Skip to Main Content
November 05, 2011

The Social-Engineer Toolkit (SET) v2.3 "Eclipse" has been released.

Written by David Kennedy
Security Testing & Analysis Social Engineering
I've been working on 2.3 for a few weeks now (even before 2.2) and had some pretty hefty tasks in rehauling a lot of the code base. For starters, when a website was cloned, it would be placed under src/webattack/web_clone/site/template. I'm trying to be centric on all data thats generated from SET, so I rehauled the codebase to place all cloned websites under src/program_junk/web_clone/. In addition, I've been rewriting the Java Applet quite a bit for stability and addition to the powershell injection. I've done extensive testing on all operating systems and feel comfortable enough now with the code-base changes to enable the PowerShell Injection mode by default now. What this means is that if powershell is detected, it will launch shellcode straight to memory. In addition as a fallback, if this fails, a second meterpreter shell will be deployed through the standard method that you selected, either shellcodeexec or meterpreter or whatever. I've also spent a great deal of time fixing bugs and quirks in this release. Even found (and fixed) a pesky one that has been haunting me since 1.4. I hope you enjoy! Changelog below: ~~~~~~~~~~~~~~~~ version 2.3 ~~~~~~~~~~~~~~~~ * fixed a bug that would not load the menus properly when loading SET (bad return placement) * fixed an annoying bug that has been around for a number of versions, finally tracked down..some occasions where it would show "Moving payload to website", you couldn't control-c out to exit and would have to close the console window. This has been resolved. * rewrote shellcodeexec again to evade AV * added the shellcodeexec.c modified source code * removed improper way to mask error messages through 1> /dev/null and 2> /dev/null, pipe information through subprocess.PIPE instead * fixed a bug in fast-track with the mssql bruter where if using the SET interactive shell, it wouldn't spawn the HTTP server properly due to to site.template and attack.vector files not being found. Added better granularity on detecting files and setting defaults if its not found * adjusted the repeater time to 2 seconds versus 3 * added additional passwords found in pentests to the wordlist * removed excess code from setcore * moved Signed_Update.jar that is generated through Java Applet attack it now goes through src/program_junk versus src/html * rewrote large portions of SET to place cloned websites and files under src/program_junk/web_clone versus src/webattack/web_clone/site/template * added new config option for OSX/LINUX payload ports and removed the automatic prompt after generating metasploit payload if you want to target OSX/Linux. It will automatically target Linux/OSX and removes another prompt in setting everything up * added additional stability to powershell injection, it is now enabled by default. If powershell is injected, it will send a payload straight through memory versus touching disk. Note that you may get two shells back. This is intentional as its a failsafe if the one method fails through powershell. So regardless, if the powershell injection fails to compromise, the backup dropper will still execute * bug fix in where it would throw an error about not finding the proper payload in the fasttrack mssql bruter