How to HACK with Social Engineering Toolkit (SET) in BackTrack/Kali

we should arouse our Backtrack and investigate the Social Engineering Toolkit!

Step 1: Open SET

To begin utilizing the Social Engineering Toolkit, go to Backtrack, then Exploitation Tools, then Social Engineering Tools, then Social Engineering Toolkit, and click on set.

Step 2: Pick Your Type

This ought to open the fundamental menu for the Social Engineering Toolkit. Note that it offers:

Lance Phishing Attacks

Site Attacks

Irresistible Media Generator

Make a Payload and Listener

Mass Mailer Attack

Arduino-based Vector Attack

SMS Spoofing Attack

Remote Access Point

Furthermore numerous others

In this excercise, we'll be taking a gander at making a lance phishing assault. For those of you not acquainted with this phrasing, a phishing assault is an email assault with an expansive "net" trying to attempt to get a couple of arbitrary victimized people. A lance phishing assault is comparative, with the exception of that it focuses on one or a couple of people. As such, its a focused on social designing assault, thus the lance.

Step 3: Spear-Phish

We should now select number 1 from the menu and start our lance phishing assault. When we do, we will be welcomed with the screen beneath.

It clarifies what a lance phishing assault is and asks us how we need to go about our assault. We can pick:

Mass email assault

Fileformat payload

Social building format

How about we choose a Fileformat assault. Sort number 2 and press enter.

 

Step 4: Choose an Attack

After we choose our Fileformat sort assault, we will be solicited what sort from adventure we might want to utilize. Perceive that the default is the PDF with the inserted .exe. In this hack, how about we utilize the Microsoft Word RTF Fragments assault or Ms10_087.

This will make a Word record that will flood a cushion and empower us to put an audience or rootkit on the exploited person's machine. Sort 4 and press enter.

 

Step 5: Choose a Payload

Since we have chosen what kind of document we need to use in our assault, our next step is to choose what sort of audience (otherwise known as rootkit, otherwise known as payload) we need to leave on the victimized person framework. These may look natural to those of you who have utilized Metasploit as these are Metasploit payloads.

We should be driven and attempt to get the Metasploit meterpreter on that exploited person's machine. On the off chance that we are effective, we will totally claim that framework!

Step 6: Create the File

After we write number 5 and press enter, we must pick what port we need to listen on (the default 443). SET then goes about making our malevolent record for us. It names that document template.rtf.

Step 7: Rename the File

In the event that we need to trap the victimized person into opening the record, we ought to name it something that sounds luring or recognizable to the exploited person. Presently this will vary relying on the exploited person, however in our situation we're attempting to lance a director at a huge organization, so we should call it Salesreport, something he or she may really be expecting in their email.

Step 8: Create the Email

Since we have made the vindictive document, we now need to make the email. This is critical. In case we're to get the victimized person to open the document, the email must look real. SET prompts us whether we need to utilize a predefined format or an one-time-utilization email layout. We should be inventive and pick an one-time-utilization email.

SET then prompts us for the subject of the email. For this situation, I utilized Sales Report. SET then asks us whether we need to send it in html or plain content. I picked html to make it look all the more welcoming and true blue. At last, SET prompts us to compose the assemblage of the email and after that sort Control + C when we are done. I composed:

Dear Bigshot:

If you don't mind find appended my quarterly deals report. On the off chance that you have any inquiries, please don't hesitate to ask.

Truly,

Your Minion

Obviously, your email will vary relying on who you're sending it to, yet attempt to make it sound tempting and genuine or they aren't prone to open the connected malignant document and our assault will fall flat.

When we're done, SET will ask us whether we need to utilize a Gmail account or send it from our SMTP server. By and large, we will need to utilize a Gmail account. Just sort in your location (you may need to make an unnamed email represent this reason) and watchword, and SET will send the email you made with the malignant connection from this Gmail account.

We will be utilizing a portion of alternate peculiarities of the Social Engineering Toolkit in future excercises, so hold returning!