Mirrors/social-engineer-toolkit
2
0
Fork 0
mirror of https://github.com/trustedsec/social-engineer-toolkit synced 2025-01-06 09:58:43 +00:00
Code Issues Projects Releases Packages Wiki Activity
social-engineer-toolkit/src/commandcenter/phish.site
David Kennedy 3e54b7f66e Main conversation over to git via svn
2012-12-31 17:11:37 -05:00

174 lines
8.7 KiB
Text
Raw Blame History

<div class="post">
<h4 class="dates">Social-Engineer Toolkit (SET) Spear-Phishing Attack Vector</h4>
<div class="entry">
<h2>Spear-Phishing Attack Vector Options</h2>
Welcome to the Social-Engineer Toolkit web interface, be sure to only select what is applicable to your attack. For example for Credential Harvester you would only select the attack method and which site to clone.<br><br>
<br><p><b>Spear-Phishing Attack Methods</b></p>
<form action="/phish_post" method="POST">
<style type="text/css">
option {
color: white;
background-color: black;
}
</style>
<FONT FACE="sans serif" size="3">
<select name="attack" STYLE="font-family : arial; font-size : 7pt">
<option value="1">Perform a Mass Mail Email Attack</option>
</select>
<br><br>
<p><b>Client-Side Attack Vector (Mass Email Attack and File Format Payload ONLY)</b><p>
<select name="phish_attack" STYLE="font-family : arial; font-size : 7pt">
<option value="1">SET Custom Written DLL Hijacking</option>
<option value="2">SET Custom Written Document UNC LM SMB Capture Attack</option>
<option value="3">Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow</option>
<option value="4">Microsoft Word RTF pFragments Stack Buffer Overflow (MS10-087)</option>
<option value="5">Adobe Flash Player 'Button' Remote Code Execution</option>
<option value="6">Adobe CoolType SING Table 'uniqueName'</option>
<option value="7">Adobe Flash Player 'newfunction'</option>
<option value="8">Adobe Collab.collectEmailInfo</option>
<option value="9">Adobe Collab.getIcon Overflow</option>
<option value="10">Adobe JBIG2Decode Memory Corruption</option>
<option value="11">Adobe PDF Embedded EXE SE</option>
<option value="12">Adobe util.printf() Buffer Overflow</option>
<option value="13">Custom EXE to VBA (sent via RAR)</option>
<option value="14">Adobe U3D CLODProgressiveMeshDeclration</option>
<option value="15">Adobe PDF Embedded EXE SE (NOJS)</option>
<option value="16">Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow</option>
<option value="17">Apple QuickTime PICT PnSize Buffer Overflow</option>
<option value="18">Nuance PDF Reader v6.0 Launch Stack Buffer Overflow</option>
<option value="19">Adobe Reader u3D Memory Corruption Vulnerability</option>
<optionv alue="20">MSCOMCTL ActiveX Buffer Overflow (ms12-027)</option>
</select>
<br><br>
<p><b>Payload Selection Options</b></p>
<select name="payload_selection" STYLE="font-family : arial; font-size : 7pt">
<option value"1">Windows Shell Reverse TCP</option>
<option value"2" selected="selected">Windows Reverse TCP Meterpreter</option>
<option value"3">Windows Reverse TCP VNC DLL</option>
<option value"4">Windows Bind Shell</option>
<option value"5">Windows Bind Shell X64</option>
<option value"6">Windows Shell Reverse TCP X64</option>
<option value"7">Windows Meterpreter Reverse TCP X64</option>
<option value"8">Windows Meterpreter Egress Buster</option>
<option value"9">Windows Meterpreter Reverse HTTPS</option>
<option value"10">Windows Meterpreter Reverse DNS</option>
</select>
<br>
<br>Import your own: <input type="file" name="payload_selection_filename" size="5" STYLE="font-family : arial; font-size : 7pt">
<br><br>
<p><b>Encoding Options</b></p>
<select name="encoding" STYLE="font-family : arial; font-size : 7pt">
<option value"1">avoid_utf8_tolower</option>
<option value"2">shikata_ga_nai</option>
<option value"3">alpha_mixed</option>
<option value"4">alpha_upper</option>
<option value"5">call4_dword_xor</option>
<option value"6">countdown</option>
<option value"7">fnstenv_mov</option>
<option value"8">jmp_call_additive</option>
<option value"9">nonalpha</option>
<option value"10">nonupper</option>
<option value"11">unicode_mixed</option>
<option value"12">unicode_upper</option>
<option value"13">alpha2</option>
<option value"14">No Encoding</option>
<option value"15">Multi-Encoder</option>
<option value"16" selected="selected">Backdoored Executable</option>
</select>
<br><br>
<p><b>Default Port for Listener</b></p>
Enter the default port: <input type="text" name="port" size="7" value="443" STYLE="font-family : arial; font-size : 7pt"/>
<br><br>
<p><b>For the Custom SET DLL Hijacking Attack Vector, select application to attack</b></p>
<br>
<select name="dll_hijack" STYLE="font-family : arial; font-size : 7pt">
<option value"1">Windows Address Book (Universal)</option>
<option value"2">Microsoft Help and Support Center</option>
<option value"3">Wscript (XP)</option>
<option value"4">Microsoft Office PowerPoint 2007</option>
<option value"5">Microsoft Group Converter</option>
<option value"6">Safari v5.0.1</option>
<option value"7">FireFox <= 3.6.8</option>
<option value"8">Microsoft PowerPoint 2010</option>
<option value"9">Microsoft PowerPoint 2007</option>
<option value"10">Microsoft Visio 2010</option>
<option value"11">Microsoft Word 2007</option>
<option value"12">Microsoft PowerPoint 2007</option>
<option value"13">Microsoft Windows Media Encoder 9</option>
<option value"14">Windows 7 and Vista Backup Utility</option>
<option value"15">Encase</option>
<option value"16">IBM Rational License Key Administrator</option>
<option value"17">Microsoft RDP</option>
</select>
<br>
<br>
<b>NOTE IF YOU SELECTED A PDF EXPLOIT TO CHANGE THE VALUE TO template.pdf</b>
<br>
Name of attachment to send <input type="text" name="attachment" size="10" value="template.rar" STYLE="font-family : arial; font-size : 7pt"/>
<br>
<br>
<p><b>Specify if your using mass mailer or single email targets</b></p>
<input type="checkbox" name="webattack_email" value="1" STYLE="font-family : arial; font-size : 7pt" CHECKED> E-Mail Attack Single Email Address<br>
<input type="checkbox" name="webattack_email" value="2" STYLE="font-family : arial; font-size : 7pt" > E-Mail Attack Mass Mailer<br>
<br>
<br>
<input type="checkbox" name="predefined" value="1" STYLE="font-family : arial; font-size : 7pt">Predefined template<br>
<select name="template" STYLE="font-family : arial; font-size : 7pt">
<option value="1"> New Update</option>
<option value="2"> Computer Issue</option>
<option value="3"> Strange internet usage</option>
<option value="4"> LOL..have to check this out...</option>
<option value="5"> Status Report</option>
<option value="6"> Pay Raise Application Form</option>
<option value="7"> WOAAAA!!!!!! This is crazy...</option>
<option value="8"> Basketball Tickets</option>
<option value="9"> Baby Pics</option>
<option value="10"> Have you seen this?</option>
<option value="11"> Termination List</option>
<option value="12"> How long has it been?</option>
<option value="13"> Dan Brown's Angels & Demons</option>
</select>
<br><br>
<input type="checkbox" name="predefined" value="2" STYLE="font-family : arial; font-size : 7pt">Use a one time template<br>
Enter your email message here<br><TEXTAREA NAME="message" COLS=100 ROWS=15 STYLE="font-family : arial; font-size : 7pt"></TEXTAREA>
<br><br>
If your using mass emailer, browse to file with email addresses: <input type="file" name="massmailer_file" size="5">
<br>
<br>
Enter who you want to send the email to: <input type="text" name="emailto" STYLE="font-family : arial; font-size : 7pt" /><br />
<br><br>
<input type="checkbox" name="webattack_account" value="1"STYLE="font-family : arial; font-size : 7pt" CHECKED> Use a GMAIL to send the email out<br>
<input type="checkbox" name="webattack_account" value="2" STYLE="font-family : arial; font-size : 7pt" > Use your own open-relay SMTP Server<br>
<br><br>
<p><b>THIS OPTION FOR OPEN-RELAY ONLY</b></p>
<br>
Enter your email address you want to come from: <input type="text" name="emailfrom_relay" STYLE="font-family : arial; font-size : 7pt"/><br />
Enter your username for open relay (leave blank if there is none): <input type="text" name="username_relay" STYLE="font-family : arial; font-size : 7pt"/><br />
Enter your password for open relay (leave blank if there is none): <input type="password" name="password_relay" STYLE="font-family : arial; font-size : 7pt" /><br />
Enter the SMTP Server address for the open relay: <input type="text" name="smtp_relay" STYLE="font-family : arial; font-size : 7pt" /><br/>
Enter the port number for the SMTP server: <input type="text" name="smtp_port_relay" value="25" size="3" STYLE="font-family : arial; font-size : 7pt" /><br/>
<br><br>
<p><b>THIS OPTION FOR GMAIL ATTACK ONLY!</b></p><br>
Enter your email address: <input type="text" name="emailfrom" STYLE="font-family : arial; font-size : 7pt"/><br />
Enter your password for the email address: <input type="password" name="password" STYLE="font-family : arial; font-size : 7pt"/><br />
<br><br>
<p><b>Required fields below for custom template</b></p>
Enter the subject for the email: <input type="text" name="subject" STYLE="font-family : arial; font-size : 7pt"/><br />
<br><br>
<CHECKHERE>
<input type="submit" value="Launch Attack" STYLE="font-family : arial; font-size : 7pt">
</form>
</div>
</div>
<br><br>
</div>
Reference in a new issue View git blame Copy permalink