The SET web attack vector is a unique way of utilizing multiple web-based attacks in order to compromise the intended victim. It is by far the most popular attack vector of SET, with the following attack vectors:
Website attack vectors
How to do it...
We have already seen how to use HTA in a previous recipe, but SET takes it to a new level.
- After selecting the HTA Attack Method in SET, we can clone a site through which we will deliver our payload, creating a more credible pretext for why the user should open the HTA application:
- Like the mass email attack, SET will launch Metasploit using a resource script and start the Generic Payload Handler for us:
- Now, when the victim browses to our malicious site they will be prompted...