Social Engineer Toolkit (SET) is an open source toolkit used for penetration testing via social engineering. The toolkit includes a number of social engineering techniques, such as spear phishing, website attack vectors, Arduino-based attack, wireless access point attack, infection media technique, custom payloads, SMS spoofing, powershell attack, QRCode generated attack, and third party module attacks.
Installing the Social Engineer Toolkit
Social Engineer Toolkit requires the following packages as a pre-requisite. Install these packages in the following format.
apt-get --force-yes -y install git apache2 python-requests libapache2-mod-php \ python-pymssql build-essential python-pexpect python-pefile python-crypto python-openssl
After installing the dependencies, clone the SET repository from Github using the following command.
git clone https://github.com/trustedsec/social-engineer-toolkit/ set/
The above command clones the SET in a folder called set. Move to the set folder to run the setup.py file using the following commands to complete the installation process.
cd set python setup.py install
How to Use Social Engineer Toolkit
Social Engineer Toolkit (SET) can be set into action by typing the following command.
The above command launches the toolkit with the following menu.
The first option in the menu contains all the social engineering techniques that can be used according to the scenario. The complete list of techniques can be seen in the following screenshot.
Each social engineering technique has different attack options. For instance, if we select the Website attack vector from the list; we see different attacking methods, such as Java Applet attack method, Metasploit Browser Exploit method, Credential harvester, Webjacking attack, HTA attack, and multi attack method. The Java applet attack method uses the spoofed Java certificate and Metasploit payload. Browser exploit method makes use of an iframes. In the Webjacking attack method, a genuine link is shown to the user that, when clicked, is replaced with a malicious link. The HTA attack method involves cloning of the website in order to execute the powershell injection via HTA files. In the multi attack method, one can launch the combination of these attacks.
Similarly, if we opt for spear phishing attack vector, we see two main attack options as shown in the following screenshot.
Selecting the first option allows the user to use automatic payload options. The second option allows building the custom payloads for the spear phishing attack. If we select the first option, we see a number of email payloads that can be used in the attack.
For instance, we select an Adobe payload option from the list; we see different options of spawning the shell into the victim’s machine as shown in the following screenshot.
After selecting the desired reverse shell, fill the IP address (or a URL) and port number details to be used as an interface to listen on the victim’s machine. Once all these details are provided, the tool starts generating the payload.
Once the payload is generated, it is stored in a pdf folder in the directory with default (template.pdf) name. We can rename this to anything else or leave it as a default. The final step is sending the payload file to the victim(s). There are two options i-e sending the payload to a single email address or sending it to many people. Selecting the desired option takes the user to the next option of selecting the email template as shown in the following screenshot.
Select the desired template option from the list and the target email id. The tool also requires the sender email id in order to send the payload to the victim. If the victim clicks on the link in the email, a connection is created between the victim and attacker’s machine, allowing the attacker to execute the desired commands on the target machine, taking control of the machine.
Social Engineer Toolkit (SET) is a great tool for generating custom and built-in payloads to be used in different social engineering attack vectors. The toolkit allows the red team to gain Remote Command Execution (RCE) over the victim’s machine through reverse shells.