{"id":534,"date":"2015-08-18T15:29:00","date_gmt":"2015-08-18T12:29:00","guid":{"rendered":"https:\/\/furkansandal.com\/social-engineer-toolkit-set-ile-hedef-bilgisayara-shell-acma\/"},"modified":"2015-08-18T15:29:00","modified_gmt":"2015-08-18T12:29:00","slug":"social-engineer-toolkit-set-ile-hedef-bilgisayara-shell-acma","status":"publish","type":"post","link":"https:\/\/furkansandal.com\/social-engineer-toolkit-set-ile-hedef-bilgisayara-shell-acma\/","title":{"rendered":"Social Engineer Toolkit (SET) ile Hedef Bilgisayara Shell A\u00e7ma"},"content":{"rendered":"
\nBu makalemizde Python ile yaz\u0131lm\u0131\u015f SET (Social-Engineer Toolkit) arac\u0131 kullan\u0131larak\u00a0Metasploit Browser Exploit Method \u0130le Kurban Bilgisayar\u0131nda Shell A\u00e7ma y\u00f6ntemi anlat\u0131lacakt\u0131r.
\nSet arac\u0131 ile Kali linux ve Backtrack i\u00e7inde haz\u0131r bir \u015fekilde gelmektedir.

\nKurulu de\u011filse Github \u00fczerinden a\u015fa\u011f\u0131daki gibi bilgisayaran\u0131za indirebilirsiniz.
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0
\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 sudo apt-get install git
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 git clone https:\/\/github.com\/trustedsec\/social-engineer-toolkit\/
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 chmod\u00a0 +x setoolkit
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 .\/setoolkit<\/p>\n

\u015eeklinde kurulum yap\u0131l\u0131p \u00e7al\u0131\u015ft\u0131r\u0131labilir.<\/p>\n

SET arac\u0131n\u0131n kurulu oldu\u011fu bilgisayarda komut sat\u0131r\u0131nda\u00a0setoolkit <\/strong>komutu yaz\u0131ld\u0131\u011f\u0131nda a\u015fa\u011f\u0131daki gibi bir men\u00fc kar\u015f\u0131m\u0131za \u00e7\u0131kmaktad\u0131r.<\/p>\n

<\/p>\n

Kar\u015f\u0131m\u0131za \u00e7\u0131kan \u015fe\u00e7im ekran\u0131ndan 1) Social-Engineering Attacks<\/strong>\u00a0<\/strong>men\u00fcs\u00fcn\u00fc se\u00e7elim.<\/p>\n

\u0130\u015flemleri web \u00fcst\u00fcnden yapaca\u011f\u0131m\u0131z i\u00e7in a\u015fa\u011f\u0131daki men\u00fcden\u00a02) Website Attack Vectors<\/strong> se\u00e7ene\u011fi se\u00e7elim.<\/p>\n

<\/p>\n

2) Metasploit Browser Exploit Method<\/strong> se\u00e7ene\u011fi se\u00e7ilerek browserdan \u00fcretilecek linke girecek kurban\u0131n bilgisayar\u0131nda shell a\u00e7\u0131labilir.<\/p>\n

<\/p>\n

Bundan sonraki ad\u0131mda SET’in i\u00e7inde olan bir template mi kullanmak istiyoruz yoksa\u00a0 verece\u011fimiz bir url’den mi sayfa olu\u015fturmak istiyoruz se\u00e7ene\u011fi geliyor.<\/p>\n

Bu ad\u0131mda\u00a0\u00a0 1) Web Templates<\/strong> se\u00e7ene\u011fini se\u00e7elim.<\/p>\n

Sonras\u0131nda\u00a0 Port Forwarding<\/strong> yap\u0131p yapmad\u0131\u011f\u0131m\u0131z soruyor, no<\/strong> diyerek ge\u00e7iyoruz.
Reverse ba\u011flant\u0131 i\u00e7in IP adresimizi soruyor buraya bilgisayar\u0131m\u0131z\u0131n yada dinlemeyi yapt\u0131\u011f\u0131m\u0131z IP adresini girmemiz gerekiyor.
IP adresini girdikten sonra hangi template’i kullanaca\u011f\u0131m\u0131z\u0131 belirtiyoruz.<\/p>\n

Bu makalemizdeki \u00f6rnek i\u00e7in\u00a03.<\/strong> se\u00e7ene\u011fini se\u00e7elim.<\/p>\n

<\/p>\n

Bir sonraki \u00a0ad\u0131mda kar\u015f\u0131m\u0131za Browser exploitation i\u00e7in hangi payload\u0131 kullanmak istedi\u011fimizi sorulmakta. Spesifik bir payload yerine,\u00a043) Metasploit Browser Autopwn (USE AT OWN RISK!)<\/strong>\u00a0 se\u00e7ene\u011fi se\u00e7ilebilir ve otomatik olarak payloadlar ile deneme yap\u0131lablir.<\/p>\n

Bir sonraki ad\u0131mda ba\u011flant\u0131 i\u00e7in nas\u0131l bir y\u00f6ntem kullanaca\u011f\u0131m\u0131z soruluyor. Bu ad\u0131mda Metasploit’in meterpreter ajan\u0131yla bir reverse ba\u011flant\u0131 se\u00e7ene\u011fi olan\u00a02) Windows Reverse_TCP Meterpreter <\/strong>se\u00e7ilir.<\/p>\n

Payload se\u00e7ildikten sonra reverse ba\u011flant\u0131 i\u00e7in hangi portu kullanaca\u011f\u0131m\u0131z soruluyor, \u00e7ok kullan\u0131lan ve engellenmeyen bir port olan 443<\/strong> default olarak geliyor fakat istedi\u011fimiz bir port numaras\u0131n\u0131 girebiliriz. Bu \u00f6rnekte 443<\/strong> olarak ayarlama yap\u0131ld\u0131.<\/p>\n

<\/p>\n

Bundan sonra SET ve Metasploit konfig\u00fcrasyonlar\u0131 otomatik olarak yap\u0131l\u0131r. Yap\u0131lan i\u015flemlerden bir ekran g\u00f6r\u00fcnt\u00fcs\u00fc a\u015fa\u011f\u0131dad\u0131r.<\/p>\n

<\/p>\n

Exploitler i\u00e7in ayarlamalar yap\u0131ld\u0131ktan sonra dinlemenin olaca\u011f\u0131 url olu\u015fturulur.<\/p>\n

<\/p>\n

Dinlemeyi yapaca\u011f\u0131m\u0131z url olu\u015ftuktan sonra tek yapaca\u011f\u0131m\u0131z kurban\u0131 bu linke y\u00f6nlendirmek olacakt\u0131r.\u00a0Sonras\u0131nda metasploit meterpreter shell a\u00e7\u0131ncaya kadar otomatik olarak exploitleri deneyecektir.<\/p>\n

Belirlenen url’e bir browserdan girmeye \u00e7al\u0131\u015ft\u0131\u011f\u0131m\u0131z zaman arka planda metasploit browser_autopwn <\/strong>mod\u00fcl\u00fcyle denemeleri yapt\u0131ktan sonra i\u015fini bitirip session’u<\/strong> olu\u015fturacakt\u0131r.
Enter’a bast\u0131ktan sonra metasploit ekran\u0131 kar\u015f\u0131m\u0131za \u00e7\u0131kacakt\u0131r. Burada aktif sessionlar\u0131 g\u00f6rmek i\u00e7in
session -l<\/strong> komutunu kullanabiliriz.<\/p>\n

<\/p>\n

Aktif olan session’u kullanmak i\u00e7in session -i “<\/strong>ID” diyerek aktif session’a ge\u00e7i\u015f yapabiliriz. \u00d6rne\u011fimizde Id de\u011feri 2 oldu\u011fu i\u00e7in girece\u011fimiz komut session -i 2<\/strong> olacakt\u0131r.<\/p>\n

<\/p>\n

Aktif meterpreter session’umuzla yapabileceklerimize bakmak i\u00e7in help<\/strong> yaz\u0131labilir.
\u00d6rnek olarak sysinfo<\/strong> ve ifconfig<\/strong> komutlar\u0131 \u00e7al\u0131\u015ft\u0131r\u0131lm\u0131\u015ft\u0131r.<\/p>\n

Bu komutlardan sysinfo<\/strong> meterpreter ajan\u0131yla ba\u011flanm\u0131\u015f oldu\u011fumuz bilgisayar hakk\u0131nda genel bilgiler vermektedir. \u00d6r: Bilgisayar ad\u0131, mimarisi, i\u015fletim sistemi vs.ifconfig<\/strong> komutu ise aktif sessiondaki network interface’leri listeler buradan IP adresleri g\u00f6r\u00fclebilir.<\/p>\n

<\/p>\n

Bu makale 2015 stajerlerimizden YT\u00dc \u00f6\u011frencisi “Yunus Y\u0131ld\u0131r\u0131m<\/strong>” taraf\u0131ndan geli\u015ftirilmi\u015ftir.<\/p>\n<\/div>\n

Furkan SANDAL <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Bu makalemizde Python ile yaz\u0131lm\u0131\u015f SET (Social-Engineer Toolkit) arac\u0131 kullan\u0131larak\u00a0Metasploit Browser Exploit Method \u0130le Kurban Bilgisayar\u0131nda Shell A\u00e7ma y\u00f6ntemi anlat\u0131lacakt\u0131r….<\/p>\n","protected":false},"author":1,"featured_media":494,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","footnotes":""},"categories":[6,1,9,10,3,7,11,4],"tags":[78,76,92,88,89,26,91,83,93,81,90,79,82,77,80,84,85,87,86],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/08\/fiziksel_guvenlik.jpg?fit=227%2C226&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6BM7I-8C","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/534"}],"collection":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/comments?post=534"}],"version-history":[{"count":0,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/534\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media\/494"}],"wp:attachment":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media?parent=534"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/categories?post=534"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/tags?post=534"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}