The Social-Engineer Toolkit (SET) has progressed over the months thanks to the suggestions and collaboration with the security community. With this version, I am proud to announce the immediate release of the Social-Engineer Toolkit v0.5. 4/16/2010 at 9:00pm EST
Before getting into the new attack vectors, let’s talk about the improvements from 0.4 to 0.5:
* The ability to utilize the -x flag within Metasploit, this is much better for A/V bypass. SET has a built in legitimate executable that it backdoors. Running this through VirusTotal showed only 1 A/V company was picking this up and it was hit and miss.
* Over 35 bug fixes, I spent a large time beta testing and giving it to people that would test it to find issues with it. Thanks to all of the beta testers, your help was awesome.
* Ettercap no longer does the single HREF replacement custom filter method. Instead, it DNS poisons the entire subnet you’re on and redirects them back to your malicious site. You can utilize either a single site for example blahblah.com or do a “*” which will do every single site.
* Rehauled the custom web server within Python to now handle POST requests, this will come into play later.
* Added the latest Sun Java zero-day vulnerability into the Metasploit attack vector.
* Added better user-agent handling to impersonate Firefox better when ripping a site.
* Expanded the site templates instead of the “Java Required” website, there are now pre-defined templates you can use.
If those changes weren’t enough, lets discuss the new vectors available to you in SET v0.5:
Harvesting Credentials: You can now utilize the credential harvester method in conjunction with the website cloning to harvest usernames and passwords. Essentially, SET will first clone a website. You then coax a victim into coming to the site, and it will rewrite the webpages post parameters to POST to the local server which stores them. After that, the victim is redirected back to the original site you cloned.
Reporting Engine: After your finished owning the target through SET’s attack vectors, an HTML based report as well as an XML export will be generated with all of the parameters it was able to harvest. This attack vector alone is a great addition to the toolkit, and allows the ability to do something other then complete pwnage.
Custom HakSaw – The SET way: The next addition allows you to create a infectious USB/DVD/CD with a simple autorun.inf. This attack is pretty simple but will get more advanced as we go down the road. Essentially, a folder is created which you can burn to a DVD/CD and when it is inserted into a machine with autorun enabled, it will execute a Metasploit payload for you.
SET has taken a life on of its own. Even though there are countless hours into perfecting this tool, I want to thank all the people who have helped with ideas, vectors, code and testing. We are all very excited about this release and the new capabilities it brings to the toolkit. If you have any questions, new feature ideas, or bugs, always feel free to report them to: [email protected].
Again – 9:00pm EST April 16th 2010, is another sign that the end is near!