make it feel real. thanks for your help :)