The Social-Engineer Toolkit (SET) v5.2 “Urban Camping” Released
The Social-Engineer Toolkit (SET) version 5.2 codename “Urban Camping” has been released. This version adds a complete rewrite of the PowerShell injection techniques within SET and incorporates an automatic process downgrade attack detailed here: https://www.trustedsec.com/may-2013/native-powershell-x86-shellcode-injection-on-64-bit-platforms/. The attack will automatically detect if PowerShell is installed, then detect what platform its running on. If 64 bit is detected, it will automatically downgrade the process to a 32 bit process for native shellcode injection.
In addition to the PowerShell improvements, the Java Applet now supports stronger string encryption and obfuscation and continues to be uploaded to github every two hours. Lastly, major bug fixes, improved SSL support, new Multi-Pyinjector and PyInjector, and a slew of new features are some of the changes to this release.
In addition to the PowerShell improvements, the Java Applet now supports stronger string encryption and obfuscation and continues to be uploaded to github every two hours. Lastly, major bug fixes, improved SSL support, new Multi-Pyinjector and PyInjector, and a slew of new features are some of the changes to this release.
For a full change log, read below:
* incorporated the new x86 PowerShell downgrade attack. This will automatically use x86 shellcode regardless of operating system. (https://www.trustedsec.com/may-2013/native-powershell-x86-shellcode-injection-on-64-bit-platforms/)
* changed platform detection from if($env:PROCESSOR_ARCHITECTURE -eq “AMD64″) to [IntPtr]::Size -eq 6 (thanks Matthew Graeber)
* rewrote payload generator in powershell menu to use new process downgrade attack
* rewrote java applet to use the new process downgrade attack
* rewrote powershell generation within setcore to use the powershell downgrade attack
* changed the default Java Applet wording to “Applet verified as safe (TRUSTED)”.
* fixed a bug that would cause SQL bruter to error out when specifying a single host and the host was not alive
* fixed a bug that would allow you use web templates with webjacking and tabnabbing which it should not have
* removed old encoding methods when using standard metasploit executables
* fixed an issue that would not allow SSL and harvester to work correctly – this required manually patching socket.py and keeping a patched version in the root directory upon launch. This is due to a bug in pyopenssl and unhandled packet handling within socket.py
* added more stability to the SSL harvester when using pem certificate files
* added powershell downgrade attack to psexec powershell attack
* added ExitOnSession to false when using psexec command
* added set EnableStageEncoding true when using psexec command for stager encoding with shikata
* added better stability to the powershell injection attacks with multiple detection points
* fixed an issue that would cause an error message when reusing credential harvester
* added proper cleanup on new socket.py – has to be in SET root – weird issue when os.chdir or sys.path.append – doesn’t recognize
* removed man left in the middle from the web attacks menu
* streched the text on the menu to be full line versus manual splitting
* added new code and binary for pyinjector to evade AV
* added new code and binary for multipyinjector to evade AV
* officially removed the “set” command and moved to se-toolkit, set was a linux command and conflicted – use se-toolkit from here on out
* simplified the replace code for the shellcode powershell injection technique in setcore
* improved string encryption on the java applet attack
* added -noprofile flag option to powershell injection for x86 downgrade attack
* slimmed down the code used for the powershell injection attacks, allows more space for shellcode
* changed platform detection from if($env:PROCESSOR_ARCHITECTURE -eq “AMD64″) to [IntPtr]::Size -eq 6 (thanks Matthew Graeber)
* rewrote payload generator in powershell menu to use new process downgrade attack
* rewrote java applet to use the new process downgrade attack
* rewrote powershell generation within setcore to use the powershell downgrade attack
* changed the default Java Applet wording to “Applet verified as safe (TRUSTED)”.
* fixed a bug that would cause SQL bruter to error out when specifying a single host and the host was not alive
* fixed a bug that would allow you use web templates with webjacking and tabnabbing which it should not have
* removed old encoding methods when using standard metasploit executables
* fixed an issue that would not allow SSL and harvester to work correctly – this required manually patching socket.py and keeping a patched version in the root directory upon launch. This is due to a bug in pyopenssl and unhandled packet handling within socket.py
* added more stability to the SSL harvester when using pem certificate files
* added powershell downgrade attack to psexec powershell attack
* added ExitOnSession to false when using psexec command
* added set EnableStageEncoding true when using psexec command for stager encoding with shikata
* added better stability to the powershell injection attacks with multiple detection points
* fixed an issue that would cause an error message when reusing credential harvester
* added proper cleanup on new socket.py – has to be in SET root – weird issue when os.chdir or sys.path.append – doesn’t recognize
* removed man left in the middle from the web attacks menu
* streched the text on the menu to be full line versus manual splitting
* added new code and binary for pyinjector to evade AV
* added new code and binary for multipyinjector to evade AV
* officially removed the “set” command and moved to se-toolkit, set was a linux command and conflicted – use se-toolkit from here on out
* simplified the replace code for the shellcode powershell injection technique in setcore
* improved string encryption on the java applet attack
* added -noprofile flag option to powershell injection for x86 downgrade attack
* slimmed down the code used for the powershell injection attacks, allows more space for shellcode
Source-