Using the Social Engineering Toolkit (SET) to Create a Backdoor Executable

Metasploit has the ability to create an executable payload. This can be extremely useful if you can get a target machine to run the executable. Attackers often use social engineering, phishing, and other attacks to get a victim to run a payload. If attackers can get their a victim to run a payload, there is no reason for an attacker to find and exploit vulnerable software.

Social Engineer Toolkit (SET)

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering . SET has been given at large-scale conferences together with Blackhat, DerbyCon, Defcon, and ShmooCon. With over 2 million downloads, SET is that the standard for social-engineering penetration tests and supported heavily within the protection community.

It is an application used by pen testers, hackers etc… it can be found in Kali Linux, parrot-sec, backbox and different pentesting OS otherwise you can install by downloading from github or simply type in terminal apt search set toolkit or search in synaptic for synaptic type in terminal synaptic otherwise you have not installed then type apt-get install synaptic then open synaptic look for set toolkit then right click on set and mark for installation then click on apply it will automatically install set for you.

What are Social Engineering Attacks ?

Social Engineering attacks are the various cons used by the hackers to trick people into providing sensitive data to the attackers. There are various type of social engineering attacks, some of the popular attacks are :-

• Phishing
• IVR or phone phishing
• Baiting
• Spear phishing

What you will need:

• Kali Linux
• A little background on Networking and its terms (Private vs Public IPs esp.) would be good.
• You should be online.

In the last decade, there were major hacks and leaks in social media platforms like Twitter, Facebook , LinkedIn and several others. currently the social media platforms take security very seriously and it has become very tough to hack directly into social media platforms, currently the hackers have moved the focus towards Social Engineering Attacks.

Lets start with the SetoolKit to create a backdoor executable

Step 1 : Open Terminal and Type setoolkit

Step 2 :Once SET is loaded it will show few options as shown in the image below. Select "Social-Engineering Attacks" by entering "1" and hit enter.

Step 3 :Now it will show you another set of options, select "Create a Payload and Listener" by entering "4" and hit enter.

Step 4 :Type 1 for Windows shell Reverse_Tcp Payload

Step 5 :The payload.exe has been exported to the SET Directory Under Root Folder.

Step 6 :Open The Directory And Check The Created Payload.

Step 7 :HFS(HTTP file Sever) is default installed in Latest kali linux,if not installed,visit our article

Step 8 :Open the Kali Linux ip on victim PC (Window PC/target PC) in browser ..

Step 9 :Download the file and run it

Step 10 :When you run the file on victim PC ,they will be Hacked by you on Kali Linux(Sessions will come on terminal)

A meterpreter session open!

Thank you for reading this article. Do let me know for any queries in comment section below.