-
Notifications
You must be signed in to change notification settings - Fork 479
SET usage
Below is largely from the SET menus and trial and error - Official site: www.secmaniac.com
SET payload list:
Select the file format exploit you want. The default is the PDF embedded EXE.
Payloads using exploits (unreliable)
- SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
Windows/office: 2. SET Custom Written Document UNC LM SMB Capture Attack 3. Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow 4. Microsoft Word RTF pFragments Stack Buffer Overflow (MS10-087)
Adobe reader/flash: 5. Adobe Flash Player "Button" Remote Code Execution 6. Adobe CoolType SING Table "uniqueName" Overflow 7. Adobe Flash Player "newfunction" Invalid Pointer Use 8. Adobe Collab.collectEmailInfo Buffer Overflow 9. Adobe Collab.getIcon Buffer Overflow 10. Adobe JBIG2Decode Memory Corruption Exploit 12. Adobe util.printf() Buffer Overflow 14. Adobe U3D CLODProgressiveMeshDeclaration Array Overrun 19. Adobe Reader u3D Memory Corruption Vulnerability
Other software: 16. Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow 17. Apple QuickTime PICT PnSize Buffer Overflow 18. Nuance PDF Reader v6.0 Launch Stack Buffer Overflow
Payloads without exploits (more reliable): 11. Adobe PDF Embedded EXE Social Engineering 13. Custom EXE to VBA (sent via RAR) (RAR required) 15. Adobe PDF Embedded EXE Social Engineering (NOJS)
This wiki and the OWTF README document contains a lot of information, please take your time and read these instructions carefully.
We provide a CHANGELOG that provides details about almost every OWTF release.
Be sure to read the CONTRIBUTING guidelines before reporting a new OWTF issue or opening a pull request.
If you have any questions about the OWTF usage or want to share some information with the community, please go to one of the following places:
- IRC channel
#owtf(irc.freenode.net)
Google Summer of Code 2018 Guide
Installation
Getting Started
- Define where your tools are
- Run OWASP OWTF
- HTTP Auth Configurations
- Simulation mode
- AUX plugins usage
- FAQ
SET usage
Cookbooks (GSoC 2014 Projects UPDATE)
-
Zest Integration:
- Quick Guide to get started with Zest,ZAP and Replay
- Zest and ZAP API Installation
- Zest and ZAP integration Introduction
- Zest Runner module
- Forward HTTP request to ZAP
- Zest script creation from single HTTP transaction
- Zest script creation from multiple HTTP transactions
- Zest Script Creator module
- HTTP Request Editing Window (Replay Function)
- Zest Script Recording Functionality
- Zest scripting console
Development
-
Plugins:
-
Tests:
Contact