Social Engineering Toolkit (SET) is a social engineering pen testing framework created by Dave (ReL1K) Kennedy. SET contains numerous tools to help pen testers test the human element during a security engagement.
We are going to cover the phishing capabilities of SET. To start off we will need to configure SET in Backtrack. Open /pentest/exploits/set/config/set_config in your text editor of choice.
Set_config contains all of the configuration settings for SET. We are going to focus on configuring SET to work with sendmail. Look for
SENDMAIL=OFF in set_config and change it to
Next we need to ensure sendmail is installed by typing
apt-get install sendmail. Answer yes when it asks you if you are sure you want to install.
To run SET navigate to /pentest/exploits/set and run
./set. If it was ran correctly you should receive a display like the one above.
Select 1) Social-Engineering Attacks from the list. You will then be prompted for the type of attack you would like to do.
Here we select 1) Spear-Phishing Attack Vectors. Now we are prompted to narrow down what type of spear-phishing attack we would like to preform.
We have selected 1) Perform a Mass Email Attack. Next we are presented with a list of payloads.
Here we select 11) Adobe PDF Embedded EXE Social Engineering. Now we need to select the type of PDF that we would like to use.
We select 2. Use built-in BLANK PDF for attack. Next we select what we want our payload to do.
Here we select 2) Windows Meterpreter Reverse_TCP. When the PDF is opened it will execute the reverse shell causing the victim to connect back to you. Doing this gets around most users firewalls as most only monitor incoming connections. Next we are asked to provide which port we would like the victim to connect to.
We will use the default port of 443 for our connection. After setting the port you may be asked to start sendmail. Choose yes if this happens. Next we need to choose if we want to specify a file name for our loaded file.
We selected 1. Keep the filename, I don’t care to make it easy. If you are truly doing this in a pentest you may wish to change the filename to something that will get it launched. Next we need to select if we are emailing one address or doing a mass email campaign.
Here we selected 1. E-Mail Attack Single Email Address as we are only going to email one user. Now we need to choose if we are using a predefined template or if we want to create our own one time template.
Here we select 1. Pre-Defined Template. Now we are presented with a list of templates.
We’ll keep it simple and chose 8: Status Report. Depending on your target this may or may not work. Then we need to select who we are sending our email to. For demo purposes we are choosing email@example.com.
Now we are prompted to select how we want to send the email out. Here we select 1. Use a gmail Account for your email attack. This may not work as Google may block the email due to attachment type. Enter your gmail account credentials and then select if you want to mark the email as high priority. Next your are prompted to start the listener and the email is sent out. Now you just sit back and wait for the user to open the attachment which then connects to your Metasploit listener. Check out our Using Metasploit post to learn about Metasploit.