Skip to Main Content
October 22, 2012

The Social-Engineer Toolkit (SET) v4.2 "Bagels Bagels Bagels" released.

Written by David Kennedy
Security Testing & Analysis Social Engineering
TrustedSec is proud to release The Social-Engineer Toolkit (SET) version 4.2 Codename: "Bagels Bagels Bagels". This version focuses heavily on the Java Applet attack vector and from a performance standpoint loads significantly faster including the responsiveness upon running and executing payloads. Everything has been written with ProcessBuilder now versus the old method of non processed execution. In addition, better AV avoidance, anti-debugging, and much more has been added to SET and will continue to grow on each version. The payload execution times are significantly improved versus the old versions and there has been a number of additional major bug fixes and performance enhancements. Please note that the Java Repeater is currently busted. This is a Java 7 Update 4 through Java 7 Update 7 issue with IE9 and IE10. It's in the process of being fixed. ~~~~~~~~~~~~~~~~ version 4.2 ~~~~~~~~~~~~~~~~ * Improved Java Applet performance when executing * Added additional payloads and encrypted formated for bypassing security mechanisms * Fixed a bug in applet when used on older operating systems * Fixed a lockup issue within the applet * Used process builder for the back-end running of commands in Java Applet, adds new functionality and better performance without hangs * Coverted all windows based java applet background processes to ProcessBuilder in java for better speed * Removed AUTO_MIGRATE=ON by default, this ruins bypassuac - need to do more research, may be able to process ride to explorer.exe instead versus notepad.exe * Added additional virtualization for pe files to SET payloads