SET 0.5 – Client Sides, Web Cloning and HakSaws – The Lemon Strikes Back

default-featured-image

The Social-Engineer Toolkit (SET) has progressed over the months thanks to the suggestions and collaboration with the security community. With this version, I am proud to announce the immediate release of the Social-Engineer Toolkit v0.5. 4/16/2010 at 9:00pm EST

Before getting into the new attack vectors, let’s talk about the improvements from 0.4 to 0.5:

* The ability to utilize the -x flag within Metasploit, this is much better for A/V bypass. SET has a built in legitimate executable that it backdoors. Running this through VirusTotal showed only 1 A/V company was picking this up and it was hit and miss.

* Over 35 bug fixes, I spent a large time beta testing and giving it to people that would test it to find issues with it. Thanks to all of the beta testers, your help was awesome.

* Ettercap no longer does the single HREF replacement custom filter method. Instead, it DNS poisons the entire subnet you’re on and redirects them back to your malicious site. You can utilize either a single site for example blahblah.com or do a “*” which will do every single site.

* Rehauled the custom web server within Python to now handle POST requests, this will come into play later.

* Added the latest Sun Java zero-day vulnerability into the Metasploit attack vector.

* Added better user-agent handling to impersonate Firefox better when ripping a site.

* Expanded the site templates instead of the “Java Required” website, there are now pre-defined templates you can use.

If those changes weren’t enough, lets discuss the new vectors available to you in SET v0.5:

Harvesting Credentials: You can now utilize the credential harvester method in conjunction with the website cloning to harvest usernames and passwords. Essentially, SET will first clone a website. You then coax a victim into coming to the site, and it will rewrite the webpages post parameters to POST to the local server which stores them. After that, the victim is redirected back to the original site you cloned.

Reporting Engine: After your finished owning the target through SET’s attack vectors, an HTML based report as well as an XML export will be generated with all of the parameters it was able to harvest. This attack vector alone is a great addition to the toolkit, and allows the ability to do something other then complete pwnage.

Custom HakSaw – The SET way: The next addition allows you to create a infectious USB/DVD/CD with a simple autorun.inf. This attack is pretty simple but will get more advanced as we go down the road. Essentially, a folder is created which you can burn to a DVD/CD and when it is inserted into a machine with autorun enabled, it will execute a Metasploit payload for you.

SET has taken a life on of its own. Even though there are countless hours into perfecting this tool, I want to thank all the people who have helped with ideas, vectors, code and testing. We are all very excited about this release and the new capabilities it brings to the toolkit. If you have any questions, new feature ideas, or bugs, always feel free to report them to: [email protected].

Again – 9:00pm EST April 16th 2010, is another sign that the end is near!

Maltego 3 Leaked – A Social Engineers Dream

default-featured-image

The guys at Paterva are at it again. The tool that we all know and love, Maltego, has taken massive leaps into the future of information harvesting. The Paterva crew gave about 9 people in the world access to the new and MASSIVELY improved Maltego 3. I quickly installed it and after a few uses I forgot all about Maltego 2….

Stealing Credentials via Social Engineering

default-featured-image

The main objective was to compromise someone’s existing password which would provide ongoing opportunities to access all sorts of company systems in a stealth mode.

This exercise demonstrates what can be accomplished by an attacker, potentially an insider threat, in a very short period of time through non-technical means, mainly a telephone.

Client Sides and Adobe 9.3

default-featured-image

Exploit works with Adobe Javascript disabled.
Tested : successfully tested on Adobe Reader 9.1/9.2/9.3 OS Windows XP(SP2,SP3 any languages), also works with Adobe browser plugin

A new level to spearphishing

default-featured-image

Heck, most intelligent IT Admins won’t click on the link to “See Britney Naked” or “Adjust your Bank of America Account” because they know it is phishing.

But comes in the “new and improved shiny phishing”. These social engineers have done their homework.

Forget Big Brother…. We Have High Schools

default-featured-image

Basically the gist of the story is that a school in Philadelphia USA issues laptops to their students. One day Little Blake Robbins goes to school and is slapped with a “improper behavior in his home” disciplinary action.