SOCIAL ENGINEERING TOOLKIT

August 11, 2011, by | Start Discussion

Hi readers, we have yet another interesting toolkit this month – The Social Engineering Toolkit. Specifically designed to perform advanced attacks against the human element, SET leverages the concepts of exploiting using the social engineering and human influential ideas. SET also combines the attacks of Metasploit Framework to enhance the success of attacks augmenting the social engineering attacks.

 

SET in Matriux 

Set can be found in the Matriux Arsenal as shown
in Fig 1 
 
Figure 1
SET has two modes of usage: 1. Console and 2. Graphical web Interface. Unlike metasploit 
SET GUI mode is advantageous over the console since it has many features and easy to leverage the attacks. (Refer Fig 2)
Figure 2
SET is very easy to use, it just needs selection of few options and navigating along the attack settings; however user also has a choice to go with the default settings if he is unsure of the attack options.
 

Basic Tutorial:

We start with using SET console mode, as I usually prefer the console mode; however I suggest you also try using the GUI mode which is pretty good over the console mode.
Start SET from the terminal (Refer Fig 3)
Figure 3
 
Let us use the infectious media generator for our attack today by setting the option 3 (Refer Fig4) 
 
Figure 4
 
This option will generate an infectious media file along with an auto run script which when shared with the target machine through mounted mounting devices like USB/DVD can compromise the target machine the listening tester.
The next steps guide us through setting the payload and listening port and IP address which would the local IP address and the port. (of your Matriux machine).  (Refer Fig 5)
Figure 5
 
Now choose the encoding and file generation options, choose the encoding that suites your attack and also the file settings of the media. (Ref. Fig6)
 
Figure 6
 
In the next step we start the listener. (Ref. Fig 7)
Figure 7
 
Mean while browse to the directory of SET /autorun ( /pt/exploits/SET/autorun in Matriux) and upload the files to a USB or burn it to a CD/DVD and share it with the target machine. (Refer Fig 8)
Figure 8
 
Now we wait for the target machine to do his join, as soon as the target mounts the device and has the autorun feature enabled the infected media payload is executed and responds to the payload listener on our Matriux. (Ref. Fig 9)
 
This is a basic tutorial,  the attack however also requires your personal Social Engineering skills to make the effective attack with SET.
Note: Matriux Krypton is scheduled to release on August 15th 2011. Be ready to grab the ~#r00t 
 

Features:

  • Self compiled Kernel 2.6.39 with extensive support
  • The very first security distribution based directly on Debian 
  • Lighter and better desktop environment with Gnome
  • 300+ Security tools, with forensics equally considered.
  • More sophisticated yet simpler as ever.
  • Security applications from Matriux team.
  • Matriux Disk Installer – Very own installer, making it easier to install. ( MID)
We have so much to show, but for the fruit to ripe, you ought to wait!
 Happy Hacking 🙂

Team Matriux

http://www.matriux.com

 

Author bio not avialable

Leave a Reply