Skip to Main Content
May 21, 2012

The Social-Engineer Toolkit (SET) 3.3 Codename "DerbyCon 2.0 Edition" has been released.

Written by David Kennedy
Security Testing & Analysis Social Engineering
It's been a long development cycle on this one! Lots of new attack vectors, exploits, and a number of other features. Most importantly, this release has the new powershell attack vectors which I've incorporated some new and old powershell attacks that can be automatically exported. I still have some work to do on automatic encoding of some but for the most part this is solid! Video of the new version leveraging SQL Injection and the new PowerShell Alphanumeric Attack
Changelog below: ~~~~~~~~~~~~~~~~ version 3.3 ~~~~~~~~~~~~~~~~ * added new menu powershell attack vectors -- will be used for powershell based attacks * added new payload powerdump to the powershell attack vectors * added new payload bind shell to the powershell attack vectors * added new payload powershell shellcode injection to the powershell attack vectors * new core routine added for powershell_convert(powershell_command) which will do all the proper unicode + base64 encoding needed for powershell -EncodedCommand bypass * new core routine added powershell_generate_payload(payload,ipaddr,port,powershell_command). This will create the necessary alphanumeric shellcode needed through metasploit in order to successfully create the powershell injection attack * added ms12-027 to the spear phishing attack vectors - MSCOMCTL ActiveX Buffer Overflow (from Metasploit) * added new payload reverse shell to powershell attack vectors * fixed a bug in metasploit browser exploits where the numbers were off and would not properly parse the exploit (thanks for the report Dale Pearson) * added a pause when using the apache menu so it doesn't automatically exit * added a pause when something is on port 80 for credential harvester to display the error message * added a new phishing template provided by chap0, thanks for the contribution! * fixed a wording issue within fasttrack exploit selection, it was asking for a nmap range, it should read which exploit do you want * added the Solarwinds Storage Manager 5.1.0 Remote SYSTEM SQL Injection Exploit exploit by muts into Fast-Track * added the RDP use after free DoS into SET in the Fast-Track custom exploits section * added new subroutine for powershell conversion * added automatic convert for powershell alphanumeric shellcode to automatically encode the commands * added the menu system for the new powershell menu * added ability to leverage msf payloads in the alphnaumeric shellcode * added metasploit listener option for the powershell attack * added a new native python socket listener for a standard reverse shell routine in setcore socket_listener(port) * added powershell bind shell into the new powershell interpreter attack vector * added new core routine for powershell alphanumeric injection and conversion with msfvenom * added functionality through to dynamically generate payloads and inject through powershell * removed large portion of and centralized through setcore routines * added powershell powerdump to the attack vectors for powershell attacks