Skip to Main Content
July 04, 2010

Vegas - And so it begins...

Written by David Kennedy
Getting ready for some craziness coming up soon in Vegas. Luckily, before the birth of my twins, the majority of our presentations and code was already finished. Be sure to catch me speaking at BSIDESLV, BlackHat, and Defcon this year! I'll be co-presenting with one of my buddies Josh Kelley (winfang98 on twitter) on a slew of topics. Just want to say you'll want to swing by, we are releasing new versions of tools, Metasploit modules, new tool releases, and extra code. Wanted to give you a breakdown of each presentation and what to expect. First things first, the Social-Engineer Toolkit v0.6 will be getting released and this is a whopper. Probably the largest release I think I have ever put through on SET, and it will be an amazing one. I would highly recommend BSIDESLV, it has become my favorite conference out there period. If your missing this one your basically missing the entire point of going to these conferences! Here is the changelog so far on what to expect: * Number of bug-fixes through SET and better error handling * Added the tabnabbing attack vector * Added favicon pulling per site on tabnabbing * Fixed dynamic import bug with reloading modules after use * Added Man Left in the Middle (MLITM) from Kos * Added the latest IE and Adobe exploits * Rewrote the HTTP web server handler for WebDav based exploits, it will force SET to use port 8080 as the web server as MSF requires WebDav on 80. * Rearranged the initial web attack vector menu, it needed to be reversed * Added the ability to specify your own custom executable for MSF encoding (-x) within the config/set_config file, the new option is called 'CUSTOM_EXE' * Added checks for BeautifulSoup, it is now a requirement for SET for the MLITM attack * Fixed the no encoding issue with Java Applet Attack Vector, when specifying no encoding it will not prompt you to encode the payload * Fixed bleed over colors when bombing out of any of the SET menus * Added the ability to be able to customize MLITM web server port address in set_config, default is 80. * Fixed an issue with Java Applet attack where if WEB_PORT was changed from 80, the Windows and NIX payloads would not deploy properly based off of port change * Fixed an issue where importing your own execubale with the Java Applet attack would fail and not work properly. * Fixed where OSX and LINUX payloads would still be asked for in payloadgen if not using the Java Applet attack. * Added the new Teensy Arduino attack vector menu that can be used with the Teensy USB HID devices for physical/social-engineering attacks * Fixed issue where ettercap was not properly performing DNS_POISON attacks, should now dns poison properly. * Removed the IP address challenge question when importing your own exe * Fixed issue where other python applications would close when exiting SET * Rewrote html handler to fix stderr and stdout issues with subprocess and ettercap handlers, should close properly when exiting SET now * Fixed the main bug with Linux/OSX via Java Applet and no shell being piped, should now be 100 percent operable (thanks Thomas Werth). I will be demoing all the new features and releasing SET v0.6 at BSIDESLV exclusively, be sure to be there 7/28/2010 at 3:00PM! Moving on to BlackHat, me and Josh will be doing the PowerShell - It's time to own presentation on 7/29/2010 at 10:00AM. Josh and myself have put a ton of time and will be releasing two new metasploit modules/meterpreter scripts and demoing new tools we will be releasing the code for and some new bypass technique methods of PowerShell, you absolutely don't want to miss this one. Last but not least, our Defcon presentation will be on Sunday at 12:00PM for the PowerShell omfg talk Me and Josh will be showing everything we did in BlackHat and a lot more including some additional tool releases and a much more in depth talk. Phew, going to be a busy week for us, and I can tell you I think me and Josh's fingers are bleeding from the amount of code pumped out during these three talks. As always, be sure to check back here for more news and updates, can also follow me and Josh on twitter: dave_rel1k and winfang98 See you in Vegas!