iiType : Tutorial
Level : Beginner, Medium, Advanced
“The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.”
Actually this hacking method will works perfectly with DNS spoofing or Man in the Middle Attack method. Here in this tutorial I’m only write how-to and step-by-step to perform the basic attack, but for the rest you can modified it with your own imagination .
In this tutorial we will see how this attack methods can owned your computer in just a few steps….
FYI : The success possibility of this attack depend on victim browser. If the victim never update their browser, the possibility can be 85% or more.
1. Change your work directory into /pentest/exploits/set/
2. Open Social Engineering Toolkit(SET) ./set and then choose "Website Attack Vectors" because we will attack victim via internet browser. Also in this attack we will attack via website generated by Social Engineering Toolkit to open by victim, so choose "Website Attack Vectors" for this options.
3. Usually when user open a website, sometimes they don’t think that they are opening suspicious website that including malicious script to harm their computer. In this option we will choose "The Metasploit Browser Exploit Method" because we will attack via victim browser.
4. The next step just choose "Web Templates", because we will use the most famous website around the world that already provided by this Social Engineering Toolkit tools.