Published on June 21st, 2011 | by NJ Ouchn0
Social-Engineer Toolkit (SET) v1.5 “Convergence Edition”
The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.
I’m proud to announce that the Social-Engineer Toolkit (SET) v1.5 “Convergence Edition” has officially been released. This release adds new Metasploit client-side exploits and more granularity around the SET interactive shell. One of the main accomplishments in this version is the cross-compatibility of the SET interactive shell which now supports Windows, OSX, and *NIX. Interesting enough it does smart detection based on platform and leverages the same codebase when triggering payloads. Overall this has been several months of development getting the interactive shell to a point to where it’s stable and supports multiple operating systems.
In addition to the OSX compatibilities, several new features were added to the interactive shell. The first is persistence, the SET interactive shell will spawn a custom written service, install it, and then spawn you a shell back every 30 minutes. Useful for when on a penetration test and your connection drops, you still will receive connections back every 30 minutes. In addition to that, “clear” and “cls” have been added for clear screen as well as “reboot now” and “removepersistence”. A full changelog change be found here:
* Added shell.py to support both Linux and OSX for the SET Interactive Shell, uses same code repository
* Added shell to support Linux/OSX for SET Interactive Shell
* Added download to support Linux/OSX for SET Interactive Shell
* Added upload to support Linux/OSX for SET Interactive Shell
* Added ps to support Linux/OSX for SET Interactive Shell
* Added kill to support Linux/OSX for SET Interative Shell
* Fixed a bug in mass mailer where TLS would execute after ehlo not before. Thanks pr1me
* Changed download path to replace forward and back slashes with a _ so it would not cause strange nix issues with back slashes and forward slashes in the SET Interactive Shell
* Added better integer handling when running listener.py by itself without specifying a port
* Redesignated filename shell.binary to shell.windows and shell.linux (PE vs. ELF binary)
* Added separate installers for shell.linux and shell.osx, to many differences between the two and needed different compiling.
* Added instructions in shell.py how to compile for each flavor operating system including windows, linux, and osx
* Added reboot now into the SET interactive Shell
* Added persistence to the SET interactive shell with a completely custom written python-bytecompiled service. Essentially uploads service to victim, that calls interactive shell every 30 minutes
* Added name distinguishing per windows/posix systems so it will show up POSIX or WINDOWS on interactive shell, will also show WINDOWSUAC-SAFE and WINDOWSSYSTEM.
* Added the MS11-050 IE mshtml!CObjectElement Use After Free exploit from Metasploit
* Added dynamic packing to download/upload for persistence, better AV avoidance
* Added MS11-050, Adobe Flash 10.2.153.1, and Cisco AnyConnect Metasploit exploits to the SET web gui
* Added 'clear' and 'cls' in the SET Interactive Menu to remove whats in the screen, etc.
* When using the java docbase exploit, removed 'Client Login' for title frame, isn't needed
* Added back command to the SET interactive shell to go back when in different menus
* Fixed a bug where it would state payloadprep not defined, it was caused to UPX not fully packing the device at time of upload, a 3 second delay has been added