The
Social-Engineer Toolkit (SET) is specifically designed to perform advanced
attacks against the human element. Originally this tool was designed to be
released with the http://www.social-engineer.org launch and has quickly become
a standard tool in a penetration tester’s arsenal. SET was written by David
Kennedy (ReL1K) and with a lot of help from the community in incorporating
attacks never before seen in an exploitation toolset. The attacks built into
the toolkit are designed to be targeted a focused attacks against a person or
organization used during a penetration test.
Features of SET
Spear Phishing Attack vector
Website Attack Vector
Infectious media generator
Create a Payload and Listener
Mass Mail Attack
Teensy USB HID Attack vector
SMS Spoofing Attack Vector
Wireless Access Point Attack Point
Third Party Modules
How to Use Social Engineering Toolkit in Backtrack 5
Features of SET
Spear Phishing Attack vector
Website Attack Vector
Infectious media generator
Create a Payload and Listener
Mass Mail Attack
Teensy USB HID Attack vector
SMS Spoofing Attack Vector
Wireless Access Point Attack Point
Third Party Modules
How to Use Social Engineering Toolkit in Backtrack 5
Spear-Phishing Attack Vector: The spear-phishing attack menu is used for
performing targeted email attacks against a victim. You can send multiple
emails based on what your harvested or you can send it to individuals. You can
also utilize fileformat (for example a PDF bug) and send the malicious attack
to the victim in order to hopefully compromise the system.
Website Attack vector: The web attack vector is used by performing phishing attacks against the victim in hopes they click the link. There is a wide-variety of attacks that can occur once they click. We will dive into each one of the attacks later on.
Infectious Media Generator: The infectious USB/DVD creator will develop a Metasploit based payload for you and craft an autorun.inf file that once burned or placed on a USB will trigger an autorun feature and hopefully compromise the system. This attack vector is relatively simple in nature and relies on deploying the devices to the physical system.
Create a payload and Listner: The create payload and listener is an extremely simple wrapper around Metasploit to create a payload, export the exe for you and generate a listener. You would need to transfer the exe onto the victim machine and execute it in order for it to properly work.
Mass mailer Attack: The mass mailer attack will allow you to send multiple emails to victims and customize the messages. This option does not allow you to create payloads, so it is generally used to perform a mass phishing attack.
Teensy USB HID Attack vector: The teensy USB HID attack is a method used by purchasing a hardware based device from prjc.com and programming it in a manner that makes the small USB microcontroller to look and feel exactly like a keyboard.
SMS Spoofing Attack Vector: This module allows you to specially craft SMS messages and send them to a person. You can spoof the SMS source.
Wireless Access Point Attack Vector: it Can be used to set up a rouge wireless access point, Spoof DNS and redirect all traffic to attacker.
Third Party Modules: This attack vector consists of Third party module – RATTE (Remote Administration Tool Tommy Edition) which is a HTTP tunneling payload. This can be used in the same way as website attack vectors but with an added advantage of beating security mechanisms like local Firewall and IPS.
Website Attack vector: The web attack vector is used by performing phishing attacks against the victim in hopes they click the link. There is a wide-variety of attacks that can occur once they click. We will dive into each one of the attacks later on.
Infectious Media Generator: The infectious USB/DVD creator will develop a Metasploit based payload for you and craft an autorun.inf file that once burned or placed on a USB will trigger an autorun feature and hopefully compromise the system. This attack vector is relatively simple in nature and relies on deploying the devices to the physical system.
Create a payload and Listner: The create payload and listener is an extremely simple wrapper around Metasploit to create a payload, export the exe for you and generate a listener. You would need to transfer the exe onto the victim machine and execute it in order for it to properly work.
Mass mailer Attack: The mass mailer attack will allow you to send multiple emails to victims and customize the messages. This option does not allow you to create payloads, so it is generally used to perform a mass phishing attack.
Teensy USB HID Attack vector: The teensy USB HID attack is a method used by purchasing a hardware based device from prjc.com and programming it in a manner that makes the small USB microcontroller to look and feel exactly like a keyboard.
SMS Spoofing Attack Vector: This module allows you to specially craft SMS messages and send them to a person. You can spoof the SMS source.
Wireless Access Point Attack Vector: it Can be used to set up a rouge wireless access point, Spoof DNS and redirect all traffic to attacker.
Third Party Modules: This attack vector consists of Third party module – RATTE (Remote Administration Tool Tommy Edition) which is a HTTP tunneling payload. This can be used in the same way as website attack vectors but with an added advantage of beating security mechanisms like local Firewall and IPS.
No comments:
Post a Comment