The provided Setool2 binary is a version that runs without the usual license check. It works exactly like the official SET, so the normal workflow applies. 2. Initial Recon $ nmap -sV -p- 10.10.10.10 PORT STATE SERVICE VERSION 8080/tcp open http Apache httpd 2.4.41 ((Unix)) Visiting http://10.10.10.10:8080/ in a browser reveals a simple login page:
In practice, we may need to try a few guesses. Because the challenge only had a credential, a quick brute‑force (or simple wordlist) works. Setool2 can be instructed to repeat the attack automatically, but for this box a single manual attempt suffices. 8. Retrieving the Flag After the successful login the real server responded with the flag page. Visiting the original URL again (or watching the console output from Setool2) shows: Use Setool2 Cracked
Now we simply (they don’t need to be correct) and click Login . The clone forwards the POST request to the original server and logs the data locally. 7. Capturing the Credentials Setool2 stores harvested credentials in a file under its working directory, usually: The provided Setool2 binary is a version that
Welcome, admin!
Challenge type: Web / Social‑Engineering Toolkit (SET) – 30 pts Difficulty: Easy‑Medium Category: Recon / Exploitation (CTF‑style) The challenge description (as shown in the CTF UI) simply said: “Use Setool2 Cracked”. A small virtual machine image was supplied that already contained a copy of Setool2 (the “cracked” version) and a single vulnerable web service listening on http://10.10.10.10:8080/ . Below is a step‑by‑step explanation of how the flag was obtained. 1. Understanding the Goal The objective of most “SET” challenges is to obtain the secret token/flag that the target web application will reveal after a successful social‑engineering attack (often a phishing page that captures a credential or a malicious payload that executes on the victim). Initial Recon $ nmap -sV -p- 10