Skip to Main Content
October 01, 2011

The Social-Engineer Toolkit (SET) v2.1 "Rebirth" has been released.

Written by David Kennedy
Security Testing & Analysis Social Engineering
The Social-Engineer Toolkit (SET) v2.1 "Rebirth" has been officially released at DerbyCon 2011. This version marks a major progression in the toolkit and something that has been under development over the past several months. Some of the major changes are as follows: 1. Fast-Track is now in the process of being integrated into the toolkit. It has been completely recoded from scratch leveraging what has been built on the SET core infrastructure. The exploits section, mssql bruter, and others have now been added to SET. As such the menu structure has changed a little bit. 2. Metasploit-based payloads now deploy through shellcodeexec (if specified) versus a straight binary. This allows Metasploit-based payloads to be loaded directly into memory via alphanumeric shellcode and never touch disk. In addition to that the Java Applet was rewritten quite a bit to reflect the new changes to the shellcodeexec attack. 3. The java repeater has been rehauled and works flawlessly in all situations and scenarios when being leveraged during the java applet attack. 4. Increased stability performance around the java applet attack and a weird bug that would randomly cause IE7 and IE8 to crash every so often (rare bug). 5. Added several new Metasploit-based payloads into the client-side attack and spear-phishing menus.
Full changelog below: * Added new menu for fasttrack integration * Defined new folder structure for fasttrack integration * Rehauled the initial menu to slim down and break into social-engineering attacks versus Fast-Track attacks * Added new core module through setcore called kill_proc * Added new core module through setcore called meta_database * Added new autopwn functionality through fasttrack/autopwn.py, with the additions of fasttrack, the code is being completely redone, nothing will be the same * Added a new config option called METASPLOIT_DATABASE. This will be what database type to use with metasploit, default is postgresql * Restructured normal set to be a new main menu versus just a calling stager. set.py and fasttrack.py will be the two main files for the functionality behind SET * Added scapy packet manipulation tool into src/core for indepth protocol creation lateron * Added portscan.py into core, this is a fast port scanner that will be used versus leveraging third party modules * Added new mssql module for port scanning mssql through the fasttrack menu * Added validate IP in the portscan to check if a solo IP address is legitimate * Added new definition scan() into the fasttrack mssql module * Added _mssql module as a dependancy and updated setup.py to include it during installation * Added new core module check_mssql() to ensure proper import for pymssql for Fast-Track attacks * Added new definition brute() for mssql brute forcing within fasttrack * Added the ability to use a mssql shell for raw queries for microsoft SQL based systems * Added the ability to do either powershell or h2b attack method via windows debug to sql bruter * Added new function call launch_hex2binary in the mssql module in fasttrack * Fixed a bug in the interactive shell when quitting out caused a global exception for socket(AF) versus socket.socket(AF). It no longer throws an exception * Added all payloads from SET including interactive shell, ratte, and others into the MSSQL Bruter in Fast-Track * Added the ability to leverage powershell to deploy in Windows 7 and Server 2008 x64 bit systems where debug is removed * Added the ability to use Metasploit based payloads within the mssql bruter * Added a background http server nonthreaded to keep alive when SET does the mssql bruter * Added a new expoits section to the fast-track menu, this will be the ultimate home for custom exploits and such * Added MS08-067 to the new exploits section in the fasttrack menu * Added the Mozilla Firefox 3.6.16 mChannel Object Use After Free Exploit (Win7) in the fasttrack exploits menu section * Added additional spacing around the SET interactive shell to clear it up a bit when doing menu selection * Added the ability to trigger the auto re-enable of the xp_cmdshell stored procedure if disabled * Added the Apple QuickTime PICT PnSize Buffer Overflow from Metasploit to the Spear-Phishing attack vector * Added the Mozilla Firefox 3.6.16 mChannel use after free vulnerability from Metasploit into the Metasploit Browser attack vector * Added the Apple Quicktime PICT PnSize and FireFox 3.6.16 mChannel use after free to the SET-web interface * Fixed the menu structure around the web gui to reflect the new menu change with 1 - being social-engineering attacks versus all on the initial screen * Added the latest teensy attacks into the web gui, includes gnome wget, binary 2 teensy, sdcard teensy, and X10 arduino jammers * Added an awesome new option in the java applet attack vector, it will allow you to select shellcodeexec which means the Java applet will now deploy shellcodeexec then execute alphanumeric shellcode. Meterpreter will never touch disk! * Rewrote the java applet quite a bit to reflect the new changes on the java applet * Added new options in payloadgen for the java applet new menu structure for shellcodeexec * Added reverse meterpreter, reverse https, reverse http to the shellcodeexec attack * Fixed a bug that caused the create a fileformat payload to error out when specifying certain payloads * Added similar format to new menu structure to the SET interactive shell * Fixed some carriage return issues within the SET interactive shell * Fixed a bug that caused java repeater to not work properly (thanks Kevin Mitnick for bug report) * Added better URL handling of java repeater for post acceptance redirect * Fixed a long standing bug that would randomly cause internet explorer to crash, had to do with java applet and waitfor() on bufferstreams * Custom compiled shellcodeexec to not print any output and obfuscate * Added randomized obfuscation on shellcodeexec to randomize each time its deployed * Fixed a bug in SET interactive shell that would randomly cause bypassuac to throw an uploads exception