The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human
element. Originally this tool was designed to be released with the
http://www.social-engineer.org launch and has quickly become a standard
tool in a penetration tester’s arsenal. SET was written by David Kennedy
(ReL1K) and with a lot of help from the community
in incorporating attacks never before seen in an exploitation toolset.
The attacks built into the toolkit are designed to be targeted a focused
attacks against a person or organization used during a penetration test.
Features of SET
- Spear Phishing Attack vector
- Website Attack Vector
- Infectious media generator
- Create a Payload and Listener
- Mass Mail Attack
- Teensy USB HID Attack vector
- SMS Spoofing Attack Vector
- Wireless Access Point Attack Point
- Third Party Modules
How to Use Social Engineering Toolkit in Backtrack 5
Open your backtrack console & Type cd /pentest/exploits/set
Now type ./set
Spear-Phishing Attack Vector: The spear-phishing attack menu is used for performing targeted email attacks against a victim. You can send multiple
emails based on what your harvested or you can send it to individuals.
You can also utilize fileformat (for example a PDF bug) and send the
malicious attack to the victim in order to hopefully compromise the
system.
Website Attack vector: The
web attack vector is used by performing phishing attacks against the
victim in hopes they click the link. There is a wide-variety of attacks
that can occur once they click. We will dive into each one of the
attacks later on.
Infectious Media Generator:
The infectious USB/DVD creator will develop a Metasploit based payload
for you and craft an autorun.inf file that once burned or placed on a
USB will trigger an autorun feature and hopefully compromise the system.
This attack vector is relatively simple in nature and relies on
deploying the devices to the physical system.
Create a payload and Listner:
The create payload and listener is an extremely simple wrapper around
Metasploit to create a payload, export the exe for you and generate a
listener. You would need to transfer the exe onto the victim machine and
execute it in order for it to properly work.
Mass mailer Attack: The mass mailer attack will allow you to send multiple
emails to victims and customize the messages. This option does not
allow you to create payloads, so it is generally used to perform a mass phishing attack.
Teensy USB HID Attack vector:
The teensy USB HID attack is a method used by purchasing a hardware
based device from prjc.com and programming it in a manner that makes the
small USB microcontroller to look and feel exactly like a keyboard.
SMS Spoofing Attack Vector: This module allows you to specially craft SMS messages and send them to a person. You can spoof the SMS source.
Wireless Access Point Attack Vector: it Can be used to set up a rouge wireless access point, Spoof DNS and redirect all traffic to attacker.
Third Party Modules: This
attack vector consists of Third party module – RATTE (Remote
Administration Tool Tommy Edition) which is a HTTP tunneling payload.
This can be used in the same way as website attack vectors but with an
added advantage of beating security mechanisms like local Firewall and
IPS.
We Hope That You Learned Something Very Useful From This Tutorial...!!!
If You Have any Question or Problem Simply Just Comment Below