There is no patch for human stupidity, that's why the Social Engineering Tool Kit (SET) is very help full to exploit even those systems, which are fully patched. So today I am going to discuss how we can use the SET to exploit Browser based vulnerabilities. SET is Pre-installed in Backtrack OS.
Requirements:
OS - BACKTRACK 5R3 Download
TARGET IP address- 192.168.1.103
ATTACKER IP address - 192.168.1.101
Now let's start the Hack. First of all open the SET instance mentioned in below picture.
Now press 2 for Website Attack Vector and press enter.
Next choose the attack vector here we use Meterpreter Browser Exploit. Press 2 and hit enter.
Next choose the Web Template or you may use site cloner in that case. Press 1 and hit enter.
In Web Template option you are presented with some allready made templates like Gmail, Google, Facebook. Press 2 for Google and hit enter because Google home page is rarely changed.
After that just select exploit we are going with default that is 8.
If your attack does not succeed then do all step again and change your exploit here.
Now choose the payload type the most advanced payload is reverse tcp meterpreter.
Press 2 and hit enter, and then give the port number for reverse connection (443 default is good).
As can see in given picture our Web attack is started on our local host. Now you have to made your victim to goto your server by DNS spoofing. I came up with the tutorial on DNS spoofing soon. In DNS spoofing the victim send for ex www.facebook.com request to DNS server what we do here is spoof the reply returned by facebook and replace it with our own IP address.
Here as victim open our server on there machine .The meterpreter session will open at that time in our backtrack machine.
Now press ? at prompt to see what meterpreter can do.
NOTE - This is for education purpose only. Do not use this knowledge for malicious purpose.
Requirements:
OS - BACKTRACK 5R3 Download
TARGET IP address- 192.168.1.103
ATTACKER IP address - 192.168.1.101
Now let's start the Hack. First of all open the SET instance mentioned in below picture.
Now SET interface is opened just type 1 and press enter to go with this tutorial.
Next choose the attack vector here we use Meterpreter Browser Exploit. Press 2 and hit enter.
Next choose the Web Template or you may use site cloner in that case. Press 1 and hit enter.
In Web Template option you are presented with some allready made templates like Gmail, Google, Facebook. Press 2 for Google and hit enter because Google home page is rarely changed.
After that just select exploit we are going with default that is 8.
If your attack does not succeed then do all step again and change your exploit here.
Now choose the payload type the most advanced payload is reverse tcp meterpreter.
Press 2 and hit enter, and then give the port number for reverse connection (443 default is good).
As can see in given picture our Web attack is started on our local host. Now you have to made your victim to goto your server by DNS spoofing. I came up with the tutorial on DNS spoofing soon. In DNS spoofing the victim send for ex www.facebook.com request to DNS server what we do here is spoof the reply returned by facebook and replace it with our own IP address.
Here as victim open our server on there machine .The meterpreter session will open at that time in our backtrack machine.
NOTE - This is for education purpose only. Do not use this knowledge for malicious purpose.
0 comments