A Quick View of SET (Social Engineering Toolkit) Fast-Track Attacks

setWelcome back my social engineers/hackatarians! Today we’ll be looking into a fantastic piece of software, The Social-Engineer Toolkit or just SET for short. SET is designed, Developed and used by several Social-engineers. So… Let’s get started!

– – Download SET – –

Getting Familiar

When you boot up SET you’ll see this screen:

Now we are able to pick one of the options listed above

We’ll use:

  1. Social engineering attacks
  2. Fast-track penetration testing

The other options are not important. So what happens when we press 1 We’ll get this screen:

Now there are numerous of things here so let’s look into that!

  • Spear-Phishing Attack Vectors
    This tool allows you to send e-mails with a malicious file as payload.
  • Website Attack Vectors
    This tool allows you to create a malicious website link.
  • Infectious Media Generator
    This tool creates a payload and a .ini file for a usb,cd or dvd injection.
  • Create a Payload and Listener
    Straightforward just creates a .exe file and opens a listener.
  • Mass Mailer Attack
    This tool will send e-mails to the target.
  • Arduino-Based Attack Vector
    For use with a “teensy usb.”
  • SMS Spoofing Attack Vector
    With this tool you’ll be able to craft sms messages and send them.
  • Wireless Access Point Attack Vector
    Should be straightforward.
  • QRCode Generator Attack Vector
    Generates a QRCode to a specific URL.
  • Powershell Attack Vectors
    This will allow you to use Powershell exploits (powershell is available on windows vista and above.)
  • Third Party Modules
    Will allow you to browse for more add-ons.

Step 1: Getting Started!

I won’t create a whole tutorial about the different options available in SET because it’s just to much. Also SET is pretty straightforward. For example, in metasploit you’ll need to use set RHOST:xxx.xxx.xxx.xxx. SET just asks: What is the remote host? ==> xxx.xxx.xxx.xxx

So go ahead and try to social engineer someone, and I hope this helps.

Bookmark the permalink.

2 Responses to A Quick View of SET (Social Engineering Toolkit) Fast-Track Attacks

  1. Adam says:

    Hi Peter,

    Spent the last month learning Linux from ground up, bought a new PC to expand the hack lab. Eventually sorted VirtualBox and configuring the Network Adapters so I can practice hacking myself.

    Done! Imagine my delight as credentials entered on one computer pops up in my Kali VM 🙂

    Every tutorial I’ve seen on setoolkit is done in this way, one VM attacking another, or the host. So, my question is, how do I now set it up to attack computers over the internet!

    I work on a large site where there are 5 offices, each with a separate internet connection and router. And I’d like to learn how to attack between them, rather than being limited to VMs or other computers on the same wireless network.

    I think this in itself would make a useful guide. Too many of the tutorials out there limit to attacking oneself on a single network. But what if you administer multiple networks and wish to pen test remotely?

    Thanks!
    Adam

    • Yes, I am lightly working on an explanation and youtube vid walking people through the concepts of Port Forwarding through external facing routers. This would mean than any victim that has internet access would be able to hit your computer, not just those on your LAN. Stay tuned…

Leave a Reply

Your email address will not be published. Required fields are marked *