EH-Net

Hello
           When i run social engineering tool kit i get this error   :Something is running on port 80. Seeing if it's a stale SET process.
i used Java Applet Attack Method-Site - site cloner. i restarted SET & still the problem persists,please suggest me how to solve this ?

Thank you

set:payloads> PORT of the listener [443]:

• Done, moving the payload into the action.
[-] Targetting of OSX/Linux (POSIX-based) as well. Prepping posix payload...

• Stager turned off, prepping direct download payload...
• Please note that the SETSHELL and RATTE are not compatible with the powershell injection technique. Disabling the powershell attack.
[!] ERROR:Something is running on port 80. Seeing if it's a stale SET process...
[!] If you want to use Apache, edit the config/set_config
[!] Exit whatever is listening and restart SET

If you're using Backtrack, you probably have apache set to start automatically, which is probably where the conflict is.

netstat -antp will tell you what the problem is.

I'm using backtrack 5r2, a netstat -antp reveals me this,

root@bt:~# netstat -antp

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1127/apache2   

tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      786/postgres   

tcp6       0      0 ::1:5432                :::*                    LISTEN      786/postgres   

Apache is running, I highlighted in bold, that's why SET doesn't load.
Try stopping Apache and see if that helps: "apache2 stop"  or "/etc/init.d/apache2 stop"

Or, just configure SET to use apache in set_config:


# USE APACHE INSTEAD OF STANDARD PYTHON WEB SERVERS, THIS WILL INCREASE SPEED OF
# THE ATTACK VECTOR
APACHE_SERVER=ON

Thanks now it works without any problem, did exactly as you said, however , in the mean while iam faced with another problem, metasploit wont load in SET (waited for minutes )when i use java applet attack method,any idea what could be causing this ?

info...

--] Tested on IE6, IE7, IE8, IE9, Safari, Opera, Chrome, and FireFox [--]
[--] Apache web server is currently in use for performance. [--]

• Moving payload into cloned website.
• The site has been moved. SET Web Server is now listening..
[-] Launching MSF Listener...
[-] This may take a few to load MSF...

Press

[return] when finished.

Thank you

I'm not sure I see where the error is. Double check the set_config that it is pointed to the correct msf directory.

Well in set_config previously was default /pentest/exploits/framework3, which i later changed to cd /opt/metasploit/msf3/ after this still same problem, then i located msfconsole through terminal

root@bt:~# locate msfconsole
/opt/metasploit/app/msfconsole
/opt/metasploit/apps/pro/msf3/msfconsole
/opt/metasploit/apps/pro/msf3/test/functional/framework/msfconsole_spec.rb
/opt/metasploit/msf3/msfconsole
/opt/metasploit/msf3/.svn/prop-base/msfconsole.svn-base
/opt/metasploit/msf3/.svn/text-base/msfconsole.svn-base
/opt/metasploit/msf3/documentation/msfconsole_rc_ruby_example.rc
/opt/metasploit/msf3/documentation/.svn/text-base/msfconsole_rc_ruby_example.rc.svn-base
/opt/metasploit/msf3/external/source/armitage/resources/msfconsole.style
/opt/metasploit/msf3/external/source/armitage/resources/.svn/text-base/msfconsole.style.svn-base
/opt/metasploit/msf3/test/functional/framework/msfconsole_spec.rb
/opt/metasploit/msf3/test/functional/framework/.svn/text-base/msfconsole_spec.rb.svn-base
/pentest/exploits/framework2/msfconsole
/pentest/exploits/framework2/docs/QUICKSTART.msfconsole
/usr/local/bin/msfconsole
/usr/share/applications/backtrack-metasploit-msfconsole.desktop

then once again i configure in SET DEFINE THE PATH TO METASPLOIT HERE, FOR EXAMPLE /pentest/exploits/framework3
METASPLOIT_PATH= /pentest/exploits/framework2/msfconsole.

still not working anymore, where could be the problem, i use Backtrack 5R2, metasploit v4.4.0-dev. any ideas ?

Dont point it to the msfconsole binary, point it to the path. It should be

/pentest/exploits/framework3

ok i changed it to
/pentest/exploits/framework3

its same thing again msf just wont load at all..

here is the brief info.. i go to ...

  Website Attack Vectors -> Java Applet Attack Method--> Site Cloner
Are you using NAT/Port Forwarding [yes|no]: no

IP address for the reverse connection:192.168.56.101 (backtrack ip)

• Cloning the website: http://www.gmail.com
• This could take a little bit...
• Injecting Java Applet attack into the newly cloned website.
• Filename obfuscation complete. Payload name is: 84hPykFDDtYIJKx
• Malicious java applet website prepped for deployment

What payload do you want to generate: Windows Reverse_TCP Meterpreter

Payload : Backdoored Executable (BEST)

set:payloads> PORT of the listener [443] ( i press enter default)

• Generating x64-based powershell injection code...
• Generating x86-based powershell injection code...
• Finished generating shellcode powershell injection attack and is encoded to bypass execution restriction policys...
[-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds...

• Backdoor completed successfully. Payload is now hidden within a legit executable.
• UPX Encoding is set to ON, attempting to pack the executable with UPX encoding.
[-] Packing the executable and obfuscating PE file randomly, one moment.

• Digital Signature Stealing is ON, hijacking a legit digital certificate
• Generating OSX payloads through Metasploit...
• Generating Linux payloads through Metasploit...
• Apache appears to be running, moving files into Apache's home

***************************************************
Web Server Launched. Welcome to the SET Web Attack.
***************************************************

[--] Tested on IE6, IE7, IE8, IE9, Safari, Opera, Chrome, and FireFox [--]
[--] Apache web server is currently in use for performance. [--]

• Moving payload into cloned website.
• The site has been moved. SET Web Server is now listening..
[-] Launching MSF Listener...
[-] This may take a few to load MSF...

How long are you waiting?

Does metasploit start separately, on it's own?

It should be /pentest/exploits/framework (they dropped the 3) or
/opt/metasploit/msf3

Yep, hell_razor is right. I was going off memory. Just checked and they did drop the 3. However, I thought SET threw an error when it used the wrong dir.

sorry bro.. i did what mr. razor told tried each one of them  /pentest/exploits/framework & /opt/metasploit/msf3, its out of luck, its same again, updated metasploit & SET too before this. well i'll try to reinstall Backtrack 5R2 O.S... guess this would work..

here is the brief info regarding my set_config..

DEFINE THE PATH TO METASPLOIT HERE, FOR EXAMPLE /pentest/exploits/framework3
METASPLOIT_PATH= /opt/metasploit/msf3

METASPLOIT_DATABASE=postgresql
 HOW MANY TIMES SET SHOULD ENCODE A PAYLOAD IF YOU ARE USING STANDARD METASPLO
ENCOUNT=4
AUTO_MIGRATE=OFF
BACKDOOR_EXECUTION=ON
METASPLOIT_IFRAME_PORT=8080
DSNIFF=OFF
AUTO_DETECT=OFF
SENDMAIL=ON
EMAIL_PROVIDER=GMAIL
WEBATTACK_EMAIL=ON
APACHE_SERVER=ON
SELF_SIGNED_APPLET=ON
WEBATTACK_SSL=OFF
OSX_REVERSE_PORT=8080
AUTOMATIC_LISTENER=ON
SET_SHELL_STAGER=OFF
METASPLOIT_MODE=ON

I would just grab a fresh copy of both and start there.

now i see that metasploit works on Spear-Phishing Attack Vectors,but not in java applet attack method..well said .. better if i would reinstall O.S itself...

sledgehammer!

Yeah, something is definitely going bonkers...you can always do an apt-get remove set --purge and then apt-get install set and set-update...you can do the same to metasploit, but it may be more cantankerous.