Example 5-20. Payloads for mass mailing attack
Select the file format exploit you want.
The default is the PDF embedded EXE.
********** PAYLOADS **********
1
)
SET Custom Written DLL Hijacking Attack Vector
(
RAR, ZIP
)
2
)
SET Custom Written Document UNC LM SMB Capture Attack
3
)
MS15-100 Microsoft Windows Media Center MCL Vulnerability
4
)
MS14-017 Microsoft Word RTF Object Confusion
(
2014-04-01
)
5
)
Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow
6
)
Microsoft Word RTF pFragments Stack Buffer Overflow
(
MS10-087
)
7
)
Adobe Flash Player
"Button"
Remote Code Execution
8
)
Adobe CoolType SING Table
"uniqueName"
Overflow
9
)
Adobe Flash Player
"newfunction"
Invalid Pointer Use
10
)
Adobe Collab.collectEmailInfo Buffer Overflow
11
)
Adobe Collab.getIcon Buffer Overflow
12
)
Adobe JBIG2Decode Memory Corruption Exploit
13
)
Adobe PDF Embedded EXE Social Engineering
14
)
Adobe util.printf
()
Buffer Overflow
15
)
Custom EXE to VBA
(
sent via RAR
)
(
RAR required
)
16
)
Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
17
)
Adobe PDF Embedded EXE Social Engineering
(
NOJS
)
18
)
Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow
19
)
Apple QuickTime PICT PnSize Buffer Overflow
20
)
Nuance PDF Reader v6.0 Launch Stack Buffer Overflow
21
)
Adobe Reader u3D Memory Corruption Vulnerability
22
)
MSCOMCTL ActiveX Buffer Overflow
(
ms12-027
)
set
:payloads>
After selecting the payload that will go in your message, you will be asked to select a
payload for the exploit, meaning the way that you are going to get access to the com‐
promised system, then the port associated with the payload. You will have to select a
mail server and your target. It is helpful at this point if you have your own mail server
to use, though
setoolkit
can use a Gmail account to send through. One of the issues
with this, though, is that Google tends to have good malware filters, and what you are
sending is absolutely malware. Even if you are just doing it for the purposes of test‐
ing, you are sending malicious software.
You can also use
setoolkit
to create a malicious website. It will generate a web page
that can be cloned from an existing site. Once you have the page, it can be served up
from the Apache server in Kali. What you will have to do, though, is get your target
user to visit the page. There are several ways to do this. You might use a misspelled
domain name and get the user to your site by expecting they will mistype a URL they
are trying to visit. You could send the link in email or through social networking.
There are a lot of possibilities. If either the website attack or the email attack works,
you will be presented with a connection to your target’s system.
