Tools no image

Published on October 26th, 2011 | by MaxiSoler


Social-Engineer Toolkit v2.2 released (Son of Flynn)

The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of pentesting. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.


Currently SET has two main methods of attack, one is utilizing Metasploit payloads and Java-based attacks by setting up a malicious website (which you can clone whatever one you want) that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering.

Changelog v2.2 – Codename “Son of Flynn”

  • Added better handling when generating your own legitimate certifcate and ensure proper import into SET
  • Adjusted java repeater time to have a little more delay, seems to be more reliable and stable if that occurs.
  • Removed the check from the main launch of SET for pymssql and only added it when the fast-track menu was specified
  • Removed the derbycon posting since it already happened. When we get closer I’ll re-add it back in with detailed information
  • Removed old files in the java applet attack that were not needed.
  • Added better granularity checking the Java Applet attack when the shellcode exec or normal attacks were being specified.
  • Fixed a bug that caused infectious media bomb out if shellcodeexec was specified as a payload
  • Added a legal disclaimer for first inital use of SET that is must be used for lawful purposes only and never malicious intent
  • Added improved stability of the java applet attack through better payload detect/selection
  • Fixed a bug with shellcodeexec and creating a payload and listener through SET, it would throw an exception, it now exports shellcodeexec properly and exports alphanumeric shellcode
  • Added new config check inside core.py, will return value of config, easier..will gradually replace all config checks with this
  • Fixed an issue that would cause AUTO_REDIRECT=OFF to still continue to redirect. This was caused from a rewrite of teh applet and the same parameters not being filtered properly
  • Added more customizing Options to RATTE. Now you can specifiy custom filename ratte uses for evading local firewalls. So you can deploy RATTE as readme.pdf.exe and it will run as iexplore.exe to bypass local firewalls. You can although specify if RATTE should be persistent or not. For testing network firewalls you won’t need a persistent one. Doing a penetration test you may choose a persistent configuration.
  • Fixed a bug in RATTE which could break connection to Server. RATTE now runs much more stable and can bypass high end network firewalls much more reliable.
  • Added a new config option called POWERSHELL_INJECTION, this uses the technique discovered by Matthew Graeber which injects shellcode directly into memory through powershell
  • Added a new teensy powershell attack leveraging Matthew Graebers attack vector.
  • Rehauled the Java Applet attack to incorporate the powershell injectiont technique, its still experimental, so will remain OFF in the config by default. The applet will not detect if Powershell is installed, and if so, use the shellcode deployment method to gain memory execution without touching disk through PowerShell.
  • Fixed a bug that would cause mssql bruter to error if powershell injection was enabled or other attack vectors

Download: Social-Engineer Toolkit v2.2

More information: here

Tags: , , , ,

About the Author

www.artssec.com @maxisoler

Back to Top ↑