Skip to Main Content
February 08, 2016

SET v7.0 "RemembRance" Released!

Written by David Kennedy
Security Testing & Analysis Social Engineering
TrustedSec is proud to announce the release of the major version of the Social-Engineer Toolkit (SET) v7.0 codename "RemembRance". The codename has a lot of meaning and is in remembering David Jones (Rance) who passed away last month to cancer. Always remember you buddy and the difference you made in all of us! This release is for you. This version has a significant amount of changes including a complete re-haul to pep8 and python 3 support. In addition to the rewrite, there is also a lot of new functionality. For one, the HTA attack vector is now significantly improved. Java recently released the death of their plugin (Hackers everywhere yelled - the rest cheered and celebrated): Rest in Hell Java Plug-In from Gizmodo With Java becoming less and less prone (although still very much out there and real) - the HTA attack vector has gotten to be a very reliable method for attack. Justin Elze (1:33PM ET never forget) - one of our Principal Security Consultants at TrustedSec released a blog post detailing the HTA attack vector: Malicious HTA’s not just for Spammers TrustedSec Blog The HTA attack vector provides a reliable method for exploitation. The HTA attack was added to SET v6 and in Unicorn 2.0: Magic Unicorn 2.0 Release TrustedSec Blog The attack itself was pretty basic - it would pop up a fake website - then prompt for the HTA attack. This portion has been completely rewritten and made much more believable. When the HTA gets loaded into the browser, the website is automatically rewritten to the legitimate website that it was cloned from. An example, lets say you cloned - the HTA would load and the website URL would actually say with the HTA loading. This makes it much more believable to coax the user to clicking the open dialog box for the HTA PowerShell execution. In addition to the HTA attack vectors, the website cloner has been significantly improved and more stable when cloning heavy dynamic content driven sites. Amongst the other changes - Metasploit Browser attack method has been updated with the latest exploits. Multiple bug fixes and much more. The installer now supports Fedora automatic installs (along with Arch and Debian-based) - and is improved. This verison is several months in the making and is vastly improved prior to other versions. The python3 support is still a work in progress but 95% there. You can get the latest version of SET by going to: # (git clone set/) Or you can simply use the PenTesters Framework (PTF) and just run the updater for the latest version: Full changelog below: ~~~~~~~~~~~~~~~~ version 7.0 ~~~~~~~~~~~~~~~~ * fixed an issue that would cause payload creation to halt if .msf5 was a path instead of .msf4 * fixed an issue when reimporting modules or re-selecting options that would cause it to not work properly * updated config option to use most recent user agent string * massive re-haul for pep8 * massive re-haul for python3 * added more words to mssql wordlist * major refactoring of python codebase to support both python2 and python3 * restructured HTA attack vector and improved codebase to redirect after 3 seconds to the legitimate website while still launching the HTA file, this makes it very easy to coax victim into beleiving the HTA they are running is from a legitimate link * rewrote alphanumeric shellcode injector to be python3 compliant and optimized * added module_rewrite function instead of reload() for python3 * added Metasploit MS15-100 Microsoft Windows Media Center MCL Vulnerability to fileformat attacks * added Fedora automatic install thanks to whoismath PR This blog post was written by Dave Kennedy - Founder of TrustedSec