Social-Engineer Toolkit SET v2.2 Codename: “Son of Flynn” Released

Viewing 5 reply threads
  • Author
    Posts
    • #6994
      Don Donzal
      Keymaster

      I have finally gotten around to adding version 2.2 of the social-engineer toolkit. After several months of working on it, it’s finally here! This release has the cool new attack vector by Matthew Graeber that leverages powershell to directly load shellcode into memory. I’ve added this attack to the teensy HID attack vector within SET. I’ve also rewritten the Java Applet to automatically grab a Metasploit payload, put it in the right format, unicode it, then base64 encode it then embed itself into a parameter that gets pulled from the Java Applet.

      This will deploy a payload straight into memory through PowerShell and never touch the disk. Ever. Now what I have to say is that this is somewhat experimental, you can turn this on and test through the config/set_config. There’s a new menu option:

      # THIS WILL ENABLE THE POWERSHELL SHELLCODE INJECTION TECHNIQUE WITH EACH JAVA APPLET. IT WILL BE # USED AS A SECOND FORM IN CASE THE FIRST METHOD FAILS. PLEASE NOTE THAT THIS IS EXTREMELY EXPERIMENTAL AT #THIS POINT. IT IS NOT 100 PERCENT WORKING YET.
      POWERSHELL_INJECTION=OFF

      I’ve noticed some potential instabilities that I’m working through, but need the community to test it. The Java Applet first detects if powershell is installed, if it is, then actually inject it straight into memory versus deploying the normal meterpreter-based executable. Powershell is installed by default on Windows Vista and Windows 7.

      Amongst that change, I have decided to not release the legitimately signed Java Applet. The default unsigned applet is still included in SET. In addition to this release, the Java Applet has much more stability now as far as the Java Repeater and the deployment of shellcodeexec.

      For full details:
      http://www.secmaniac.com/blog/2011/10/26/the-social-engineer-toolkit-v2-2-codename-son-of-flynn-has-been-released/

      Don

    • #43465
      eth3real
      Participant

      This is an interesting find, I’m going to have to play with it.

      Also, I can never resist a good Tron reference. 😉

    • #43466
      White ghost
      Participant

      yes its intersting

    • #43467
      White ghost
      Participant

      can we sniff computers in other subnet with it

    • #43468
      Anonymous
      Participant

      cool SE just keeps getting better.

    • #43469
      Triban
      Participant

      hmm, I like Powershell..  Damn these guys, there is not enough time in the day to play with all the cool toys!!! 

Viewing 5 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?