Using the Social Engineering Toolkit (SET) to Create a Backdoor Executable

Metasploit has the ability to create an executable payload. This can be extremely useful if you can get a target machine to run the executable. Attackers often use social engineering, phishing, and other attacks to get a victim to run a payload. If attackers can get their a victim to run a payload, there is no reason for an attacker to find and exploit vulnerable software.

Social Engineer Toolkit (SET)

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering . SET has been given at large-scale conferences together with Blackhat, DerbyCon, Defcon, and ShmooCon. With over 2 million downloads, SET is that the standard for social-engineering penetration tests and supported heavily within the protection community.

It is an application used by pen testers, hackers etc… it can be found in Kali Linux, parrot-sec, backbox and different pentesting OS otherwise you can install by downloading from github or simply type in terminal apt search set toolkit or search in synaptic for synaptic type in terminal synaptic otherwise you have not installed then type apt-get install synaptic then open synaptic look for set toolkit then right click on set and mark for installation then click on apply it will automatically install set for you.

What are Social Engineering Attacks ?

Social Engineering attacks are the various cons used by the hackers to trick people into providing sensitive data to the attackers. There are various type of social engineering attacks,some of the popular attacks are :-

• Phishing
• IVR or phone phishing
• Baiting
• Spear phishing

What you will need:

• Kali Linux
• A little background on Networking and its terms (Private vs Public IPs esp.) would be good.
• You should be online.

In the last decade, there were major hacks and leaks in social media platforms like Twitter,Facebook , LinkedIn and several others. currently the social media platforms take security very seriously and it has become very tough to hack directly into social media platforms, currently the hackers have moved the focus towards Social Engineering Attacks.

Lets start with the SetoolKit to create a backdoor executable

Step 1 : Open Terminal and Type setoolkit

Step 2 :Once SET is loaded it will show few options as shown in the image below. Select "Social-Engineering Attacks" by entering "1" and hit enter.

Step 3 :Now it will show you another set of options, select "Create a Payload and Listener" by entering "4" and hit enter.

You may also like :-

• What is FatRat Tool ? | Setup & Configuration in Kali Linux
• How To Install Goldeneye DDos Tool On Kali Linux
• Inspector - Secure Your Kali Linux | Privilege Escalation UNIX Helper
• How to Encrypt/Decrypt Your Passwords on Kali Linux - HashCode

Step 4 :Type 1 for Windows shell Reverse_Tcp Payload

Step 5 :The payload.exe has been exported to the SET Directory Under Root Folder.

Read More :- http://www.techtrick.in/description/3539-using-the-social-engineering-toolkit-set-to-create-a-backdoor-executable

How to Hack Facebook using SEToolKit (Phishing attack)

Hack Facebook with Social Engineering, you can apply this method to hack Instagram accounts as well. But this tutorial is focused exclusively on how to hack facebook accounts on Kali Linux with the Social Engineering Toolkit. But if you have just a little imagination you can apply the same steps you will learn in this tutorial and duplicate the process to hack another account for another website as well. Is pretty much the same with just a few small variations.

Social Engineer Toolkit (SET)

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering . SET has been given at large-scale conferences together with Blackhat, DerbyCon, Defcon, and ShmooCon. With over 2 million downloads, SET is that the standard for social-engineering penetration tests and supported heavily within the protection community.

It is an application used by pen testers, hackers etc… it can be found in Kali Linux, parrot-sec, backbox and different pentesting OS otherwise you can install by downloading from github or simply type in terminal apt search set toolkit or search in synaptic for synaptic type in terminal synaptic otherwise you have not installed then type apt-get install synaptic then open synaptic look for set toolkit then right click on set and mark for installation then click on apply it will automatically install set for you.

What are Social Engineering Attacks ?

Social Engineering attacks are the various cons used by the hackers to trick people into providing sensitive data to the attackers. There are various type of social engineering attacks,some of the popular attacks are :-

• Phishing
• IVR or phone phishing
• Baiting
• Spear phishing

What you will need:

• Kali Linux
• A little background on Networking and its terms (Private vs Public IPs esp.) would be good.
• You should be online.

In the last decade, there were major hacks and leaks in social media platforms like Twitter,Facebook , LinkedIn and several others. currently the social media platforms take security very seriously and it has become very tough to hack directly into social media platforms, currently the hackers have moved the focus towards Social Engineering Attacks.

Lets start with Hack Facebook using SEToolKit (Phishing attack)

Step 1 : Once you have installed SEToolkit, open up bash and type setoolkit.

Step 2 :Once SET is loaded it will show few options as shown in the image below. Select "Social-Engineering Attacks" by entering "1" and hit enter.

Step 3 :We will be greeted with a screen similar to this that has many different attacks.

I will be guiding you through one of the most effective options: Website Attack Vectors. Pretty much everyone who has used a computer has used the Internet, and pretty much everyone on the Internet will click on a link . Social Engineering is a society like Facebook or Twitter, but can also be as simple as, well, a link. SEToolkit helps you abuse that trust people have on the Internet, so not only do you have over 5 billion targets, but you can also recognize attacks like these.

Type 2 and press [Enter] to continue.

You may also like :-

• What is FatRat Tool ? | Setup & Configuration in Kali Linux
• How To Install Goldeneye DDos Tool On Kali Linux
• Inspector - Secure Your Kali Linux | Privilege Escalation UNIX Helper
• How to Encrypt/Decrypt Your Passwords on Kali Linux - HashCode

Step 4 :We now have a list of 7 different attack vectors, all very effective. The 3 most effective vectors are the Credential Harvester, Metasploit Browser, and Java Applet Attack. Lets say that you want to get your friends Facebook login. By choosing Credential Harvester Attack Method, SEToolkit will copy any website you want and add a credential stealing code to the HTML.

Type 3 and press [Enter] to continue.

Step 5 :Type 2 for Site Cloner.

Read More :- http://www.techtrick.in/description/3538-how-to-hack-facebook-using-setoolkit-phishing-attack

Hack Tools | Finding Admin Panels, Sniffing, Backdoors - Katana Framework

Katana is a framework written in python for making penetration testing, based on a simple and comprehensive structure for anyone to use, modify and share, the goal is to unify tools serve for professional when making a penetration test or simply as a routine tool, The current version is not completely stable, not complete.

Lets start with Hack Tools | Finding Admin Panels, Sniffing, Backdoors

Step 1 :Just Download or clone from github.

git clone https://github.com/PowerScript/KatanaFramework.git

cd KatanaFramework

sudo sh dependencies

Step 2 :Lets Install it.

sudo python install

Step 3 :Lets start with Katana Framework with just type a simple command.

ktf.console

Step 4 :Lets open of modules with command

show modules

Read More :- http://www.techtrick.in/description/3536-hack-tools-finding-admin-panels-sniffing-backdoors-katana-framework

How to Check valid login credentials using Credmap

Credmap is an open source tool that was created to bring awareness to the dangers of credential reuse. It is capable of testing supplied user credentials on several known websites to test if the password has been reused on any of these.

Lets start with Check valid login credentials using Credmap

Step 1 : Just download or clone from github.

git clone https://github.com/lightos/credmap.git

Step 2 :Now you have to install it.

cd credmap

ls

chmod +x credmap.py

./credmap.py

Step 3 :Here i am using my email Id you can use any of them.

./credmap.py --email XXXXXXXXXXXX@gmail.com --user XXXXXXXXXXXX@gmail.com

Read More :- http://www.techtrick.in/description/3528-how-to-check-valid-login-credentials-using-credmap

A Linux Bing,Google Dorking and Web Vulnerability Scanner Tools -BinGoo

It is an all-in-one dorking tool written in pure bash. It leverages Google AND Bing main search pages to scrape a large amount of links based on provided search terms. You can choose to search a single dork at a time or you can make lists with one dork per line and perform mass scans. Once your done with that, or maybe you have links gathered from other means, you can move to the Analyzing tools to test for common signs of vulnerabilities.

The results are neatly sorted into their own respective files basedon findings. If you want to take further you can run them through the SQL or LFI tools which are some semi working homebrewed creations It is made in bash or you can use the SQLMAP and FIMAP wrapper tools They wrote which work much better and with greater accuracy and results.

Lets start with Linux Bing,Google Dorking and Web Vulnerability Scanner Tools

Step 1 : firsty,you have to install lynx before installing Bingoo .

apt-get install lynx

Step 2 :Now you have to install curl.

apt-get install curl

Step 3 :Just download or clone from github.

git clone https://github.com/Hood3dRob1n/BinGoo

Read More :-  http://www.techtrick.in/description/3527-a-linux-bing-google-dorking-and-web-vulnerability-scanner-tools-bingoo

Auto Scanning to SSL Vulnerability - A2SV

A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.

Lets start With Auto Scanning to SSL Vulnerability - A2SV

Step 1 : Just download or a clone from github

git clone https://github.com/hahwul/a2sv.git

Step 2 :Lets Install It.

cd a2sv

./install.sh

Step 3 :Now Start a2sv Auto Scanning to SSL Vulnerability

ls

python a2sv.py

a2sv -h

Read More :-  http://www.techtrick.in/description/3521-auto-scanning-to-ssl-vulnerability-a2sv

Hacking A WebServer Using Bruteforce SSH Login Module

The ssh_login module is quite versatile in that it can not only test a set of credentials across a range of IP addresses, but it can also perform brute-force login attempts. This module will test ssh logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Lets start Hacking A WebServer Using Bruteforce SSH Login Module

Step 1 :- This is msfconsole. Msfconsole is the main interface to MetaSploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.

Step 2 :- search ssh_login

Step 3 :- This auxiliary module allows you to pass credentials in a number of ways. You can specifically set a username and password, you can pass a list of usernames and a list of passwords for it to iterate through, or you can provide a file that contains usernames and passwords separated by a space. We will configure the scanner to use a short usernames file and a passwords file and let it run against our subnet.

use auxiliary/scanner/ssh/ssh_login

You may also like :-

• How to Check valid login credentials using Credmap
• Hack Tools | Finding Admin Panels, Sniffing, Backdoors - Katana Framework
• How to Hack Facebook using SEToolKit (Phishing attack)
• Using the Social Engineering Toolkit (SET) to Create a Backdoor Executable

Step 4 :- Create a randomly User.txt file for brute force attack.

Step 5 :- Create a randomly Password.txt file for brute force attack.

Step 6 :-

set STOP_ON_SUCCESS true

set RHOSTS 192.168.69.131

set USER_FILE /root/Desktop/User.txt

set PASS_FILE /root/Desktop/Password.txt

Read More :-  http://www.techtrick.in/description/3519-hacking-a-webserver-using-bruteforce-ssh-login-module