Social Engineer Toolkit(SET) 3.4! released
The Social Engineer Toolkit (SET) has been updated
“The Social Engineering Toolkit (SET) is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing. It was designed in order to armpenetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. The Social EngineerToolkit leverages multiple attack vectors that take advantage of the human element of security in an effort to target attackers.”Change log for Social Engineer Toolkit:
Implemented Social Engineer Toolkit debugging (turned it all on). This should allow developers and users to troubleshoot while watching SET navigate it’s ‘roadmap’…without setting up a third party debugger.
Debugging functions streamlined down into 1 in setcore.
Debugging levels increased to 6.
Began implementation of user input validation-validating web site, IP, ports, yes/no responses in ratte modules first. Fixes a bug where SET attempts to continue without a required parameter.
Added the ability to select a list of IP addresses for SQL servers and import them into Fast-Track versus CIDR notations or IP addresses – can do all three now
Streamlined the Fast-Track MSSQL bruting through multithreading – ability to attack multiple SQL servers faster
better obfuscation on SET interactive shell
better obfuscation on Social Engineer Toolkit HTTP shell
added the ability to the Java Applet to write out a logfile that can be used for the IP address and port – this will be used lateron for multiple other attacks
fixed a bug with open relays and no username and password prompt, it would issue AUTH command which is not needed – thanks Justin Alcorn!
added better obfuscation on the set interactive shell and now includes a read-in logfile so you don’t need to pass parameters to it — will be used later
recompiled the Social Engineer Toolkit HTTP shell with some new functionality and features
Cleaned up Translation for RATTE-Server Interface
Updated Main Menu
Changed ownership of Social Engineer Toolkit to TrustedSec, LLC – Don’t worry everyone its still free and nothing has changed AT ALL!
Added the MS12-037 Internet Explorer Same ID Property Deleted Object Handling Memory Corruption exploit from Metasploit
Added the Microsoft XML Core Services MSXML Uninitialized Memory Corruption exploit from Metasploit
Added the MYSQL Authentication Bypass Exploit into Fast-Track
Added the F5 Root Authentication Bypass exploit into Fast-Track
Added the Adobe Flash Player Object Type Confusion exploit from Metasploit
Fixed a bug during payload creation that could cause a list index exception.
Minor performance enhancements
This new version adds much better obfuscation and handling around payloads, a number of new exploits added to Fast-Track as well as Metasploit browser exploits. There is also a new version of RATTE that has been incorporated into Social Engineer Toolkit. Bug fixes, performance enhancements, new features are all apart of this release.
The Social-Engineer Toolkit will now be developed through TrustedSec but still 100% open-source and free.
Download Social Engineer Toolkit 3.3:
Download the tarball (set.tar.gz) -
http://www.secmaniac.com/files/set.tar.gz
Our previous post regarding SET -
http://santoshdudhade.blogspot.in/2012/05/social-engineer-toolkit-set-33-released.html
Our previous post regarding SET -
http://santoshdudhade.blogspot.in/2012/05/social-engineer-toolkit-set-33-released.html