View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0006054||Kali Linux||General Bug||public||2020-02-01 10:42||2020-12-01 10:48|
|Summary||0006054: SETOOLKIT / KALI 2020.1 bug|
set:webattack> IP address for the POST back in Harvester/Tabnabbing [xxx.xxx.x.xxx]:xxx.xxx.x.xxx
 Cloning the website: https://xxxxxxxx.com/
[!] Something went wrong, printing the error: name 'file' is not defined
|Steps To Reproduce|
Select from the menu:
1) Spear-Phishing Attack Vectors
99) Return back to the main menu.
The Web Attack module is a unique way of utilizing multiple web-based attacks in order to compromise the intended victim.
The Java Applet Attack method will spoof a Java Certificate and deliver a metasploit based payload. Uses a customized java applet created by Thomas Werth to deliver the payload.
The Metasploit Browser Exploit method will utilize select Metasploit browser exploits through an iframe and deliver a Metasploit payload.
The Credential Harvester method will utilize web cloning of a web- site that has a username and password field and harvest all the information posted to the website.
The TabNabbing method will wait for a user to move to a different tab, then refresh the page to something different.
The Web-Jacking Attack method was introduced by white_sheep, emgent. This method utilizes iframe replacements to make the highlighted URL link to appear legitimate however when clicked a window pops up then is replaced with the malicious link. You can edit the link replacement settings in the set_config if its too slow/fast.
The Multi-Attack method will add a combination of attacks through the web attack menu. For example you can utilize the Java Applet, Metasploit Browser, Credential Harvester/Tabnabbing all at once to see which is successful.
The HTA Attack method will allow you to clone a site and perform powershell injection through HTA files which can be used for Windows-based powershell exploitation through the browser.
1) Java Applet Attack Method
99) Return to Main Menu
The first method will allow SET to import a list of pre-defined web
The second method will completely clone a website of your choosing
The third method allows you to import your own website, note that you
1) Web Templates
99) Return to Webattack Menu
--- IMPORTANT READ THIS BEFORE ENTERING IN THE IP ADDRESS IMPORTANT ---
The way that this works is by cloning a site and looking for form fields to
It's fixed in upstream version 8.0.2 (see https://github.com/trustedsec/social-engineer-toolkit/issues/679 and https://github.com/trustedsec/social-engineer-toolkit/issues/673)
I just updated the package. The new version 8.0.2-0kali1 will be in kali-rolling in few hours.
|2020-02-01 10:42||explisith||New Issue|
|2020-02-04 14:03||sbrun||Assigned To||=> sbrun|
|2020-02-04 14:03||sbrun||Status||new => assigned|
|2020-02-04 14:18||sbrun||Status||assigned => resolved|
|2020-02-04 14:18||sbrun||Resolution||open => fixed|
|2020-02-04 14:18||sbrun||Note Added: 0012004|
|2020-12-01 10:48||g0tmi1k||Priority||high => normal|