Social Engineering Toolkit
The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. Originally this tool was designed to be released with the http://www.social-engineer.org launch and has quickly become a standard tool in a penetration tester’s arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community in incorporating attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted a focused attacks against a person or organization used during a penetration test.
Features of SET
- Spear Phishing Attack vector
- Website Attack Vector
- Infectious media generator
- Create a Payload and Listener
- Mass Mail Attack
- Teensy USB HID Attack vector
- SMS Spoofing Attack Vector
- Wireless Access Point Attack Point
- Third Party Modules
How to Use Social Engineering Toolkit in Backtrack 5
Open your backtrack console & Type cd /pentest/exploits/set
Now type ./set
Spear-Phishing Attack Vector: The spear-phishing attack menu is used for performing targeted email attacks against a victim. You can send multiple emails based on what your harvested or you can send it to individuals. You can also utilize fileformat (for example a PDF bug) and send the malicious attack to the victim in order to hopefully compromise the system.
Website Attack vector: The web attack vector is used by performing phishing attacks against the victim in hopes they click the link. There is a wide-variety of attacks that can occur once they click. We will dive into each one of the attacks later on.
Infectious Media Generator: The infectious USB/DVD creator will develop a Metasploit based payload for you and craft an autorun.inf file that once burned or placed on a USB will trigger an autorun feature and hopefully compromise the system. This attack vector is relatively simple in nature and relies on deploying the devices to the physical system.
Create a payload and Listner: The create payload and listener is an extremely simple wrapper around Metasploit to create a payload, export the exe for you and generate a listener. You would need to transfer the exe onto the victim machine and execute it in order for it to properly work.
Mass mailer Attack: The mass mailer attack will allow you to send multiple emails to victims and customize the messages. This option does not allow you to create payloads, so it is generally used to perform a mass phishing attack.
Teensy USB HID Attack vector: The teensy USB HID attack is a method used by purchasing a hardware based device from prjc.com and programming it in a manner that makes the small USB microcontroller to look and feel exactly like a keyboard.
SMS Spoofing Attack Vector: This module allows you to specially craft SMS messages and send them to a person. You can spoof the SMS source.
Wireless Access Point Attack Vector: it Can be used to set up a rouge wireless access point, Spoof DNS and redirect all traffic to attacker.
Third Party Modules: This attack vector consists of Third party module – RATTE (Remote Administration Tool Tommy Edition) which is a HTTP tunneling payload. This can be used in the same way as website attack vectors but with an added advantage of beating security mechanisms like local Firewall and IPS.