PaulDotCom mailing list archives

Re: Wake up call for friends and family using SET

From: Craig Freyman <craigfreyman () gmail com>
Date: Tue, 30 Nov 2010 19:43:25 -0700

Meterpreter runs in RAM and doesn't touch the disk. As long as you don't
install metsvc or manually install a backdoor, then meterpreter will be gone
when they reboot.

While you're meterpretering around in their computers, make sure you use
some of the cool new meterpreter scripts like the webcam one or the
soundrecorder one from dark0perator. Those always seem to have the biggest
impact on fam/friends. They don't really care if you can dump their password
hashes, but if you can record their voices from their own computer or use
the webcam on their laptop, they'll listen to you!

On Tue, Nov 30, 2010 at 6:27 PM, Brian Schultz <theconqueror () gmail com>wrote:

I'm tired of explaining to my family the reasons for not opening e-mails or
attachments from unknown sources and then having them forward me some
sketchy e-mail saying "this is so funny, check it out". I'm sure there are
plenty of you out there in the corporate world that can relate with your
users.

I figure it's time for me to arrange a wake up call and perform my own
pentest against friends and family. I figure it would be easy enough to use
SET to create a "malicious" website that will change their wallpaper and
blast an e-mail out to everyone. My only concerns are...how do I go about
getting Meterpreter off of their machine? The last thing I want to do is
screw up everyone's computer.

Sorry if this comes across as a dumb question, I haven't played around with
SET or metasploit before. I'll probably figure this out as soon as I click
send but it would be nice to hear from someone else or at least a point in
the right direction. Thanks

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Wake up call for friends and family using SET Brian Schultz (Nov 30)
- Re: Wake up call for friends and family using SET amdinside (Nov 30)
- Re: Wake up call for friends and family using SET Craig Freyman (Nov 30)
- Re: Wake up call for friends and family using SET Kenneth Voort (Dec 01)
  - Re: Wake up call for friends and family using SET Craig Freyman (Dec 01)
  - Re: Wake up call for friends and family using SET Ryan Sears (Dec 01)
- Re: Wake up call for friends and family using SET Ron Gula (Dec 01)
  - Re: Wake up call for friends and family using SET Brian Schultz (Dec 01)
- Re: Wake up call for friends and family using SET Daniel Holiday (Dec 01)
  - Re: Wake up call for friends and family using SET Daniel Holiday (Dec 02)
    - Re: Wake up call for friends and family using SET Zate Berg (Dec 02)
    - Re: Wake up call for friends and family using SET Daniel Holiday (Dec 03)
    - Re: Wake up call for friends and family using SET Zate Berg (Dec 03)

(Thread continues...)