Need some SET toolkit guidance

Viewing 3 reply threads
  • Author
    Posts
    • #8661
      jjwinter
      Participant

      I’ve been experimenting with the SET toolkit that comes with Kali, trying to to send an email with an infected PDF to my test VM using a Gmail address, but Gmail catches and kills it every time. I’ve played with the encoders, but can’t seem to get any of the built-in ones to do the the trick. How do you get these payloads out the door undetected?

    • #53780
      Mr-Inaudible
      Participant

      Of course, gmail has good security, but even if you do something to make gmail allow this file, the victim computer’s antivirus might detect it, there is no guarantee to make a payload totally undetectable. I recommend you to learn C++ and create your own Trojan which is much more hard to detect and even more secure, you can also use some methods for your Trojan to reduce the chance of detection. After all, client side attacks are not so technical, it’s better to spent your time with server side attacks

      Good luck my friend

    • #53781
      dynamik
      Participant

      Just send the mail directly yourself. Exim4 is a breeze to setup: dpkg-reconfigure exim4-config

      You’ll likely need a business account with your ISP or have something like a VPS that allows outbound SMTP. If you’re testing this locally, you’ll need to setup a POP/IMAP/web mail server that the client will access as well.

      As noted above, default attacks in common tools are almost always caught, and you will want to use something custom in practice. However, the defaults are fine to play around with while you’re learning.

    • #53782
      jjwinter
      Participant

      Thanks for the help, I’ll give that a go.

Viewing 3 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?