Time
5 minutes
Difficulty
Intermediate

Video Transcription

00:04
Hello and welcome to another episode of breaking stuff with Robert. I'm very happy to have you here with me today. We're going to be discussing the social Engineering tool kit, or set for short, which will reference it as moving forward. Now there's a lot of great things that you can do with the social engineering tool kit.
00:21
It has in it a set of penetration testing framework tools
00:26
that you can use for social engineering packs, fash tracking, penetration, testing that's got some third party modules as well. Popular attacks with this tool set includes spear, phishing attacks, website attacks, infectious media generation,
00:40
wireless access points, etcetera. There's a number of things in here that kind of integrate with medicine boy, so you could generate some payloads and bonds, shells and things of that nature.
00:49
A use case for this could be like cloning a website and sending fishing mounts to users to ask them to change their credentials. And then when they click on the site and enter the information, you can collect that data for, of course, testing on validation purposes.
01:03
Some of the objectives of this video again to provide you a high level overview of the set toolkit on dhe to provide you a demo of how the tool can be used. Target audiences here. While not limited to these two groups, penetration testers would be looking to use this tool to again do some fast tracking on pin testing and some social engineering
01:23
attacks, tests, exploits, etcetera
01:26
and then vulnerability. Analysts that would like to understand social engineering attacks and maybe do some testing of their own. This tool kit is there as well. But again not limited to these two groups, some pre requisites. It would be good to have a fundamental knowledge of social engineering attacks on dhe penetration testing in general.
01:44
Since there are some tools in here that could be used for pin testing purposes
01:48
and then a fundamental knowledge of Cali Lennox command mind utilization would be beneficial as well. So with that in mind, let's go ahead and jump into a demo environment.
01:59
Hello, and welcome to our handy dandy *** machine. Today we're going to be going over the social engineering tool kit. Now, we're not gonna get too deep into the tool kit again. This is a cursory view just to show you how to get into it and start kicking the tires on it. So when you open your terminal environment, you do S e t.
02:16
And if you hit time here tells you that there's a few options we're going to start spelling out tool
02:23
kit.
02:24
And now it does have a disclaimer that I've already agreed to.
02:29
Um,
02:30
but as you can see here, feels very much like men Exploit. If you've used the medicine framework as it comes up the first time, they've got some nice options here. That kind of gets you started. So if you need to exit, you can hit 99. If you want help, credits and about, you could hit six. Now, if you try to update by hitting four here
02:51
on hitting enter,
02:52
it tries to update. But it tells you you run in Cali Lennox, and then that it's, you know, that they maintain it. So I got another good logo here,
03:01
So depending on what you want to do, if you want to do some pen testing fast track and you can hit, too,
03:07
and that tells you so. If you're looking at like a SQL database with Microsoft Accustom, exploit some type of Del Drank kind of default creds attack. Whatever the case may be, it's got a few high level things here. Let's just say we wanted to look at the SQL Bruder. We had one and we can scan or connect directly. Whatever the case may be to try that,
03:25
go back with 99.
03:28
Not again.
03:30
Social engineering. We want to look at those tanks we can hit. One
03:34
gives you a number of things here. So if you want to create a payload in a listener, you could do that in medicine ploy. But they've got a nice way that you can kind of streamlined that here
03:42
So you could do that. A mass mail or type attack. If you want to do some type of Q R code, generator attack or a power shell attack, you can do that here. Something non for power shell.
03:53
Give you some reverse shell information bond shell etcetera. Dumped the same database. If we have four,
04:00
we can enter the address or D. M s name for the reverse host.
04:06
We're gonna hit control C and just go back. So there's a lot of different things you can do with E social engineering tool kit. Get some website attack vectors here so you can do Java applet attacks, Web jacking, attack methods, Multi attack when method.
04:21
So a lot of lot of options, creativity and this guy's really the limit.
04:28
So, you know, I would say, Get into the tool kits, start looking around and seeing what you can do with it and what you can generate here again.
04:35
It does have a disclaimer at the beginning of this that you agreed to use to make sure that you're using this for legitimate purposes. For white hat purposes, you know anything you do with the tool that could get you into trouble,
04:49
likely Could could. So just make sure that you dot your I's and cross your tea's. So with that in mind, let's go ahead and jump back in door slides.
05:00
All right, welcome back. I hope you enjoyed that demo and found that information to be beneficial again. There's a lot in the social engineering tool kit that you can use to your benefit. Whether it's fast tracking penetration tests are doing some social engineering, maybe some wireless attacks. The use cases really dependent upon what you're trying to do in which you're hoping to achieve
05:19
hope. You enjoyed the demo and everything that we've presented here today.
05:24
And so with that in mind, I want to thank you for your town and I look forward to seeing you again.

How to Use SET (BSWR)

The Set or Social Engineers Toolkit is a commonly known open source framework available on the Kali Linux distribution. In this course, we will give a quick overview of the tool so that you can understand its various usecases in the field of security.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor