{"id":1805,"date":"2022-12-08T10:55:47","date_gmt":"2022-12-08T02:55:47","guid":{"rendered":"https:\/\/pjq.me\/?p=1805"},"modified":"2022-12-08T10:56:41","modified_gmt":"2022-12-08T02:56:41","slug":"social-engineer-toolkitset","status":"publish","type":"post","link":"https:\/\/pjq.me\/?p=1805","title":{"rendered":"Social-Engineer Toolkit(SET)"},"content":{"rendered":"\n<p>Show some examples about how to use SET to do some testing<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_81 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/pjq.me\/?p=1805\/#Start_Social-Engineer_ToolkitSET\" >Start Social-Engineer Toolkit(SET)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/pjq.me\/?p=1805\/#Example_Phishing_for_get_usernamepassword_for_the_Website_login\" >Example:Phishing for get username\/password for the Website login<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/pjq.me\/?p=1805\/#Example2_Control_the_remote_machine_with_payload_attack\" >Example2: Control the remote machine with payload attack<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Start_Social-Engineer_ToolkitSET\"><\/span>Start Social-Engineer Toolkit(SET)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-1-1024x916.png\" alt=\"\" class=\"wp-image-1806\" width=\"512\" height=\"458\" srcset=\"https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-1-1024x916.png 1024w, https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-1-300x268.png 300w, https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-1-768x687.png 768w, https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-1-1536x1374.png 1536w, https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-1.png 1708w\" sizes=\"auto, (max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Example_Phishing_for_get_usernamepassword_for_the_Website_login\"><\/span>Example:Phishing for get username\/password for the Website login<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Follow the steps<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>1. Social-Engineering Attacks<\/li>\n\n\n\n<li>2. Website Attack Vectors<\/li>\n\n\n\n<li>3. Credential Harvester Attack Method<\/li>\n\n\n\n<li>4. Web Templates<\/li>\n\n\n\n<li>5. Google<\/li>\n\n\n\n<li>6. Then open the link, and input username\/password, you can see the plaintext username\/password in the console<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"601\" src=\"https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-2-1024x601.png\" alt=\"\" class=\"wp-image-1807\" srcset=\"https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-2-1024x601.png 1024w, https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-2-300x176.png 300w, https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-2-768x450.png 768w, https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-2-1536x901.png 1536w, https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-2-2048x1201.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Example2_Control_the_remote_machine_with_payload_attack\"><\/span>Example2: Control the remote machine with payload attack<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Social-Engineering Attacks<\/li>\n\n\n\n<li>Create a Payload and Listener<\/li>\n\n\n\n<li>Windows Meterpreter Reverse_TCP X64 Connect back to the attacker (Windows x64), Meterpreter<\/li>\n\n\n\n<li>IP address for the payload listener (LHOST):192.168.193.130<\/li>\n\n\n\n<li>Enter the PORT for the reverse listener:80<\/li>\n\n\n\n<li>Share the file to the target machine &#8220;\/root\/.set\/payload.exe&#8221;, and execute it<\/li>\n\n\n\n<li>Then boom, it will connect your machine, and you can control the target machine.\n<ul class=\"wp-block-list\">\n<li>[*] Started reverse TCP handler on 192.168.193.130:80<\/li>\n\n\n\n<li>msf6 exploit(multi\/handler) ><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Show some examples about how to use SET to do some testing Start Social-Engineer Toolkit(SET) Example:Phishing for get username\/password for the Website login Follow the steps Example2: Control the remote machine with payload attack<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[169],"tags":[211,206,89,210,212,209,208],"class_list":["post-1805","post","type-post","status-publish","format-standard","hentry","category-tech","tag-credential","tag-kali","tag-linux","tag-password","tag-remote-control","tag-set","tag-social-engineer-toolkit"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Social-Engineer Toolkit(SET) - Jianqing&#039;s Blog<\/title>\n<meta name=\"description\" content=\"Using Social-Engineer Toolkit(SET) to phishing and get the username\/password and do the remote control for the target machine\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/pjq.me\/?p=1805\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Social-Engineer Toolkit(SET) - Jianqing&#039;s Blog\" \/>\n<meta property=\"og:description\" content=\"Using Social-Engineer Toolkit(SET) to phishing and get the username\/password and do the remote control for the target machine\" \/>\n<meta property=\"og:url\" content=\"https:\/\/pjq.me\/?p=1805\" \/>\n<meta property=\"og:site_name\" content=\"Jianqing&#039;s Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-08T02:55:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-12-08T02:56:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-1-1024x916.png\" \/>\n<meta name=\"author\" content=\"pengjianqing\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"pengjianqing\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/pjq.me\/?p=1805#article\",\"isPartOf\":{\"@id\":\"https:\/\/pjq.me\/?p=1805\"},\"author\":{\"name\":\"pengjianqing\",\"@id\":\"https:\/\/pjq.me\/#\/schema\/person\/0eb1e72d1e69fbbd9b5c0bfd8e2aae60\"},\"headline\":\"Social-Engineer Toolkit(SET)\",\"datePublished\":\"2022-12-08T02:55:47+00:00\",\"dateModified\":\"2022-12-08T02:56:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/pjq.me\/?p=1805\"},\"wordCount\":141,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/pjq.me\/#\/schema\/person\/0eb1e72d1e69fbbd9b5c0bfd8e2aae60\"},\"image\":{\"@id\":\"https:\/\/pjq.me\/?p=1805#primaryimage\"},\"thumbnailUrl\":\"https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-1-1024x916.png\",\"keywords\":[\"Credential\",\"Kali\",\"Linux\",\"Password\",\"Remote Control\",\"SET\",\"Social-Engineer Toolkit\"],\"articleSection\":[\"Tech\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/pjq.me\/?p=1805#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/pjq.me\/?p=1805\",\"url\":\"https:\/\/pjq.me\/?p=1805\",\"name\":\"Social-Engineer Toolkit(SET) - Jianqing&#039;s Blog\",\"isPartOf\":{\"@id\":\"https:\/\/pjq.me\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/pjq.me\/?p=1805#primaryimage\"},\"image\":{\"@id\":\"https:\/\/pjq.me\/?p=1805#primaryimage\"},\"thumbnailUrl\":\"https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-1-1024x916.png\",\"datePublished\":\"2022-12-08T02:55:47+00:00\",\"dateModified\":\"2022-12-08T02:56:41+00:00\",\"description\":\"Using Social-Engineer Toolkit(SET) to phishing and get the username\/password and do the remote control for the target machine\",\"breadcrumb\":{\"@id\":\"https:\/\/pjq.me\/?p=1805#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/pjq.me\/?p=1805\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/pjq.me\/?p=1805#primaryimage\",\"url\":\"https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-1.png\",\"contentUrl\":\"https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-1.png\",\"width\":1708,\"height\":1528},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/pjq.me\/?p=1805#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/pjq.me\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Social-Engineer Toolkit(SET)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/pjq.me\/#website\",\"url\":\"https:\/\/pjq.me\/\",\"name\":\"Jianqing&#039;s Blog\",\"description\":\"Thoughts and Future\",\"publisher\":{\"@id\":\"https:\/\/pjq.me\/#\/schema\/person\/0eb1e72d1e69fbbd9b5c0bfd8e2aae60\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/pjq.me\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/pjq.me\/#\/schema\/person\/0eb1e72d1e69fbbd9b5c0bfd8e2aae60\",\"name\":\"pengjianqing\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/pjq.me\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/pjq.me\/wp-content\/uploads\/2021\/12\/Screen-Shot-2021-12-02-at-6.10.58-PM.png\",\"contentUrl\":\"https:\/\/pjq.me\/wp-content\/uploads\/2021\/12\/Screen-Shot-2021-12-02-at-6.10.58-PM.png\",\"width\":460,\"height\":752,\"caption\":\"pengjianqing\"},\"logo\":{\"@id\":\"https:\/\/pjq.me\/#\/schema\/person\/image\/\"},\"url\":\"https:\/\/pjq.me\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Social-Engineer Toolkit(SET) - Jianqing&#039;s Blog","description":"Using Social-Engineer Toolkit(SET) to phishing and get the username\/password and do the remote control for the target machine","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/pjq.me\/?p=1805","og_locale":"en_US","og_type":"article","og_title":"Social-Engineer Toolkit(SET) - Jianqing&#039;s Blog","og_description":"Using Social-Engineer Toolkit(SET) to phishing and get the username\/password and do the remote control for the target machine","og_url":"https:\/\/pjq.me\/?p=1805","og_site_name":"Jianqing&#039;s Blog","article_published_time":"2022-12-08T02:55:47+00:00","article_modified_time":"2022-12-08T02:56:41+00:00","og_image":[{"url":"https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-1-1024x916.png","type":"","width":"","height":""}],"author":"pengjianqing","twitter_card":"summary_large_image","twitter_misc":{"Written by":"pengjianqing","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/pjq.me\/?p=1805#article","isPartOf":{"@id":"https:\/\/pjq.me\/?p=1805"},"author":{"name":"pengjianqing","@id":"https:\/\/pjq.me\/#\/schema\/person\/0eb1e72d1e69fbbd9b5c0bfd8e2aae60"},"headline":"Social-Engineer Toolkit(SET)","datePublished":"2022-12-08T02:55:47+00:00","dateModified":"2022-12-08T02:56:41+00:00","mainEntityOfPage":{"@id":"https:\/\/pjq.me\/?p=1805"},"wordCount":141,"commentCount":0,"publisher":{"@id":"https:\/\/pjq.me\/#\/schema\/person\/0eb1e72d1e69fbbd9b5c0bfd8e2aae60"},"image":{"@id":"https:\/\/pjq.me\/?p=1805#primaryimage"},"thumbnailUrl":"https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-1-1024x916.png","keywords":["Credential","Kali","Linux","Password","Remote Control","SET","Social-Engineer Toolkit"],"articleSection":["Tech"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/pjq.me\/?p=1805#respond"]}]},{"@type":"WebPage","@id":"https:\/\/pjq.me\/?p=1805","url":"https:\/\/pjq.me\/?p=1805","name":"Social-Engineer Toolkit(SET) - Jianqing&#039;s Blog","isPartOf":{"@id":"https:\/\/pjq.me\/#website"},"primaryImageOfPage":{"@id":"https:\/\/pjq.me\/?p=1805#primaryimage"},"image":{"@id":"https:\/\/pjq.me\/?p=1805#primaryimage"},"thumbnailUrl":"https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-1-1024x916.png","datePublished":"2022-12-08T02:55:47+00:00","dateModified":"2022-12-08T02:56:41+00:00","description":"Using Social-Engineer Toolkit(SET) to phishing and get the username\/password and do the remote control for the target machine","breadcrumb":{"@id":"https:\/\/pjq.me\/?p=1805#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/pjq.me\/?p=1805"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/pjq.me\/?p=1805#primaryimage","url":"https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-1.png","contentUrl":"https:\/\/pjq.me\/wp-content\/uploads\/2022\/12\/image-1.png","width":1708,"height":1528},{"@type":"BreadcrumbList","@id":"https:\/\/pjq.me\/?p=1805#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/pjq.me\/"},{"@type":"ListItem","position":2,"name":"Social-Engineer Toolkit(SET)"}]},{"@type":"WebSite","@id":"https:\/\/pjq.me\/#website","url":"https:\/\/pjq.me\/","name":"Jianqing&#039;s Blog","description":"Thoughts and Future","publisher":{"@id":"https:\/\/pjq.me\/#\/schema\/person\/0eb1e72d1e69fbbd9b5c0bfd8e2aae60"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/pjq.me\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/pjq.me\/#\/schema\/person\/0eb1e72d1e69fbbd9b5c0bfd8e2aae60","name":"pengjianqing","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/pjq.me\/#\/schema\/person\/image\/","url":"https:\/\/pjq.me\/wp-content\/uploads\/2021\/12\/Screen-Shot-2021-12-02-at-6.10.58-PM.png","contentUrl":"https:\/\/pjq.me\/wp-content\/uploads\/2021\/12\/Screen-Shot-2021-12-02-at-6.10.58-PM.png","width":460,"height":752,"caption":"pengjianqing"},"logo":{"@id":"https:\/\/pjq.me\/#\/schema\/person\/image\/"},"url":"https:\/\/pjq.me\/?author=1"}]}},"views":1363,"_links":{"self":[{"href":"https:\/\/pjq.me\/index.php?rest_route=\/wp\/v2\/posts\/1805","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pjq.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pjq.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pjq.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pjq.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1805"}],"version-history":[{"count":1,"href":"https:\/\/pjq.me\/index.php?rest_route=\/wp\/v2\/posts\/1805\/revisions"}],"predecessor-version":[{"id":1808,"href":"https:\/\/pjq.me\/index.php?rest_route=\/wp\/v2\/posts\/1805\/revisions\/1808"}],"wp:attachment":[{"href":"https:\/\/pjq.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1805"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pjq.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1805"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pjq.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}