April 02, 2012
The Social-Engineer Toolkit v3.2 codename "#FreeHugs" has been released.
Written by
David Kennedy
Security Testing & Analysis
Social Engineering
The Social-Engineer Toolkit version 3.2 codename "#FreeHugs" has been released. This has a number of additions including a new payload selection for a reverse HTTP shell built specifically for the toolkit. In addition there have been a number of additional Metasploit exploits added to the Metasploit Browser attacks and much more. A full changelog can be found here:
~~~~~~~~~~~~~~~~
version 3.2
~~~~~~~~~~~~~~~~
* added new payload to the HTTP attack vectors - the SET Reverse HTTP Shell which uses native AES encryption for tunneling commands back and forth
* added the new SET RevHTTP shell into the Java Applet attack vector
* added the Java AtomicReferenceArray Type Violation Vulnerability exploit to the Metasploit attack vectors
* added the Adobe Flash Player MP4 'cprt' Overflow exploit to the Metasploit attack vectors
* added the MS12-004 midiOutPlayNextPolyEvent Heap Overflow exploit to the Metasploit attack vectors
* added an exceptions in for the Java AtomicReferenceArray to select java meterpreter versus standard since its specific to exploit
* reintroduced the set-web shell into the main repositories, still may be buggy -- plan on rewriting soon
* added changes and obfuscation to the SET RevHTTP and changed the cipher key exchanges for the binary
* added a quit routine to the new SET RevHTTP shell -- quit and exit work
* recompiled the SET RevShell to be nonconsole so it will not spit any input out even if its discovered
* removed slim_set.py it was no longer being used and no longer needed
* fixed an error that would be thrown when finished with an attacker vector then go to launch another attack it would throw an attack_vector not found exceptions (thanks Vinny Troia for the report)