Author Topic: ininjas repo + SET (Read 1727 times)

Sneakerz404 · « **on:** February 17, 2012, 03:05:02 pm »

I'm quite new to ininjas repo. I see a lot of Pre-bundled tools including metasploit framework4 and SET..
My main reason for this post is to get SET up and running on an iOS 5.0.1 IPhone 4S.

I have run into multiple issues, with regards to using web cloning and the python modules.

Is there a step by step manual on setting this up including the SET config?
I have SET and Framework under /private/var/root/pentest/exploits/set/

I also see that when installing set from the repo it also installs lighttpd..
Are there any other repo packages I need? Such as mssql for metasploit? Etc..
I'm quite new to iOS penetrating and am more familiar with BT. But any help or advice would be great..

Main issues I'm having with set are binding to 0.0.0.0:80 as it says that something else is running on there. ( I'm assuming it's lighttpd

Ironman · « **Reply #1 on:** February 17, 2012, 07:09:17 pm »

In the manuals section we have PDF's of most all the tools on the repo. The SET manual is also there. You can download the PDF to your device and open it in iBooks.

StealthHacker · « **Reply #2 on:** February 18, 2012, 05:59:35 pm »

^^ What he said xD

Sneakerz404 · « **Reply #3 on:** February 19, 2012, 07:45:13 am »

Thanks for the manuals..
They are great, I have read through a couple of them, but I am still having a few issues with SET.
when I try to install the python modules manually.
For example when I run "./setup.py install" I get a message saying that I should install the python modules manually.
When I do "apt-get install python-pexpect" I get "package not found" so I am at a loss with getting the pythin modules and dependencies for SET working.

Also, it seems that my version of SVN cannot update anything as it requires a newer client, get if I do "apt-get install subversion" it indicates that te latest version of subversion is already installed.

The manuals and tutorials are all good and well and I know what they mean, I am familiar with getting these things set up on a normal Linux distro or Back Track, yet I am at loss with iOS 5.0.1 Darwin.

Any help would be appreciated.

Trcx528 · « **Reply #4 on:** February 19, 2012, 11:26:16 am »

1) easy_install pexpect
2) You have the latest port of subversion to iphone, but it is incredibly outdated. I do my best to keep set and metasploit up to date on the rep, I just updated them last week so you should have the latest version of SET.

Sneakerz404 · « **Reply #5 on:** February 20, 2012, 03:27:34 am »

Thank you so much!
I appreciate the help.
Can I use easy_install to install all the dependencies from stash?

The main feat I would like to get working in SET is the web vector credential harvester.
Has anyone actually got this to work on the iOS?

When I try to run the vector attack on this option, I get up to the point where it asks me for my interface IP, I then use my interface "en0"'s IP, however when I start cloning a site, it will pause for 1-2 seconds and then just jump straight back to the SET menu? I am unable to see the error as teh screen gets overwriten by the SET menu options.

I appreciate the help.

Sneakerz404 · « **Reply #6 on:** February 20, 2012, 08:02:31 am »

By the way.... The web vector for Java applet injection attack via metasploit does work perfectly in combination with poisoning DNS, excellent stuff.
However, I am struggling with the credential harvester attack method.... Not sure why SET bombs me back into the main screen...
Any ideas?

Sneakerz404 · « **Reply #7 on:** February 21, 2012, 10:39:17 am »

Hi there, I've checked the SET log file and it seems that the credential harvester attack fails to initiate because of the following error:

ERROR: 2012-02-21 16:36:30.903750: No module named OpenSSL

Does anyone know how I can fix this? I have OpenSSL installed from cydia..

Trcx528 · « **Reply #8 on:** February 21, 2012, 12:33:34 pm »

Code: [Select]

easy_install openssl

Or it might be:

Code: [Select]

easy_install pyopenssl

The set installation scripts should have taken care of that dependency, but the scripts don't always work.

Sneakerz404 · « **Reply #9 on:** February 22, 2012, 05:40:51 am »

Thanks trcx528, but I have tried both easy_installs and I get the following errors:

easy_install openssl = "No local packages or download links found for openssl"

easy_install pyopenssl = "Warning: no previously-included files matching '*.pyc' found anywhere in distribution unable to execute arm-apple-darwin9-gcc: No such file or directory. Error: Setup script exited with error: command 'arm-apple-darwin9-gcc' failed with exit status 1

I have libgcc installed however from repo....
But is it worth installing "fake-libgcc" or iphone-gcc Headers?

Trcx528 · « **Reply #10 on:** February 22, 2012, 09:49:04 am »

get "compile c apps iOS4" from the insanelyi repo, and try again.

Sneakerz404 · « **Reply #11 on:** February 22, 2012, 10:58:50 am »

THANK YOU!!
That worked a treat! The attack is also now successfull. Thank you!!

iNinjas

Author Topic: ininjas repo + SET (Read 1727 times)

Sneakerz404

ininjas repo + SET

Ironman

Re: ininjas repo + SET

StealthHacker

Re: ininjas repo + SET

Sneakerz404

Re: ininjas repo + SET

Trcx528

Re: ininjas repo + SET

Sneakerz404

Re: ininjas repo + SET

Sneakerz404

Re: ininjas repo + SET

Sneakerz404

Re: ininjas repo + SET

Trcx528

Re: ininjas repo + SET

Sneakerz404

Re: ininjas repo + SET

Trcx528

Re: ininjas repo + SET

Sneakerz404

Re: ininjas repo + SET