Hello Friends i am keeping experimenting on social engineering toolkit so here it is one more attack in to remote pc using social engineering toolkit.

PyInjector is a python tool that will take a command line argument similar to shellcodeexec that will allow you to paste native shellcode into the application and have it automatically execute the shellcode for you.
Lets Get into action .
Open your backtrack terminal & Type $cd /pentest/exploits/set

Now Open Social Engineering Toolkit (SET). /set
hack remote pc
Now we will choose option 1, “Social-Engineering Attacks
Next choose option 2, “Website Attack Vectors
hack remote pc
Now we will choose the option 1 the Java Applet Attack Method
hack remote pc
Now we will choose option 2, “Site Cloner”
Are you using NAT/PORT Forwarding: yes (As i am Using Now NAT In Vmware),yes.

Enter the IP address to connect back on: (IP address of Your PC)(Check using ifconfig command in terminal)

Enter the URL to clone: (but you can use any website to run the Java Applet like also :) )
hack remote pc
Now choose 15 “PyInjector Shellcode Injection”, but you have several to choose from including your own program.
hack remote pc
Port of the attacker computer. In this example it is port 443, but you can change to 4444

Select the payload you want to deliver via shellcodeexec press enter here

Now it creates the backdoor program, encodes and packs. It creates the website that you want to use and starts up a listening service looking for people to connect. When done, your screen will look like this:
hack remote pc
Now an URL you should give to your victim (via any social media you can even use shorten url service)

When the victim open that link in their browser, immediately it will alert a dialog box about digital signature cannot be verified like picture below.(Which is undetectable by even antivirus )
hack remote pc
You now have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID
hack remote pc
And finally you have your meterpreter open do what ever you want to do on victim pc.
Enjoy Have fun any doubt at any point love to answer thank you again .

Post a Comment

Feel Free To Ask Your Query we Love To Answer