![]() ![]() exe file needs to be executed on victim machine for it to work properly. Payload and Listener module: It is capable of creating several type of payloads, export. The attacks can be made through fileformat bugs or using a standard Metasploit executable. The USB/CD/DVD device, once inserted, will compromise the system if autorun is enabled. Infectious USB/CD/DVD module: It creates an autorun.inf file and a Metasploit based payload. These include phishing attacks, Java applet attack, Metasploit browser exploit, credential harvester, tab nabbing, man left in the middle attack, web-jacking attack, and multi-attack which makes a perfect broth of the web attacks. Website attack module: The web attack module allows users to utilize multiple web-based attacks to compromise a target victim. ![]() I would recommend the second option for beginners. It can either be done manually by creating malicious payloads or social- engineering templates and launching attacks, or automatically via SET. It allows the user to customize the message according to recipients along with the ability to embed malicious file attachments. Spear-phishing module: It is used to start an email attack against a single or multiple target(s). This is the most important part of SET and it contains following sub-modules. There are three main subcategories of this toolkit:Įach of these categories is divided into several modules. However, in order to achieve higher success rates, and to ensure that attacks occur without any hiccups users may need to modify the configuration file as per their requirements. SET works fine with the default configurations most of the time. ![]() The backbone of the SET is its configuration file. It can be found in “Exploitation Tools” category in the applications menu of Kali Linux. Kali is a Debian based linux operating system developed specifically for the purpose of penetration testing. Given its popularity, SET has been integrated into Kali Linux. It is written in Python and is developed by TrustedSec as an Open-Source tool. One of the simplest, but most effective tool that works on the basic concept of social engineering is the Social-Engineer Toolkit (SET). While Social Engineering is primarily conducted in person, there are few tools that can be used as an aid. In lay man’s terms it’s an art of conning people and it has been one of the most successful technique of information gathering and fraud in the history of cyber-crime. Social Engineering can be defined as a psychological play on people in order to lead them into performing certain desired actions or divulging sensitive information. Among them was one that he employed the most, Social Engineering. Long back, I read a book called The Art of Intrusion by Kevin Mitnick, in which he explained some of his successful techniques to infiltrate into an organization’s network. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |