Difference between revisions of "Social Engineering Toolkit"

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
Line 14: Line 14:
[[File:lddogin.jpg|150px|thumb|Example|left|Login to BeEF service]]
[[File:lddogin.jpg|150px|thumb|Example|left|Login to BeEF service]]


=== Start: Open the BeEF service and authenticate ===
=== Start: Run Social Engineering Toolkit and choose desired submenu ===


After the beef service has started, you have to log into the service.
After launching the Social Engineering Toolkit we see the above mentioned menu.
Default credentials are ''''beef'''' for '''username''' and ''''beef'''' for the '''password'''.
Here we can choose between submenus.




Line 25: Line 25:




[[File:localhddost.jpg|150px|thumb|Example|left|localhost]]
[[File:s2.jpg|150px|thumb|Example|left|submenu 2]]


<br>
<br>
Line 41: Line 41:




[[File:chromedd_hook.jpg|150px|thumb|Example|left|details of hooked browser (chrome)]]
[[File:s3.jpg|150px|thumb|Example|left|submenu 3]


=== To see the details of hooked Browser ===
=== To see the details of hooked Browser ===
Line 54: Line 54:




[[File:modulddes.jpg|150px|thumb|Example|left|modules]]
[[File:s4.jpg|150px|thumb|Example|left|submenu 4]]


=== Command execution in the Browser ===
=== Command execution in the Browser ===

Revision as of 20:24, 10 July 2021

Summary

Social Engineering Toolkit (SET) is a menu driven system that allows you to control your attacks tailored to the desired target.

Requirements

As part of this guide, I used Kali (Kali GNU/Linux Rolling 5.10.0-kali3-amd64) as the OS, so it was already preinstalled. I installed Kali on a Virtual machine (VMware® Workstation 15 Pro 15.5.5 build-16285975).

Example

Below we have an example of how to start the BeEF service, and execute a "Google Phishing" client-side attack. With this example we'll see how to gather credential information of victim.


File:Lddogin.jpg
Login to BeEF service

Start: Run Social Engineering Toolkit and choose desired submenu

After launching the Social Engineering Toolkit we see the above mentioned menu. Here we can choose between submenus.




submenu 2


Hook Target Browser

For practicing purposes BeEF provides a localhost webpage.





[[File:s3.jpg|150px|thumb|Example|left|submenu 3]

To see the details of hooked Browser

If you click on the hooked browser, under "Details" you can see information about the browser.





submenu 4

Command execution in the Browser

There are hundreds of modules under "Commands", which include from social engineering to browser hacks. The desired module can be selected by clicking and executed with the "Execute" button at the bottom right. I choosed the "Google Phishing" module under the "Social Engineering" Folder and clicked to "Execute".


File:Googlephiddshing password.png
result


Result

After executing the "Google Phishing" module, the victim is asked to "Sign in". Victims entered credentials are visible under "Logs".









Courses

  • WFP-1

References

Retrieved from "https://wiki.elvis.science/index.php?title=Social_Engineering_Toolkit&oldid=7716"