The Social-Engineer Toolkit v1.5 Released |
The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
Official change log:
Added shell.py to support both Linux and OSX for the SET Interactive Shell, uses same code repository
Added shell to support Linux/OSX for SET Interactive Shell
Added download to support Linux/OSX for SET Interactive Shell
Added upload to support Linux/OSX for SET Interactive Shell
Added ps to support Linux/OSX for SET Interactive Shell
Added kill to support Linux/OSX for SET Interative Shell
Fixed a bug in mass mailer where TLS would execute after ehlo not before. Thanks pr1me
Changed download path to replace forward and back slashes with a _ so it would not cause strange nix issues with back slashes and forward slashes in the SET Interactive Shell
Added better integer handling when running listener.py by itself without specifying a port
Redesignated filename shell.binary to shell.windows and shell.linux (PE vs. ELF binary)
Added separate installers for shell.linux and shell.osx, to many differences between the two and needed different compiling.
Added instructions in shell.py how to compile for each flavor operating system including windows, linux, and osx
Added reboot now into the SET interactive Shell
Added persistence to the SET interactive shell with a completely custom written python-bytecompiled service. Essentially uploads service to victim, that calls interactive shell every 30 minutes
Added name distinguishing per windows/posix systems so it will show up POSIX or WINDOWS on interactive shell, will also show WINDOWSUAC-SAFE and WINDOWSSYSTEM.
Added the MS11-050 IE mshtml!CObjectElement Use After Free exploit from Metasploit
Added dynamic packing to download/upload for persistence, better AV avoidance
Added MS11-050, Adobe Flash 10.2.153.1, and Cisco AnyConnect Metasploit exploits to the SET web gui
Added ‘clear’ and ‘cls’ in the SET Interactive Menu to remove whats in the screen, etc.
When using the java docbase exploit, removed ‘Client Login’ for title frame, isn’t needed
Added back command to the SET interactive shell to go back when in different menus
Fixed a bug where it would state payloadprep not defined, it was caused to UPX not fully packing the device at time of upload, a 3 second delay has been added
No comments:
Post a Comment