November 03, 2010
The Social-Engineer Toolkit (SET) v1.0 Release Date Announced
Written by
David Kennedy
Security Testing & Analysis
Social Engineering
Just wanted to give everyone a heads up on the release of the Social-Engineer Toolkit version 1.0. This is THE largest release I've ever cranked out. The code base alone is as big as all of the prior releases combined. I've introduced two new interfaces, one called set-automate and the other called set-web. The set-automate will take an answer file and automate the menu mode for you so you don't have to do the same thing over and over. The web interface will setup everything for you and prep your attack all through a configurable web interface. You can even dynamically edit the config file through the web interface, and based on what you add, it will add new menus and fields for you automatically. The java applet has been significantly improved, when a user clicks cancel, it will repop up and nag them until they hit run. It has also been rewritten to have better platform targeting on Windows 7 32 and 64 bit. There are new attack vectors including a new module from the folks at TB-Security.com which incorporates SMS spoofing attacks. I've also spent a few weeks writing a custom DLL for the DLL Hijacking attack that automatically downloads a backdoor and installs it. Had to shake the rust off the C/C++ programming yuck. There is really more features and functionality that can be listed in this blog post. I will have a movie done here shortly to outline them all but wanted to let you know that version 1.0 will be released this Saturday November 6, 2010. This is a game changer, SET has evolved into something I could have never imagined and I appreciate all of the feedback, additions, and bug submissions, it really has taken SET to the next level.
Note that changes are still occurring but you can see the change log below:
* Added the new set-automate functionality which will allow you to use SET answer files to automate setting up the toolkit
* Added bridge mode to Ettercap if you want to utilize that capability within Ettercap
* Fixed an issue where multiple meterpreter shells would spawn on a website with multiple HEAD sections in the HTML site
* Added the Metasploit Browser Autopwn functionality into the Metasploit Attack Vector section
* Fixed the dates on DerbyCon, suppose to be September 30 - Oct 2 2011 instead of Septemeber 29 - Oct 2 2011
* Added the ability to utilize templates or import your own websites when using credential harvester, tabnabbing, or webjacking
* Fixed an integer error issue with Java Applet when exiting SET
* Changed the timing for the wscript payload from 15 seconds to 10 seconds to minimize delay
* Added a custom written DLL for SET and the DLL Hijacking, user has to extract the zip file for it to work properly
* Redid the report templates for credential harvester to reflect the new look for secmaniac.com
* Removed the modified calc.exe and replaced with a modified version of putty.exe to get better AV detection
* Redid the dll hijacking attack to include rar and zip files, rar is better to use winzip compatible and will execute
* Added an additional dll hijacking dll that will be used for the main attack, uses a purely C++ native method for downloading and executing payloads
* Fixed the defaulting application for the Client-Side attack vector, it was defaulting to PDF when it should be an IE exploit
* Fixed a bug where hitting enter at the web attack vector would cause an integer base 10 error message
* Added the Adobe Shockwave browser exploit that I wrote for the Metasploit Framework.
* Moved all of the SET menu mode source to main/set.py, the main set loader is just a small import now. More clean.
* Changed some spacing issues in the client-side attack vectors
* In spear-phishing, cleaned up excess messages being presented back to the user when PDF was created or files were moved
* Fixed a bug in the web cloner where certain ASPX sites wouldn't clone and register properly, thanks for the patch Craig! Added you to credits.
* Added the SMS attack vector which can spoof SMS messages to a victim, it will be useful in nature if you want them to click a link or go somewhere you have a malicious site. Thanks to the TB-Security.com for the addition.
* Added the Metasploit Sun Java Runtime New Plugin docbase Buffer Overflow universal client side attack
* Added the parameter for the java applet called separate_jvm, this will spawn a new jvm instance so cache does not need to be cleaned
* Fixed a bug where the SET Python web server would not properly shut down in certain circumstances
* Added a repeatitive refresh flash for the java applet, so if a user hits cancel, it will prompt over and over until run is hit. Better way of getting the user to hit run.
* Added the configuration option to turn off the java repeater, so if your using something like multi-attack you can specify so it doesn't keep nagging the user if you want multiple attack vectors
* Fixed a bug where spear phishing attack would not spawn meterpreter listener when yes was specified, this was caused by the new dll hijacking addition.
* Added better connection handling through the spear-phishing and gmail integration, it wasn't properly closing the connection per request
* Fixed bug where using infectious media and file format would prompt you to use the spear-phishing mailer option afterwards, it no longer prompts for that during infectious media creation
* Removed the option to include how many times to include, automatically defaults to 4, option is configurable in set_config now
* Added the Metasploit Adobe FlashPlayer "Button" Remote Code Execution exploit to the spear-phishing/file format attack vectors
* Added the ability to hit enter on yes or no payload selection default to the infectious usb method, enter would just return you to the menu, it now spawns a listener
* Removed the return to continue prompt in the Teensy HID USB attack vector, it wasn't needed and added additional steos
* Added the new SET web interface, it primarily utilizes the new set-automate functionality based on responses for a payload, will improve as time goes on
* Added the reverse DNS meterpreter payload to both client-side attacks as well as payload generators for things like Java Applet, Teensy, attacks, etc.
* Fixed an issue where the Adobe 'Button' exploit was not properly loading and exporting the PDF through Metasploit