The Social-Engineer Toolkit (SET) version 4.7 codename “Headshot”
has been released. This version of SET introduces the ability to
specify multi-powershell injection which allows you to specify as many
ports as you want and SET will automatically inject PowerShell
onto the system on all of the reverse ports outbound. What’s nice with
this technique is it never touches disk and also uses already white
listed processes. So it should never trigger anything like anti-virus or
whitelisting/blacklisting tools. In addition to multi-powershell
injector, there are a total of 30 new features and a large rewrite of
how SET handles passing information within different modules
http://vimeo.com/61896197">http://vimeo.com/61896197" type="application/x-shockwave-flash" width="425" height="350">
Change log for version 4.7
removed a prompt that would come up when using the powershell injection technique, port.options is now written in prep.py versus a second prompt with information that was already provided
began an extremely large project of centralizing the SET config file by moving all of the options to the set.options file under src/program_junk
moved all port.options to the central routine file set.options
moved all ipaddr.file to the central routine file set.options
changed spacing on when launching the SET web server
changed the wording to reflect what operating systems this was tested on versus browsers
removed an un-needed print option1 within smtp_web that was reflecting a message back to user
added the updated java bean jmx exploit that was updated in Metasploit
added ability to specify a username list for the SQL brute forcing, can either specify sa, other usernames, or a filename with usernames in it
added new feature called multi-powershell-injection – configurable in the set config options, allows you to use powershell to do multiple injection points and ports. Useful in egress situations where you don’t know which port will be allowed outbound.
enabled multi-pyinjection through java applet attack vector, it is configured through set config
removed check for static powershell commands, will load regardless – if not installed user will not know regardless – better if path variables aren’t the same
fixed a bug that would cause linux and osx payloads to be selected even when disabled
fixed a bug that would cause the meta_config file to be empty if selecting powershell injection
added automatic check for Kali Linux to detect the default moved Metasploit path
removed a tail comma from the new multi injector which was causing it to error out
added new core routine check_ports(filename, ports) which will do a compare to see if a file already contains a metasploit LPORT (removes duplicates)
added new check to remove duplicates into multi powershell injection
made the new powershell injection technique compliant with the multi pyinjector – both payloads work together now
added encrypted and obfsucated jar files to SET, will automatically push new repos to git everyday.
rewrote the java jar file to handle multiple powershell alphanumeric shellcode points injected into applet.
added signed and unsigned jar files to the java applet attack vector
removed create_payload.py from saving files in src/html and instead in the proper folders src/program_junk
fixed a payload duplication issue in create_payload.py, will now check to see if port is there
removed a pefile check unless backdoored executable is in use
turned digital signature stealing from a pefile to off in the set_config file
converted all src/html/msf.exe to src/program_junk/ and fixed an issue where the applet would not load properly
It can also be downloaded through github using the following command:
git clone https://github.com/trustedsec/social-engineer-toolkit/ set
http://vimeo.com/61896197">http://vimeo.com/61896197" type="application/x-shockwave-flash" width="425" height="350">
Change log for version 4.7
removed a prompt that would come up when using the powershell injection technique, port.options is now written in prep.py versus a second prompt with information that was already provided
began an extremely large project of centralizing the SET config file by moving all of the options to the set.options file under src/program_junk
moved all port.options to the central routine file set.options
moved all ipaddr.file to the central routine file set.options
changed spacing on when launching the SET web server
changed the wording to reflect what operating systems this was tested on versus browsers
removed an un-needed print option1 within smtp_web that was reflecting a message back to user
added the updated java bean jmx exploit that was updated in Metasploit
added ability to specify a username list for the SQL brute forcing, can either specify sa, other usernames, or a filename with usernames in it
added new feature called multi-powershell-injection – configurable in the set config options, allows you to use powershell to do multiple injection points and ports. Useful in egress situations where you don’t know which port will be allowed outbound.
enabled multi-pyinjection through java applet attack vector, it is configured through set config
removed check for static powershell commands, will load regardless – if not installed user will not know regardless – better if path variables aren’t the same
fixed a bug that would cause linux and osx payloads to be selected even when disabled
fixed a bug that would cause the meta_config file to be empty if selecting powershell injection
added automatic check for Kali Linux to detect the default moved Metasploit path
removed a tail comma from the new multi injector which was causing it to error out
added new core routine check_ports(filename, ports) which will do a compare to see if a file already contains a metasploit LPORT (removes duplicates)
added new check to remove duplicates into multi powershell injection
made the new powershell injection technique compliant with the multi pyinjector – both payloads work together now
added encrypted and obfsucated jar files to SET, will automatically push new repos to git everyday.
rewrote the java jar file to handle multiple powershell alphanumeric shellcode points injected into applet.
added signed and unsigned jar files to the java applet attack vector
removed create_payload.py from saving files in src/html and instead in the proper folders src/program_junk
fixed a payload duplication issue in create_payload.py, will now check to see if port is there
removed a pefile check unless backdoored executable is in use
turned digital signature stealing from a pefile to off in the set_config file
converted all src/html/msf.exe to src/program_junk/ and fixed an issue where the applet would not load properly
It can also be downloaded through github using the following command:
git clone https://github.com/trustedsec/social-engineer-toolkit/ set
0 commentaires:
Enregistrer un commentaire