Monday 26 December 2016

CRACKING SOFTWARE ? WHAT IS PATCHING AND KEYGEN IN DETAIL [HINDI/URDU]

WHAT IS SET [ SOCIAL ENGINEER TOOLKIT]

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.

Available in almost all OS operating system .
WINDOWS
MAC
LINUX
UNIX
etc....

The brain behind SET is the configuration file. SET by default works perfect for most people however, advanced customization may be needed in order to ensure that the attack vectors go off without a hitch. First thing to do is ensure that you have updated SET, from the directory:

root@bt:/pentest/exploits/set# ./set-update

U src/payloads/set_payloads/http_shell.py

U src/payloads/set_payloads/shell.py

U src/payloads/set_payloads/shell.windows

U src/payloads/set_payloads/set_http_server.py

U src/payloads/set_payloads/persistence.py

U src/payloads/set_payloads/listener.py

U src/qrcode/qrgenerator.py

U modules/ratte_module.py

U modules/ratte_only_module.py

U set-automate

U set-proxy

U set

U set-update

U readme/LICENSE

U readme/CHANGES

root@bt:/pentest/exploits/set#

Once you’ve updated to the latest version, start tweaking your attack by editing the SET configuration file. Let’s walk through each of the flags:

root@bt:/pentest/exploits/set# nano config/set_config

# DEFINE THE PATH TO METASPLOIT HERE, FOR EXAMPLE /pentest/exploits/framework3

METASPLOIT_PATH=/pentest/exploits/framework3

Looking through the configuration options, you can change specific fields to get a desired result. In the first option, you can change the path of where the location of Metasploit is. Metasploit is used for the payload creations, file format bugs, and for the browser exploit sections.

Java Applet Attack Vector

The Java Applet is one of the core attack vectors within SET and the highest success rate for compromise. The Java Applet attack will create a malicious Java Applet that once run will completely compromise the victim. The neat trick with SET is that you can completely clone a website and once the victim has clicked run, it will redirect the victim back to the original site making the attack much more believable. This attack vector affects Windows, Linux, and OSX and can compromise them all. Remember if you want to customize this attack vector, edit the config/set_config in order to change the self-signed information. In this specific attack vector, you can select web templates which are pre-defined websites that have already been harvested, or you can import your own website. In this example we will be using the site cloner which will clone a website for us. Let’s launch SET and prep our attack.

Select from the menu:

1) Spear-Phishing Attack Vectors

2) Website Attack Vectors

3) Infectious Media Generator

4) Create a Payload and Listener

5) Mass Mailer Attack

6) Arduino-Based Attack Vector

7) SMS Spoofing Attack Vector

8) Wireless Access Point Attack Vector

9) QRCode Generator Attack Vector

10) Powershell Attack Vectors

11) Third Party Modules

Metasploit Browser Exploit Method

The Metasploit Browser Exploit Method will import Metasploit client-side exploits with the ability to clone the website and utilize browser-based exploits. Let’s take a quick look on exploiting a browser exploit through SET.