SMS Spoofing The Social-Engineer Toolkit
Oleh
chmood
(SET) v7.2 Dirilis, SMS Spoofing Hadir Kembali
Bagi Teman Teman yang sudah melihat serial Mr.Robot pasti juga memperhatikan scene social engineering dimana Eliot melakukan soceng menggunakan SMS Spoofing SET dari Kali Linux yang dia pakai. Namun ketika kalian ingin mempraktekkannya, menu SMS Spoofing yang seharusnya ada di nomor 7 tidak ada.
Karena beberapa alasan, menu SMS Spoofing memang dihapus di SET versi sebelumnya.
Namun di rilis terbarunya kemarin ( v7.2 ) dengan kodenama Wine and Gold, SMS Spoofing kembali hadir. Kali ini di menu nomor 10.
Lalu selain SMS Spoofing apa saja yang baru ?
Berikut fitur update di SET 7.2 yang saya lansir dari trustedsecfixed an issue on installer not copying SET directory properly
changed delay time for HTA attack vector from 3 seconds to 10 seconds to allow proper loading
added wording when using gmail and application specific passwords
rewrote ms08-067 instead of being the python exploit to use the metasploit default which is much more reliable
re-introduced the SMS spoofing method (now option 10) β it has been optimized and reduced to only use SMSGang as a main provider.
added ability to add your own attachments via file format attacks instead of having to use the ones built in
added ability to add your own attachments via mass mailer attack vector
added new config option called wget_deep and incremented config to 7.2 β this will allow 1 deep download wgets
added ability to select on deeper wgets through web cloner in the web attack vectors β this will allow you to clone the site and not just the index.html which might be better.. to enable this edit /etc/setoolkit/set.config and turn WGET_DEEP to on.
added a new check upon startup (which may delay the start of set for a couple seconds, but it will check to see if there is a new version of SET available for you automatically β this is displayed on the main launcher UI when you first start SET
fixed setup.py a bit to reflect more on whats out there.. I may convert this to a standard setup installer eventually
updated the licensing agreement β should check it out =)
changed the default payload in HTA and Java Applet attack to be reverse_https instead of reverse_tcp (although both can be specified)
number of fixes around spacing for python3 and python3 compatibility (urllib)
removed string decode on HTA attack vector which is no longer needed in python3 (and python2)
changed urllib2 to import urllib instead for python2 and python3 compatibility in setcore
changed encoding techniques to bytes instead of strings for python3 compatibility
Untuk cara installnya cukup mudah:
Nah menu SMS Spoofing sendiri ada di bagian :
Social-Engineering Attacks > SMS Spoofing Attack Vector .
Namun sayang karena seperti yang dijelaskan di update diatas, SMS Spoofing yang digunakan menggunakan provider SMSGang sehingga kita juga harus memiliki pincode SMSGang.
Untuk mendapatkannya kalian harus membeli dengan mata uang Euro disini :
Buy Pincode SMSGang
Oke mungkin seklain dulu update kali ini, sekian dan semoga bermanfaat.
Bagi Teman Teman yang sudah melihat serial Mr.Robot pasti juga memperhatikan scene social engineering dimana Eliot melakukan soceng menggunakan SMS Spoofing SET dari Kali Linux yang dia pakai. Namun ketika kalian ingin mempraktekkannya, menu SMS Spoofing yang seharusnya ada di nomor 7 tidak ada.
Karena beberapa alasan, menu SMS Spoofing memang dihapus di SET versi sebelumnya.
Namun di rilis terbarunya kemarin ( v7.2 ) dengan kodenama Wine and Gold, SMS Spoofing kembali hadir. Kali ini di menu nomor 10.
Lalu selain SMS Spoofing apa saja yang baru ?
Berikut fitur update di SET 7.2 yang saya lansir dari trustedsecfixed an issue on installer not copying SET directory properly
changed delay time for HTA attack vector from 3 seconds to 10 seconds to allow proper loading
added wording when using gmail and application specific passwords
rewrote ms08-067 instead of being the python exploit to use the metasploit default which is much more reliable
re-introduced the SMS spoofing method (now option 10) β it has been optimized and reduced to only use SMSGang as a main provider.
added ability to add your own attachments via file format attacks instead of having to use the ones built in
added ability to add your own attachments via mass mailer attack vector
added new config option called wget_deep and incremented config to 7.2 β this will allow 1 deep download wgets
added ability to select on deeper wgets through web cloner in the web attack vectors β this will allow you to clone the site and not just the index.html which might be better.. to enable this edit /etc/setoolkit/set.config and turn WGET_DEEP to on.
added a new check upon startup (which may delay the start of set for a couple seconds, but it will check to see if there is a new version of SET available for you automatically β this is displayed on the main launcher UI when you first start SET
fixed setup.py a bit to reflect more on whats out there.. I may convert this to a standard setup installer eventually
updated the licensing agreement β should check it out =)
changed the default payload in HTA and Java Applet attack to be reverse_https instead of reverse_tcp (although both can be specified)
number of fixes around spacing for python3 and python3 compatibility (urllib)
removed string decode on HTA attack vector which is no longer needed in python3 (and python2)
changed urllib2 to import urllib instead for python2 and python3 compatibility in setcore
changed encoding techniques to bytes instead of strings for python3 compatibility
Untuk cara installnya cukup mudah:
sudo su
git clone https://github.com/trustedsec/social-engineer-toolkit/ set/
cd set
python setup.py install
setoolkit
Nah menu SMS Spoofing sendiri ada di bagian :
Social-Engineering Attacks > SMS Spoofing Attack Vector .
Namun sayang karena seperti yang dijelaskan di update diatas, SMS Spoofing yang digunakan menggunakan provider SMSGang sehingga kita juga harus memiliki pincode SMSGang.
Untuk mendapatkannya kalian harus membeli dengan mata uang Euro disini :
Buy Pincode SMSGang
Oke mungkin seklain dulu update kali ini, sekian dan semoga bermanfaat.
Komentar
