[blockquote cite="Assaf Nitzan"] I’ll try to be nicer if you try to be smarter. [/blockquote]
Its been a while since i did a SET (Social-Engineering Toolkit) demonstration, i am here to fix that guilt.
So for today let us go through
Website Attack Vector – > Metasploit Browser Exploit Method.
You may download the PDF version of this tutorial here.
Metasploit Browser Exploit Method :
The Metasploit browser exploit method will utilize select Metasploit browser exploits
through an iframe and deliver a Metasploit payload.
We will be using SET to load up the browser exploit modules and ettercap -G
to do a man in the middle attack through arp poisoning. And finally activating of the dns spoof plugin.
Yes i am aware that we can do all that in command line but the reason i am doing it this way is because
i tend to like flipping through the various plugins, ADHD, itchy fingers….call it what you will.
In my opinion it does not make much difference what method you use as long the job gets done.
1) On a terminal type : cd /pentest/exploits/set
2) To load SET, type : ./set
3) Choose 1 for Social-Engineering Attacks.
4) Next choose 2 for Website Attack Vector.