September 17, 2010
Social-Engineer Toolkit 0.7.1 minor update
Written by
David Kennedy
Security Testing & Analysis
Social Engineering
Minor update just committed to the SVN repository. This version adds the ability to utilize file format bugs in the USB/DVD/CD Infectious Attack Vector. When selecting this option, it will now prompt you to see if you want to do a standard executable or utilize a file format bug for example a PDF. This will allow you to place non executable based attacks on the USB/DVD/CD and hopefully have it not get snagged by AV.
There was also a few other minor additions, for example adding the Meterpreter SSL based reverse to the payload options. Here is a list of full changes here:
- Added the ability to use fileformat exploits in the USB/DVD/CD Infectious Attack Vector
- Fixed a couple of wording issues in the client-side attack vector payloads section
- Added Meterpreter SSL connection payload for client-side attacks
- Added Meterpreter SSL connection payload for fileformat attacks
- Added Meterpreter SSL connection payload for browser attack vectors
- Fixed an issue with the utilprint exploit in the file format attacks
- Added the Metasploit PDF embedded executable fileformat exploit with no javascript