Error message:

Something went wrong, printing the error: zipimporter() argument 1 must be string, not function

Actions taken: setoolkit > Social-Engineering Attacks > Website Attack Vectors > Credential Harvester Attack Method > Web Template or Site Cloner .... gives this error

OS: Kali Linux 2.0 : kernel: 4.6.0-kali1-amd64

Python3 version: Python 3.5.2+ Python version: Python 2.7.12+

Expected Behaviour Print output

Put here what the expected behaviour should be when reporting an issue

Actual Behaviour Exception happened during processing of request from ('0.0.0.0', 63279)
Traceback (most recent call last):
File "/usr/lib/python3.8/socketserver.py", line 650, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python3.8/socketserver.py", line 360, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python3.8/socketserver.py", line 720, in init
self.handle()
File "/usr/lib/python3.8/http/server.py", line 427, in handle
self.handle_one_request()
File "/usr/lib/python3.8/http/server.py", line 415, in handle_one_request
method()
File "/usr/share/set/src/webattack/harvester/harvester.py", line 334, in do_POST
filewrite.write(cgi.escape("PARAM: " + line + "\n"))
AttributeError: module 'cgi' has no attribute 'escape'
Set Version 8.0.3

Description:	Kali GNU/Linux Rolling
Release:	2020.2
Codename:	kali-rolling

I am having an issue with the CHM. Whenever someone enters their credentials into the cloned website, the page simply refreshes, and redirects them to the actual login page of the website which I cloned. After a user enters their details, they are not taken to the expected next page, and no error is shown, it simply just redirects them to the actual login page.

How can this be fixed? Is this inevitable and is there any way to fix this?

Hey how r u :) trying the pdf

after following everything towards the end:

set:payloads>1 set> IP address for the payload listener (LHOST): 10.0.0.112 set:payloads> Port to connect back on [443]:332 [-] Generating fileformat exploit... [_] Payload creation complete. [_] All payloads get sent to the /root/.set/template.pdf directory

[!] Something went wrong, printing the error: name 'src' is not defined root@no-limit-clan:~#

went saw there is nothing but : fileformate.file payload.options payloadgen set.options

under home/.set

any assistance?

Also tried it on windows 10 and when you open a pdf (before this error happened). it asks u to saved the pdf without opening a session.

let me know what i must change to fix this, thanks

Reading package lists... Done Building dependency tree
Reading state information... Done build-essential is already the newest version. git is already the newest version. python-crypto is already the newest version. python-openssl is already the newest version. python-pefile is already the newest version. python-pexpect is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. [_] Moving SET into the /usr/share/ directory... mv: cannot stat ‘social-engineer-toolkit’: No such file or directory [_] Installing setoolkit installer to /usr/bin/setoolkit...

cp: cannot stat ‘/usr/share/setoolkit/seupdate’: No such file or directory [_] Note you will manually need to install Core Security 'Impacket' [_] Download link: http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Impacket [_] Once downloaded, tar -zxvf impacket_, go to the directory and run python setup.py install. [*] We are now finished! To run SET, type setoolkit...

I followed the corelabs download link and installed it, however the problem remains. Is there an issue with Kali?

I added the bleeding-edge repos and they are in the config file however SEC does not update when running apt-get update && apt-get upgrade

When I run SEC it says no bleedin-edge repos which is bit bizarre..

I am currently running 6.5.8.

Hi,

I have just reinstalled the latest Kali Linux and while trying to launch setoolkit I get this first:

[*] Kali bleeding edge was not detected to be on...
[*] Kali install detected. Note that if you are not using bleeding edge repositories, your version of SET will be roughly 4 months behind.
[*] It is recommended to switch to bleeding-edge repos to ensure you are running the latest version of SET and other tools.
Press [enter] to accept that SET is several months out of date and probably contains bugs and issues.

I have added the repo by:

echo deb http://http.kali.org/kali kali-bleeding-edge contrib non-free main >> /etc/apt/sources.list
apt-get update
apt-get upgrade

But I still got the error message when starting setoolkit. Anyway I hit enter and try to run 3) Credential Harvester Attack Method. After I fish the wizard in my /var/www/ I got only the post.php file, no harvest.txt no index.html

As a last hope I have tried to remove and eventually reinstal, but here I get another error:

root@kali:~# apt-get remove setoolkit
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package setoolkit

What could be possibly wrong? Kali version is (x64):

root@kali:~# uname -a
Linux kali 4.3.0-kali1-amd64 #1 SMP Debian 4.3.5-1kali1 (2016-02-11) x86_64 GNU/Linux

When I try to use the SMS Spoofing vector, it errors out. I've confirmed that the username/password that I'm entering is correct, I have credits on the account and internet access works on the VM I'm running this in.

Wonder if it's because of the plus sign in the email?

Example (redacted) output:

[*] Okay! Moving on - SET needs some information from you in order to spoof the message.
set:sms> Enter your email address for the spoofmytextmessage.com account:jared+spoofsms@[DOMAIN]
set:sms> Enter your password for the spoofmytextmessage.com account:[REDACTED]
[*] The next section requires a country code, this is the code you would use to dial to the specific country, for example if I was sending a message to 555-555-5555 to the United States (or from) you would enter +1 below.
set:sms> Enter the country code for the number you are sending TO (for example U.S would be '+1')[+1]:
set:sms> Enter the country code for the number you are sending FROM (for example U.S. would be '+1')[+1]:
set:sms> Enter the number to send the SMS TO - be sure to include country code (example: +15551234567):+1##########
set:sms> Enter the number you want to come FROM - be sure to include country code (example: +15551234567):+1##########
set:sms> Enter the message you want to send via the text message:test
[*] Grabbing initial ID from spoofmytextmessage.com...
[!] Unable to authenticate and pull down from the site. Check your settings and try again.
Press {return} to return to the previous menu.

set:payloads> Port to connect back on [443]:443 [-] Generating fileformat exploit... [_] Payload creation complete. [_] All payloads get sent to the /root/.set/template.pdf directory [-] As an added bonus, use the file-format creator in SET to create your attachment. No previous payload created. set:phishing> Enter the file to use as an attachment:'/root/.set/payload.options' [!] ERROR:FILE NOT FOUND. Try Again.

i didn't find template.pdf also

[-] Generating fileformat exploit... [_] Payload creation complete. [_] All payloads get sent to the /root/.set/template.pdf directory

[!] Something went wrong, printing the error: name 'src' is not defined

i am using set toolkit version 6.5

Hey,

Dave and I discussed briefly on twitter, but running java applet attack, i have gotten this issue on 2 different kali VMs both running 6.3 #HugsforLife

So SET options used were, 2, 1, 2, then internal no NAT, cloned google.com. I do have a signed cert that I copied to overwrite the built in applet in SET.

For payload I chose, 1, then 8443 for the reverse connection and 1 for reverse tcp.

So all is ready. Files in /var/www/ are: index.html index.html.bak qOtpFwyv.jar

Load the page in Win7 VM, see legit applet popup, hit run, then nothing. no reverse shell, no traffic at all on kali VM over port 8443(was running tcpdump)

Ran wireshark on windows system and noticed 404 error when accessing the payload. in this case: /gTdruKMP7

Here is what my apache logs look like:

192.168.0.173 - - [02/Jun/2015:14:51:29 -0400] "GET / HTTP/1.1" 200 40612 "-" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" 192.168.0.173 - - [02/Jun/2015:14:51:29 -0400] "GET /xjs/_/js/k=xjs.hp.en_US.rK_Zjounm-w.O/m=sb_he,jsa,d,csi/rt=j/d=1/t=zcms/rs=ACT90oGvjGvhFoVVg2T75EKd_DoS_Rfa1Q HTTP/1.1" 404 581 "http://192.168.0.170/" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" 192.168.0.173 - - [02/Jun/2015:14:51:30 -0400] "GET /images/nav_logo199.png HTTP/1.1" 404 513 "http://192.168.0.170/" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" 192.168.0.173 - - [02/Jun/2015:14:51:31 -0400] "GET /favicon.ico HTTP/1.1" 404 503 "-" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" 192.168.0.173 - - [02/Jun/2015:14:51:33 -0400] "GET /qOtpFwyv.jar HTTP/1.1" 304 188 "-" "Mozilla/4.0 (Windows 7 6.1) Java/1.8.0_45" 192.168.0.173 - - [02/Jun/2015:14:51:34 -0400] "GET /gTdruKMP7 HTTP/1.1" 404 526 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2" 192.168.0.173 - - [02/Jun/2015:14:52:21 -0400] "GET /gTdruKMP7 HTTP/1.1" 404 504 "-" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"

set:webattack> Select a template:4

[_] Cloning the website: http://www.twitter.com [_] This could take a little bit... Python OpenSSL wasn't detected or has an installation issue, note that SSL compatibility is now turned off

The best way to use this attack is if username and password form fields are available. Regardless, this captures all POSTs on a website. [_] Apache is set to ON - everything will be placed in your web root directory of apache. [_] Files will be written out to the root directory of apache. [*] ALL files are within your Apache directory since you specified it to ON. [!] Apache may be not running, do you want SET to start the process? [y/n]:

Hello, I'm writing here because I'm having a problem in generating payload with setoolkit. setoolkit's version is 7.1 on both my KaliLinux and Mac OS X ElCapitan machines and, on both machines, I got the same trouble: the message "Waiting for payload generation to complete" ( that appears after you chose the payload and set the options) doesn't stop to appear and the payload is not generated. The metasploit's path in set.config file is correct (I don't see any warning message at the start).

What can I do? Any suggestion?

p.s.: sorry my English, it's not the best!

Downloading qrcode-7.3.1.tar.gz (43 kB) ━━━━━━━━━━━━━━━━━━━━ 0.0/43.5 kB ? eta -:--:-- My Linux freezes every time I have got to this stage, where am I going wrong?

XML report file showing website domain instead of credentials

This is the first time am using SET but Setoolkit is expected to return with harvested credentials in an xml file instead get this

In the xml report file instead of the password and username I entered. I don't know how this works but am testing on localhost and it's running on port 80. Any idea of what is going on will be appropriated. Thanks. # # # # #

I am using Mass Mailer Attack and after my smtp sends to 4 users i get this error i have all softs of updates and i dont know what could be the problem . i would appreciate it if anyone here would help