Skip to Main Content
April 02, 2012

The Social-Engineer Toolkit v3.2 codename "#FreeHugs" has been released.

Written by David Kennedy
Security Testing & Analysis Social Engineering
The Social-Engineer Toolkit version 3.2 codename "#FreeHugs" has been released. This has a number of additions including a new payload selection for a reverse HTTP shell built specifically for the toolkit. In addition there have been a number of additional Metasploit exploits added to the Metasploit Browser attacks and much more. A full changelog can be found here: ~~~~~~~~~~~~~~~~ version 3.2 ~~~~~~~~~~~~~~~~ * added new payload to the HTTP attack vectors - the SET Reverse HTTP Shell which uses native AES encryption for tunneling commands back and forth * added the new SET RevHTTP shell into the Java Applet attack vector * added the Java AtomicReferenceArray Type Violation Vulnerability exploit to the Metasploit attack vectors * added the Adobe Flash Player MP4 'cprt' Overflow exploit to the Metasploit attack vectors * added the MS12-004 midiOutPlayNextPolyEvent Heap Overflow exploit to the Metasploit attack vectors * added an exceptions in for the Java AtomicReferenceArray to select java meterpreter versus standard since its specific to exploit * reintroduced the set-web shell into the main repositories, still may be buggy -- plan on rewriting soon * added changes and obfuscation to the SET RevHTTP and changed the cipher key exchanges for the binary * added a quit routine to the new SET RevHTTP shell -- quit and exit work * recompiled the SET RevShell to be nonconsole so it will not spit any input out even if its discovered * removed it was no longer being used and no longer needed * fixed an error that would be thrown when finished with an attacker vector then go to launch another attack it would throw an attack_vector not found exceptions (thanks Vinny Troia for the report)