August 03, 2012
The Day of Goodies - SET v3.6, new tools, and new presentations released!
Written by
David Kennedy
Security Testing & Analysis
Social Engineering
Wow... So now that BSIDES, Blackhat, and Defcon is over and after getting back and sleeping for two days, we decided to post all of the code and presentations developed over the series of the last month or so. TrustedSec's founder had the pleasure of training at BlackHat on the Social-Engineer Toolkit and with over 30 total students. In addition, David presented at BSIDES Las Vegas on "Secret Pentesting Techniques Shhhhhh..." and at Defcon 20 with Dave DeSimone (d2theave) on "Owning One to Rule Them All". Overall, it was an overwhelming success and a ton of fun to hang out with some great friends. Today, we are releasing three new tools, two new presentations, and the Social-Engineer Toolkit (SET) v3.6.
The first tool is called pybuild, it's a simple python script that allows you to utilize pyinstaller in a simplistic fashion and compile python scripts into binaries. This is especially useful when you write python specific code and want a standalone executable to run without having to have python installed. Pybuild simply asks for the python script you wrote and uses pyinstaller to create a standalone executable for you. Pyinstaller byte compiled the python code and wraps it into the python interpreter and bundles it into an executable for you. Download Here
The second tool is a simple reverse shell written in Python, this was used to demonstrate how easy it was to write backdoors without any type of detection from security mechanisms. Coupled with pyinstaller and compiling this into an executable, it's a great way to demonstrate how easy it is to evade certain technologies. Download here
The third tool is called "SQLBrute", its a quick script that I use when I'm performing penetration tests, this will go out and brute force SQL "sa" accounts, automaticallt re-enable the xp_cmdshell stored procedure and add a local administrator for you. Very easy to use. Download Here
The first presentation released is the BSIDES Las Vegas - Secret Pentesting Techniques Shhhh... This talk was simple techniques that I use during penetration tests to gain access to systems and evade security mechanisms. Download Here
The second presentation is the talk from Defcon 20 around using SCCM as a way to deploy malicious binaries to organizations. Download Here
Last but not least, The Social-Engineer Toolkit (SET) v3.6 codename "MMMMhhhhmmmmmmmmm" has now been released. This release incorporates the SCCM attack vectors demonstrated at Defcon. The automation piece is still under development and expected to be released soon. In addition, new exploits have been released as well as additional enhancements and bug fixes. Full change log can be found below:
~~~~~~~~~~~~~~~~
version 3.6
~~~~~~~~~~~~~~~~
* adds the new SCCM attack vector to the social-engineer toolkit - allows you to patch SCCM servers to deploy backdoors
* updated the web gui interface to add updates to exploits
* fixed a menu bug in the web interface that would repeater numbers
* added the MSCOMCTL ActiveX Buffer Overflow (ms12-027) exploit to the web interface
* added the shellcodeexec alphanumeric shellcode paylaod to the web interface
* added Java Applet Field Bytecode Verifier Cache Remote Code Execution to the web interface
* added MS12-037 Internet Explorer Same ID Property Deleted Object Handling Memory Corruption to the web interface
* added Microsoft XML Core Services MSXML Uninitialized Memory Corruption to the web interface
* added Adobe Flash Player Object Type Confusion to the web interface
* fixed a menu bug that would not allow you to return to the previous menu in the java applet
* fixed a bug that would cause the multiattack metasploit, java applet, and cred harvester to not work on the right ports and raise a exceptions
* added background listener to credential harvester and multiattack -- allows credential harvester to continue to run even if metapsloit has been exited
* fixed a bug that would still flag any website as cloned successfully. The new code fixes that by checking to ensure the site was properly cloned.
* fixed a cloning web bug that would error out then continue with payload selection
* added a cleanup routine to the web cloner for post completion on the cloner, this fixes a repetitive issue when launching multiple attacks in the menu system
The first tool is called pybuild, it's a simple python script that allows you to utilize pyinstaller in a simplistic fashion and compile python scripts into binaries. This is especially useful when you write python specific code and want a standalone executable to run without having to have python installed. Pybuild simply asks for the python script you wrote and uses pyinstaller to create a standalone executable for you. Pyinstaller byte compiled the python code and wraps it into the python interpreter and bundles it into an executable for you. Download Here
The second tool is a simple reverse shell written in Python, this was used to demonstrate how easy it was to write backdoors without any type of detection from security mechanisms. Coupled with pyinstaller and compiling this into an executable, it's a great way to demonstrate how easy it is to evade certain technologies. Download here
The third tool is called "SQLBrute", its a quick script that I use when I'm performing penetration tests, this will go out and brute force SQL "sa" accounts, automaticallt re-enable the xp_cmdshell stored procedure and add a local administrator for you. Very easy to use. Download Here
The first presentation released is the BSIDES Las Vegas - Secret Pentesting Techniques Shhhh... This talk was simple techniques that I use during penetration tests to gain access to systems and evade security mechanisms. Download Here
The second presentation is the talk from Defcon 20 around using SCCM as a way to deploy malicious binaries to organizations. Download Here
Last but not least, The Social-Engineer Toolkit (SET) v3.6 codename "MMMMhhhhmmmmmmmmm" has now been released. This release incorporates the SCCM attack vectors demonstrated at Defcon. The automation piece is still under development and expected to be released soon. In addition, new exploits have been released as well as additional enhancements and bug fixes. Full change log can be found below:
~~~~~~~~~~~~~~~~
version 3.6
~~~~~~~~~~~~~~~~
* adds the new SCCM attack vector to the social-engineer toolkit - allows you to patch SCCM servers to deploy backdoors
* updated the web gui interface to add updates to exploits
* fixed a menu bug in the web interface that would repeater numbers
* added the MSCOMCTL ActiveX Buffer Overflow (ms12-027) exploit to the web interface
* added the shellcodeexec alphanumeric shellcode paylaod to the web interface
* added Java Applet Field Bytecode Verifier Cache Remote Code Execution to the web interface
* added MS12-037 Internet Explorer Same ID Property Deleted Object Handling Memory Corruption to the web interface
* added Microsoft XML Core Services MSXML Uninitialized Memory Corruption to the web interface
* added Adobe Flash Player Object Type Confusion to the web interface
* fixed a menu bug that would not allow you to return to the previous menu in the java applet
* fixed a bug that would cause the multiattack metasploit, java applet, and cred harvester to not work on the right ports and raise a exceptions
* added background listener to credential harvester and multiattack -- allows credential harvester to continue to run even if metapsloit has been exited
* fixed a bug that would still flag any website as cloned successfully. The new code fixes that by checking to ensure the site was properly cloned.
* fixed a cloning web bug that would error out then continue with payload selection
* added a cleanup routine to the web cloner for post completion on the cloner, this fixes a repetitive issue when launching multiple attacks in the menu system