by way of setoolkit
IMPORTANT:
You MUST have setoolkit installed for this method to work.
Official Repo: github.com/trustedsec/social-engineer-toolkit
Installation Methods:
Method 1: Via APT (Recommended)
sudo apt update && sudo apt install setoolkit
Method 2: Via Git (Latest Version)
git clone
https://github.com/trustedsec/social-engineer-toolkit/
setoolkit/
This opens the Social Engineering Toolkit main menu.
This creates a malicious file that spreads when run from USB drives.
This embeds the payload into a legitimate-looking file format.
This is where the connection will be sent back to.
Why not use a local IP?
Because a remote computer wouldn't be able to see your local device! The VPS acts as a bridge between the victim and you.
Pick one of these exploit methods:
Adobe PDF - Embedded EXE Social Engineering
Microsoft Word RTF - PF_Feat_ind Exploit
Microsoft Word RTF - Object Confusion
This creates an encrypted connection that's harder to detect.
This tells the payload where to connect back to.
Port 443 is used for HTTPS traffic - less likely to be blocked.
This starts the listener - setoolkit will now wait for connections.
Open a second terminal, find the malicious file, copy it to your USB, and rename it to something innocent (e.g., "Invoice_Final.rtf", "Resume_2026.doc", etc.)
Tip: Choose a file name that looks legitimate to increase chances of the victim opening it.
DISCLAIMER
This information is for educational purposes only. Unauthorized access to computer systems is illegal.