Setoolkit kali linux ��� ������������

How to Install Social Engineering Toolkit in Kali Linux?

Social engineering toolkit is a free and open-source tool that is used for social engineering attacks such as phishing, faking phone numbers, sending SMS, etc. it’s a free tool available in Kali Linux or you can directly download and install it from Github. The Social Engineering Toolkit is designed and developed by a programmer named Dave Kennedy. This tool is used by security researchers, penetration testers all around the globe for checking cybersecurity flaws in systems. Social engineering toolkit targets to perform attacking techniques on their machines. This tool kit also offers website vector attacks or custom vector attacks by which you can clone any website and can perform phishing attacks. There are various features of the social engineering toolkit some of them are given below.

Features of Social Engineering toolkit:

• SET is free and Open Source
• SET is already installed in your Kali Linux however you can also download and install it from Github.
• SET is portable, which means you can easily change attack vectors.
• SET is a Multi-platform tool: It can run on Linux, Unix, and Windows.
• SET Supports integration with third-party modules.
• SET Includes access to the Fast-Track Penetration Testing platform
• SET provides many attack vectors such as Spear-Phishing Attacks, Website Attacks, Infection Media Generator etc.

Uses of Social Engineering Toolkit:

• Phishing Attacks: Social Engineering Toolkit allows you to perform phishing attacks on your victim. By using SET you can create phishing pages of many websites such as Instagram, Facebook, Google, etc. SET will generate a link of the option that you have chosen, and then you can send that URL to the victim once the victim open that URL and he /she will see a legitimate webpage of a real website which is actually a phishing page .once he/she entered his/her id password then you will get that id password on your terminal screen this is how phishing attack using SET works.
• Web Attack: Web Attack is a module in SET. This module combines different options for attacking the victim remotely by using this module you can create a payload and can deliver payload onto your victim browser using Metasploit browser exploit. web attack has Credential Harvester method using which you can clone any website for a phishing attack and can send the link of that webpage to the victim to harvest the information from user and password fields.
• Create a Payload and Listener: when you will first run the Social Engineering Toolkit. You will see the 4th option which is to create a payload and listener by using that module of SET you’ll be able to create malicious payloads for Windows, including Shell Reverse_TCP, Reverse_TCP Meterpreter, Shell Reverse_TCP X64, and Meterpreter Reverse HTTPS. You can use these payloads in the same way how you use payloads from metasploitable.
• Mass Mailer Attack: mass mailer attack is a module in the social engineering toolkit that is used for bombarding emails on target mail account for that you can use your own Gmail account also or you can own a server for that.

These were some attack vectors that you can perform using Social Engineering Toolkit .when you will run the SET you will feel fun because using SET is very easy now we will see how you can install Social Engineering Toolkit and how you can use it for phishing attack.

Installation of Social engineering toolkit :

Step 1: Open your Kali Linux Terminal and move to Desktop

Step 2: As of now you are on a desktop so here you have to create a new directory named SEToolkit using the following command.

Step 3: Now as you are in the Desktop directory however you have created a SEToolkit directory so move to SEToolkit directory using the following command.

Step 4: Now you are in SEToolkit directory here you have to clone SEToolkit from GitHub so you can use it.

Step 5: Social Engineering Toolkit has been downloaded in your directory now you have to move to the internal directory of the social engineering toolkit using the following command.

Step 6: Congratulations you have finally downloaded the social engineering toolkit in your directory SEToolkit. Now it’s time to install requirements using the following command.

Step 7: All the requirements have been downloaded in your setoolkit. Now it’s time to install the requirements that you have downloaded

Step 8: Finally all the processes of installation have been completed now it’s time to run the social engineering toolkit .to run the SEToolkit type following command.

Step 9: At this step, setoolkit will ask you (y) or (n). Type y and your social engineering toolkit will start running.

Step 10: Now your setoolkit has been downloaded into your system now it’s time to use it .now you have to choose an option from the following options .here we are choosing option 2

Website Attack Vectors:

Step 11: Now we are about to set up a phishing page so here we will choose option 3 that is the credential harvester attack method.

Step 12: Now since we are creating a Phishing page so here we will choose option 1 that is web templates.

Step 13: At this time the social engineering tool will generate a phishing page at our localhost.

Step 14: Create a google phishing page so choose option 2 for that then a phishing page will be generated on your localhost.

Step 15: Social engineering toolkit is creating a phishing page of google.

As you can see on our localhost means on our IP address setoolkit created a phishing page of google. This is how the social engineering toolkit works. Your phishing page will be created by social engineering toolkit. Once the victim types the id password in the fields the id password will be shown on your terminal where SET is running.

Источник

Setoolkit kali linux ��� ������������

SET Package Description

The Social-Engineer Toolkit is an open-source penetration testing framework designed for Social-Engineering. SET has a number of custom attack vectors that allow you to make a believable attack in a fraction of the time.

• Author: David Kennedy, TrustedSec, LLC
• License: BSD

Tools included in the set package

The Social-Engineer Toolkit.

SET Usage Example(s)

01011001011011110111010100100000011100
10011001010110000101101100011011000111
10010010000001101000011000010111011001
10010100100000011101000110111100100000
01101101011101010110001101101000001000
00011101000110100101101101011001010010
00000110111101101110001000000111100101
10111101110101011100100010000001101000
01100001011011100110010001110011001000
00001110100010110100101001001000000101
01000110100001100001011011100110101101
11001100100000011001100110111101110010
00100000011101010111001101101001011011
10011001110010000001110100011010000110
01010010000001010011011011110110001101
10100101100001011011000010110101000101
01101110011001110110100101101110011001
01011001010111001000100000010101000110
11110110111101101100011010110110100101
11010000100000001010100110100001110101
011001110111001100101010

[—] The Social-Engineer Toolkit (SET) [—]
[—] Created by: David Kennedy (ReL1K) [—]
Version: 7.7.9
Codename: ‘Blackout’
[—] Follow us on Twitter: @TrustedSec [—]
[—] Follow me on Twitter: @HackingDave [—]
[—] Homepage: https://www.trustedsec.com [—]
Welcome to the Social-Engineer Toolkit (SET).
The one stop shop for all of your SE needs.

Join us on irc.freenode.net in channel #setoolkit

The Social-Engineer Toolkit is a product of TrustedSec.

It’s easy to update using the PenTesters Framework! (PTF)
Visit https://github.com/trustedsec/ptf to update all your tools!

Select from the menu:

1) Social-Engineering Attacks
2) Penetration Testing (Fast-Track)
3) Third Party Modules
4) Update the Social-Engineer Toolkit
5) Update SET configuration
6) Help, Credits, and About

Источник

SEToolkit – Hacking Windows Machines Using USB/CD Infectious Media Generator

SEToolkit – Hacking Windows Machines Infectious Media Generator

Requirements

• Linux based Operating System (In this tutorial we are using Kali Linux)
• SEToolkit (Comes pre-installed in Kali Linux)

What is SEToolkit ? The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community.

If you don’t have a Linux Operating System we recommend taking a look at Kali Linux you can download it from kali.org.

If you don’t already have SEToolkit you can download it from the following link. SEToolkit Download

Or use apt to install SEToolkit using command from a terminal.

Hello, welcome back today we will be talking a little about on some Social Engineering attacks In Computer Science Social Engineering Attacks rely heavily on human interaction, deception, and trickery. It is a specialist way of extracting data from somebody or a third party without the target even knowing they have reveled their Passwords or credentials often by redirecting the target to fake pages and phishing templates that look just like the actual website. Social engineering can also be the use of centralized planning in an attempt to manage social change and regulate the future development and behavior of a society, group or individuals. In this tutorial we will be using a tool called SEToolkit it comes pre-installed within Kali Linux and other Operating Systems designed for pentesting if you don’t have SEToolkit I will list a Download link to SEToolkit official repository below.

In this tutorial we will be using SEToolkit to generate malicious media to a CD/USB once the target inserts malicious CD or USB stick into the target machine an autorun will run the infected media such as a .exe payload this will allow a reverse meterpreter session to be established with the attacking machine.

Lets get started from a new terminal in Kali Linux or a Linux Operating System start SEToolkit you can do this by typing “setoolkit” in terminal and pressing enter once SEToolkit loads you will be presented with a menu that looks like the one in the screen shot below.

In terminal type “1” (Social-Engineering Attacks) and press enter you will then be taken into a sub-menu that looks like the screen shot below.

From this menu we will then select 3) Infectious Media Generator. SETtoolkit will then ask you weather you would like to use a File format exploit or a Standard Metasploit Payload you can choice either option depending on the type of payloads you will be generating for this tutorial I will keep things simple and use option 2) Standard Metasploit Executable.

SEToolkit will now ask us to specify what type session we will be using in this tutorial I will use 2) Windows Reverse_TCP Meterpreter this will allow a meterpreter shell to be established between the target and the attackers machine. Screen shot below shows a list of various protocols that can be used to establish a shell.

Script will prompt to enter LHOST (Local Host) IP this is the local IP of the attacking machine. if you dont know you LHOST look it up using command ifconfig your local ip will be shown under inet.

Once you have enter LHOST you will be asked to give a LPORT this can be any port you would like your listener to listen on I will use port 443.

Once LPORT has been entered SEToolkit will generate malicious infectious media to /root/.set/ it will then start Metasploit Framework and start a meterpreter listener. Transfer content within autorun directory created by SEToolkit to a CD or USB stick it does not matter what removal media you use as long as it is remove storage device that is capable of storing infectious autorun files.

Once Metasploit Framework has successfully started you will see handler running in terminal.

Now once target inserts infectious CD/USB an autorun will trigger the malicious metasploit payload and a reverse meterpreter session can be established with the target system. you can list sessions using sessions -i to connect to a new session use command sessions 1 (replace 1 with the id of your session).

To list available options and exploits use command help.

For the purpose of this tutorial I will be using stream web cam module as an example this will also a web cam stream to be sent back to the attacking machine screen shot below shows webcam_stream server started.

As you can see from the screen shots below we have successfully managed to stream the web cam of the target system.

You may like to try out some of these useful Exploit commands use “help” command to list various exploit options available to you.

– record_mic
– webcam_snap
– webcam_stream
– dump_contacts
– dump_sms
– geolocate

We have now come to an end of this tutorial if you have any questions leave us a comment.

If you enjoyed this article please consider sharing it on social media and with your friends thanks for supporting HackingVision.

If you have found a spelling error, please, notify us by selecting that text and pressing Ctrl+Enter.

Источник