Using the Social Engineering Toolkit (SET) to Create a Backdoor Executable


Metasploit has the ability to create an executable payload. This can be extremely useful if you can get a target machine to run the executable. Attackers often use social engineering, phishing, and other attacks to get a victim to run a payload. If attackers can get their a victim to run a payload, there is no reason for an attacker to find and exploit vulnerable software.


Social Engineer Toolkit (SET)

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering . SET has been given at large-scale conferences together with Blackhat, DerbyCon, Defcon, and ShmooCon. With over 2 million downloads, SET is that the standard for social-engineering penetration tests and supported heavily within the protection community.

It is an application used by pen testers, hackers etc… it can be found in Kali Linux, parrot-sec, backbox and different pentesting OS otherwise you can install by downloading from github or simply type in terminal apt search set toolkit or search in synaptic for synaptic type in terminal synaptic otherwise you have not installed then type apt-get install synaptic then open synaptic look for set toolkit then right click on set and mark for installation then click on apply it will automatically install set for you.


What are Social Engineering Attacks ?

Social Engineering attacks are the various cons used by the hackers to trick people into providing sensitive data to the attackers. There are various type of social engineering attacks, some of the popular attacks are :-


What you will need:

  • Kali Linux
  • A little background on Networking and its terms (Private vs Public IPs esp.) would be good.
  • You should be online.

In the last decade, there were major hacks and leaks in social media platforms like Twitter, Facebook , LinkedIn and several others. currently the social media platforms take security very seriously and it has become very tough to hack directly into social media platforms, currently the hackers have moved the focus towards Social Engineering Attacks.


Lets start with the SetoolKit to create a backdoor executable

Step 1 : Open Terminal and Type setoolkit


Using the Social Engineering Toolkit (SET) to create a backdoor executable


Step 2 :Once SET is loaded it will show few options as shown in the image below. Select "Social-Engineering Attacks" by entering "1" and hit enter.


Using the Social Engineering Toolkit (SET) to create a backdoor executable


Step 3 :Now it will show you another set of options, select "Create a Payload and Listener" by entering "4" and hit enter.


Using the Social Engineering Toolkit (SET) to create a backdoor executable



Step 4 :Type 1 for Windows shell Reverse_Tcp Payload


Using the Social Engineering Toolkit (SET) to create a backdoor executable


Step 5 :The payload.exe has been exported to the SET Directory Under Root Folder.


Using the Social Engineering Toolkit (SET) to create a backdoor executable


Step 6 :Open The Directory And Check The Created Payload.


Using the Social Engineering Toolkit (SET) to create a backdoor executable


Step 7 :HFS(HTTP file Sever) is default installed in Latest kali linux,if not installed,visit our article


Using the Social Engineering Toolkit (SET) to create a backdoor executable


Step 8 :Open the Kali Linux ip on victim PC (Window PC/target PC) in browser ..


Using the Social Engineering Toolkit (SET) to create a backdoor executable


Step 9 :Download the file and run it


Using the Social Engineering Toolkit (SET) to create a backdoor executable


Step 10 :When you run the file on victim PC ,they will be Hacked by you on Kali Linux(Sessions will come on terminal)


A meterpreter session open!


Using the Social Engineering Toolkit (SET) to create a backdoor executable


For References :-




Thank you for reading this article. Do let me know for any queries in comment section below.



Sharing is caring

google
linkedin

About Author

Akash is a co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email (akashchugh1994@gmail.com).


You may also like :-




Leave a Comment

Your email address will not be published. Required fields are marked *




Reader Comments [6]

tutorials

Hi, its good piece of writing concerning media print, we all understand media is a wonderful source of
information.

19-Jun-2019

Reply

how to

Its like you read my mind! You seem to know a lot about this, like you
wrote the book in it or something. I think that you
could do with a few pics to drive the message home a little bit, but
other than that, this is magnificent blog. A great read.

I will definitely be back.

28-Jun-2019

Reply

how to remove synthetic key in qlikview

I do not even know how I finished up right here, but I assumed this submit used to be great.
I don't recognize who you might be however definitely you are
going to a famous blogger if you happen to aren't already.

Cheers!

01-Jul-2019

Reply

Bud

Hey there! Do you use Twitter? I'd like to follow you if that
would be okay. I'm definitely enjoying your blog and look forward to new posts.

16-Jul-2019

Reply

acrylnagels

Great article.

26-Jul-2019

Reply

Hemorrhoids Management

Hi there! Do you know if they make any plugins to help with
Search Engine Optimization? I'm trying to get my blog to rank for some
targeted keywords but I'm not seeing very good gains.
If you know of any please share. Kudos!

04-Aug-2019

Reply

Stay Connected

Popular Posts

Get Latest Stuff Through Email


Who Should Read TechTrick?

All the tricks and tips that TechTrick provides only for educational purpose. If you choose to use the information in TechTrick to break into computer systems maliciously and without authorization, you are on your own. Neither I (TechTrick Admin) nor anyone else associated with TechTrick shall be liable. We are not responsibe for any issues that caused due to informations provided here. So, Try yourself and see the results. You are not losing anything by trying... We are humans, Mistakes are quite natural. Here on TechTrick also have many mistakes..