Need some SET toolkit guidance

This topic contains 3 replies, has 3 voices, and was last updated by  jjwinter 5 years, 8 months ago.

  • Author
    Posts
  • #8661
     jjwinter 
    Participant

    I’ve been experimenting with the SET toolkit that comes with Kali, trying to to send an email with an infected PDF to my test VM using a Gmail address, but Gmail catches and kills it every time. I’ve played with the encoders, but can’t seem to get any of the built-in ones to do the the trick. How do you get these payloads out the door undetected?

  • #53780
     Mr-Inaudible 
    Participant

    Of course, gmail has good security, but even if you do something to make gmail allow this file, the victim computer’s antivirus might detect it, there is no guarantee to make a payload totally undetectable. I recommend you to learn C++ and create your own Trojan which is much more hard to detect and even more secure, you can also use some methods for your Trojan to reduce the chance of detection. After all, client side attacks are not so technical, it’s better to spent your time with server side attacks

    Good luck my friend

  • #53781
     dynamik 
    Participant

    Just send the mail directly yourself. Exim4 is a breeze to setup: dpkg-reconfigure exim4-config

    You’ll likely need a business account with your ISP or have something like a VPS that allows outbound SMTP. If you’re testing this locally, you’ll need to setup a POP/IMAP/web mail server that the client will access as well.

    As noted above, default attacks in common tools are almost always caught, and you will want to use something custom in practice. However, the defaults are fine to play around with while you’re learning.

  • #53782
     jjwinter 
    Participant

    Thanks for the help, I’ll give that a go.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?