• 9,156
  • 91
  • +513
  • 714
15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

Bookmark

Type : Tutorial

Level : Beginner, Medium, Advanced

What is Social Engineering Toolkit?

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.

Actually this hacking method will works perfectly with DNS spoofing or Man in the Middle Attack method. Here in this tutorial I’m only write how-to and step-by-step to perform the basic attack, but for the rest you can modified it with your own imagination :-) .

In this tutorial we will see how this attack methods can owned your computer in just a few steps….

FYI : The success possibility of this attack depend on victim browser. If the victim never update their browser, the possibility can be 85% or more.

Requirement :

1.  Backtrack 5 (or Backtrack 4)

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5 :

1. Change your work directory into /pentest/exploits/set/

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

2. Open Social Engineering Toolkit(SET) ./set and then choose "Website Attack Vectors" because we will attack victim via internet browser. Also in this attack we will attack via website generated by Social Engineering Toolkit to open by victim, so choose "Website Attack Vectors" for this options.

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

3. Usually when user open a website, sometimes they don’t think that they are opening suspicious website that including malicious script to harm their computer. In this option we will choose "The Metasploit Browser Exploit Method" because we will attack via victim browser.

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

4. The next step just choose "Web Templates", because we will use the most famous website around the world that already provided by this Social Engineering Toolkit tools.

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

5. There are 4 website templates Ready To Use for this attack methods, such as GMail, Google, Facebook, and Twitter. In this tutorial I will use Google, but if you think Facebook or Twitter more better because it’s the most accessed website, just change into what do you want.

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

6. For the next step…because we didn’t know what kind of vulnerability that successfully attack the victim and what type of browser, etc, in this option we just choose "Metasploit Browser Autopwn" to load all vulnerability Social Engineering Toolkit known. This tools will launch all exploit in Social Engineering Toolkit database.

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

7. For payload options selection I prefer the most use Windows Shell Reverse_TCP, but you also can choose the other payload that most comfortable for you.

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

8. The next step is set up the Connect back port to attacker computer. In this example I use port 4444, but you can change to 1234, 4321, etc

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

9. The next step just wait until all process completed and also wait until the server running.

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

10. When the link given to user, the victim will see looks-a-like Google(fake website). When the page loads it also load all malicious script to attack victim computer.

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

12. In attacker computer if there’s any vulnerability in victim computer browser it will return sessions value that mean the exploit successfully attacking victim computer. In this case the exploit create new fake process named "Notepad.exe".

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

13. To view active sessions that already opened by the exploit type "sessions -l" for listing an active sessions. Take a look to the ID…we will use that ID to connect to victim computer.

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

14. To interract and connect to victim computer use command "sessions -i ID". ID is numerical value that given when you do sessions -l. For example you can see example in picture below.

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

15. Victim computer already owned. :-)

15 Steps to Hacking Windows Using Social Engineering Toolkit and Backtrack 5

I’m practice to create this tutorial using Virtual Machine so it will not harm other computer and also you can doing a lot of experience with your OS.

Countermeasure :

1. Don’t trust to unknown link

2. Use personal firewall to detect inbound and outbound traffic

Hope you found it useful :-)

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • http://careerport.blogspot.com bhushan

    can we used that attack out side a network or LAN ? and if possible please give tutorials

    • http://www.vishnuvalentino.com v4L

      #bhushan
      of course it’s possible :-) you should have vps(virtual private server) or your own server that directly have an ip public..
      requirement : ssh (really useful)
      the rest tutorial is the same like above :-)
      but before you implementing it I think you should learn more about tunneling and anonymizing… :-) (I still haven’t write the tutorial :p LoL)

      • ambrish

        can you please write a tutorial on this vpn and ssh[ to work on SET outside LAN..

        • http://www.vishnuvalentino.com v4L

          #ambrish
          I didn’t use/have a public IP so I can’t try that…maybe you can view about the logic here http://www./hacking-tutorial/how-to-do-hacking-the-internet-wan-not-lan-using-metasploit-the-logic/

        • ambrish

          ohk thanx sir….i will try that :-)

  • Prince

    It seeks for an IP address after choosing the Web Template. What are we supposed to put there? Our own IP, or Google's IP or the Vic's IP?

    • http://www.vishnuvalentino.com v4L

      #prince
      I’m still can’t get your question..after choosing web template you just choose the type of browser exploit you want to use..or if you still confuse, maybe you can write down here your question that written in your Backtrack console.

      • SomeGuy

        On the newest backtrack before asking you for the website, it asks for an IP for the POST back or whatever you are trying to do. I tried using my own, but it didn’t work. I am on Backtrack 5r3

  • Pingback: SPI Port Forward / Redirection for Windows to Another Port / IP Address | Vishnu Valentino Hacking Tutorial, Tips and Trick

  • Milindu

    Please I need detailed information about configuring the cloned website to be hosted on a public address.. when i Use my public address along with the port it uses. still the redirection does not happen  from WAN. 

  • sadi770

    i am not able to do that,  after the 4th step it says "your interface ip adress", there i enter the victims ip adress . after all these steps when i open from victims computers it opens the desired page but dont show any progress in backtrack, as it says"no active sessions.
    please help me out as soon as possible.

    • http://www.vishnuvalentino.com v4L

      #sadi770
      In this kind of attack you don’t need to input victim ip.

  • http://www.smashingtricks.com/ shubham

    Gr8 article..

  • Looph.Crack

    Im really new to this. Just want to verify though. If I do social engineering with the target for example and then i get to send her an email with a pdf file (ofcourse, from SET). After she downloads and open the pdf file on her PC it would execute the payload thus allowing me to get a session with that PC. Question, will i be able to do that on a remote pc? e.g. Target pc is on a different network. I really do need your help. I really want to learn more about this type of attack. Thanks much in advance

  • niru

    This attack is captured as an exploit by avast. how to byepass the Anti virus protection.. tried shikita encoder. but it throws some error!

    • /-\ |\| 0 |\| Y /\/\ 0 U S

      You have tutorial about crypting malicious files here http://forum.kga-webhosting.com/index.php?/topic/9-bypass-all-anti-virus/#entry90 :D

  • lasha

    i do everything right, but now can you help me, how can i download files from target machine in my PC?

    thanks

    • http://www.vishnuvalentino.com v4L

      #lasha
      you can view this http://www./tips-and-trick/how-to-get-files-from-victim-using-backtrack-metasploit/

  • kailash

    sorry.metasploit is not found. like error is coming in socila engineering kit..please solve this….

    • http://www.vishnuvalentino.com v4L

      #kailash
      I don’t understand your question???

  • Ordinary Guy

    when i select “website attack vectors” i receive a message saying that Metasploit was not found, like if it isn’t installed, but this feature is supposed to be already installed, alright?

    extra info: i use backtrack 5 R2

    Thanks my friend (:

    • http://www.vishnuvalentino.com v4L

      #OrdinaryGuy
      Yes it should be installed there by default. maybe you can try to update your system by run apt-get update and apt-get upgrade to check the latest version..

  • malik

    i am using ur tutorial 4 back track 5.em getting problem in port to connect.where is to take that port e.g u take 4444 but its not working on my side.what should i do now ?

    • http://www.vishnuvalentino.com v4L

      #malik
      then you can change it to other port number, maybe that port has been used.

  • lasha

    thanks for ur response. now i’m interested how can i connect to that notepad.exe file later, after i shutdown or restart my computer? i must run that server again and give him url? :)

    Read more : http://www./hacking-tutorial/15-step-to-hacking-windows-using-social-engineering-toolkit-and-backtrack-5/

    • http://www.vishnuvalentino.com v4L

      #lasha
      you can view here : http://www./hacking-tutorial/5-steps-to-set-up-backdoor-after-successfully-compromising-target-using-backtrack-5/

  • Fullmetal

    Please help me … i done everything with my router to forward ports but not a single port is forwarding in my router .. i tried disabling the firewall antiviruses … everything .. in my router page the port is forwarded but still when i check whether my port is open or not (on this site : yougetsignal.com) it says it is CLOSED …

    Please Help i cant do anything without port forwarding :( :( :(

    • http://www.vishnuvalentino.com v4L

      #Fullmetal
      maybe your connection isn’t using a public ip address; you can check did you use public or private IP address.
      or maybe your network topology looks like this :

      ||INTERNET|| –> ||ISP ROUTER WITH PUBLIC IP|| –> ||YOUR ROUTER IN HOME|| –> ||YOUR PC||

      if your topology like that, you need to also forward the port on “ISP ROUTER WITH PUBLIC IP”.

      • Fullmetal

        and how do i do that ? ( port forward on ISP router ) ???

        • http://www.vishnuvalentino.com v4L

          #Fullmetal
          absolutely “you can’t”; except you can ask your isp admin to open some port in it :)

  • Fullmetal

    Hey thanks now i m able to do cloning over LAN … but how can i do it outside LAN … plz tell me i tried many things but when i give my external IP to victim … that will open my router’s page on victim PC :( :( :( …. HELP HELP HELP

    • http://www.vishnuvalentino.com v4L

      #Fullmetal
      view the logic here http://www./hacking-tutorial/how-to-do-hacking-the-internet-wan-not-lan-using-metasploit-the-logic/

  • Vignesh

    For all SET attacks, I get following type of errors. Pls help.

    File “./set”, line 19, in
    from src.core.set import *
    File “/pentest/exploits/set/src/core/set.py”, line 959, in
    import wifiattack
    File “src/wireless/wifiattack.py”, line 171, in
    child2 = pexpect.spawn(“dhcpd3 -q -cf src/program_junk/dhcp.conf -pf /var/run/dhcp3-server/dhcpd.pid at0″)
    File “/usr/lib/python2.6/dist-packages/pexpect.py”, line 429, in __init__
    self._spawn (command, args)
    File “/usr/lib/python2.6/dist-packages/pexpect.py”, line 516, in _spawn
    raise ExceptionPexpect (‘The command was not found or was not executable: %s.’ % self.command)

  • Alex

    Can you help me on this error?
    I can not solve. please help me
    I tried to make this tutorial but could not.
    appears so
    ——-
    root @ root: / Pentest / exploits / set
    ——-
    I then put
    ——
    root @ root: / Pentest / exploits / set #. SET
    Traceback (most recent call last)
    file. “set”, line 61, in module
    setcore.GetVersion defines _version = ()
    AttributeError: ‘module’ object has no attribute ‘GetVersion’
    ——-
    What do I do?

    • http://www.vishnuvalentino.com v4L

      #Alex
      sorry I can’t answer it, maybe others here?

  • Codex

    I think the web files should be stored somewhere on the PC. How do we access it?

  • kenta

    #v4L

    hi.when started to open ./set its shows like this please help me

    root@bt:/pentest/exploits/set# ./set
    bash: ./set: No such file or directory

    • http://www.vishnuvalentino.com v4L

      #kenta
      you can try to run msfupdate to update the library.

  • Abaxx

    Sir, can we send some mallicious files on a particular website..

    can we hack into .org websites ??

    plz reply sir.
    a thanx in advance :)

    • http://www.vishnuvalentino.com v4L

      #Abaxx
      you can send malicious file to website if only you can own the server.
      yes you can (.org, .com, etc) because it’s only the TLD.

  • yuvaraj

    Press <return> to continue
    [-] ***
    [-] * WARNING: Database support has been disabled
    [-] ***

    this error i got from my set what can i do for it.

  • alejandro

    no me sale nada entro por la pc victima y no abre la pagina

  • http://www.djpunjab.com parmar

    i m also using backtrack on virtual machine …
    but the ip address in not opening on window’s google chrome……
    help please……..

    • http://www.vishnuvalentino.com v4L

      #parmar
      I haven’t try it in chrome, maybe you can try it in other browser.
      since SET also public hacking module so it’s not impossible for the browser developer to prevent SET attack in their application

  • A.sharma

    Hello! sir my Anjeet i have use back|tack 5r2 os, hail mary -> by port options not show the armitage why sir please suggest…!

    • http://www.vishnuvalentino.com v4L

      #A.Sharma
      you can try to update your backtrack metasploit using msfupdate.

  • safa

    first thanks for this great website !
    second : after the fourth step he ask me :
    are you using nat/port forwarding [yes|no]:
    (i’m using backtrack on vm i have backtrack 5 r3 )
    so what i have to do ? :(

    • http://www.vishnuvalentino.com v4L

      #safa
      if you have public IP, you choose “NO”, if your network inside a router you choose “YES”.
      see the network logic here: http://www./hacking-tutorial/how-to-do-hacking-the-internet-wan-not-lan-using-metasploit-the-logic/

      • safa

        what i have understood that with a router i must have public ip ( i can get it from google ) and local ip ( i can get it using command line ) . so he asking me if i have a public ip and i have it because i have a router so i must right no . then he asking to :
        ip address for the reverse connection .
        :O ???

        • safa

          I wrote the internal ip but at the end it been detected by avast anti virus as trojan even when i disabled the antivirus it does not work what did i do wrong ?
          thanks

          • http://www.vishnuvalentino.com v4L

            #safa
            if you have public ip and can configure your router, the reverse connection should put your public IP/your router address. and then you can redirect incoming packet into your local PC.

        • http://www.vishnuvalentino.com v4L

          #safa
          to know about public or private IP address, you can use my tool here http://www./tips-and-trick/how-to-know-my-public-ip-address-in-4-steps/

          • safa

            “The best teachers are those who show you where to look, but don't tell you what to see” 

            your the best thanks :D 

          • http://www.vishnuvalentino.com v4L

            #safa

            thank you

  • Max

    PLZ can you give me information about how can i get Social Engineering Tool Kit????

    • http://www.vishnuvalentino.com v4L

      #Max

      You can download here https://www.trustedsec.com/downloads/social-engineer-toolkit/

      or you can download Kali Linux or Backtrack Linux the tool already included there.

      • MAx

        I want to use it in Windows vista or * can i run in any of the two os. And want to hack fb password PLZ help me out!!!

        • http://www.vishnuvalentino.com v4L

          #MAx

          only linux :-)

  • bilkers

    please help me guys
    how to update tools the social-engineer toolkit

  • http://denisetiawanputra.blogspot.com Deni Setiawan Putra

    thanks

  • raja

    after web templates i get question like this

    are you using nat/port forwarding yes/no

    im not getting the 4 websites as shown in your tutorial..

    plz help me

    • http://www.vishnuvalentino.com v4L

      #raja

      if you are inside a router of your ISP or company, you should use NAT(but you must have access to the router) and do the port forwarding.

  • raja

    how can ihack victims system in wan

    plz help me to do this

  • raja

    i have installed my bt5 r3 in vmware..by default it had its IP in diff network and i changed it to my network but its not pinging with my base machine what shuld i do for this….

    aftr restarting t bt5 it cmng to default IP

    plz help me..
    thnxx for rplying fr my previos ques..

    • http://www.vishnuvalentino.com v4L

      #raja

      do not use NAT for the network connection, but use bridged connection instead

  • anony

    Hey bro, whats up?
    Man i stuck in the middle of above process. I successfully generated local ip that shows the google page OK. Then i opened it on. It opens well and other side in terminal it also some movement. But It stuck and does not create “notepad” .

    Plz help me out bro. (I wanted to add image i sniffed but your site does not has such options)

  • chimi

    I am in CMD DOS location of the victim pc C:> now i would like to copy the c: d: or e: drive data into my local pc or backtrack shared folder. how it would be, which command i would use for copy transfer data from victim pc into my pc.
    Its urgent please
    chimii@gmail.com

    • Guest

      go back to meterpreter and type download “directory or file path”
      download c:\
      download d:\
      download e:\
      devflux@hotmail.com

  • legacy

    Please help Obi-Wan..you’re my last hope!

    I love your stuff and have learned so much from them. Im using the Kali Linux SET to clone a website and allow the victim to go to it to harvest the login details.

    I works great until the victim clicks on the link (the shortened url) that I have sent…and nothing happens…they NEVER connect to the cloned website!

    Im almost turning my back on Kali as its driving me crazy..I have port forwarded …but one of my settings must be wrong for it never to connect; surely!!???

    Help me anyone please contact

    Legacy

    • helper

      Double check your port forwarding. Maybe also the recieving end is not on the same port

  • Rami

    Hi ,

    Thanks for you tutorial i found it very useful. at the moment I’ve been searching for an answer to my question with no luck. i hope someone form this site can give me some insight.

    I am running Kali and been trying to use the settool kit. I do everything above in the tutorial but when the victim browse to the site i get this “GET /HTTP/1.1″ 200 – 192.168.0.80 — .

    can someone help me with this problem ? I am using Version 5.4.2 of settoolkit on Kali .

    My e-mail is r.mahmoud00@gmail.com if you need more info.

    Regards

  • Hitesh

    Thanks for you tutorial i found it very useful. at the moment I’ve been searching for an answer to my question with no luck. i hope someone form this site can give me some insight.

    I am running Kali and been trying to use the settool kit. I do everything above in the tutorial but when the victim browse to the site i get this “GET /HTTP/1.1″ 200 – 192.168.0.80 –

    Can u help me??

  • greg

    launched Metasploit Browser Exploit Method
    payloads Windows Shell Reverse_TCP
    IP address or hostname for the reverse connection:192.168.56.1
    open the ip address 192.168.56.1 in the browser on virtualbox
    I see in the terminal

    [*] Server started.
    192.168.56.101 – – [30/Oct/2014 18:10:05] “GET / HTTP/1.1″ 200 –
    [*] 192.168.56.101 browser_autopwn – Handling ‘/’
    [*] 192.168.56.101 browser_autopwn – Handling ‘/’

    and this stop

    loading does not go beyond
    help me