.

Social-Engineer Toolkit SET v2.2 Codename: “Son of Flynn” Released

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Nov 02, 2011 2:13 pm

Social-Engineer Toolkit SET v2.2 Codename: “Son of Flynn” Released


I have finally gotten around to adding version 2.2 of the social-engineer toolkit. After several months of working on it, it’s finally here! This release has the cool new attack vector by Matthew Graeber that leverages powershell to directly load shellcode into memory. I’ve added this attack to the teensy HID attack vector within SET. I’ve also rewritten the Java Applet to automatically grab a Metasploit payload, put it in the right format, unicode it, then base64 encode it then embed itself into a parameter that gets pulled from the Java Applet.

This will deploy a payload straight into memory through PowerShell and never touch the disk. Ever. Now what I have to say is that this is somewhat experimental, you can turn this on and test through the config/set_config. There’s a new menu option:

# THIS WILL ENABLE THE POWERSHELL SHELLCODE INJECTION TECHNIQUE WITH EACH JAVA APPLET. IT WILL BE # USED AS A SECOND FORM IN CASE THE FIRST METHOD FAILS. PLEASE NOTE THAT THIS IS EXTREMELY EXPERIMENTAL AT #THIS POINT. IT IS NOT 100 PERCENT WORKING YET.
POWERSHELL_INJECTION=OFF

I’ve noticed some potential instabilities that I’m working through, but need the community to test it. The Java Applet first detects if powershell is installed, if it is, then actually inject it straight into memory versus deploying the normal meterpreter-based executable. Powershell is installed by default on Windows Vista and Windows 7.

Amongst that change, I have decided to not release the legitimately signed Java Applet. The default unsigned applet is still included in SET. In addition to this release, the Java Applet has much more stability now as far as the Java Repeater and the deployment of shellcodeexec.



For full details:
http://www.secmaniac.com/blog/2011/10/2 ... -released/

Don
CISSP, MCSE, CSTA, Security+ SME
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Wed Nov 02, 2011 8:40 pm

Re: Social-Engineer Toolkit SET v2.2 Codename: “Son of Flynn” Released

This is an interesting find, I'm going to have to play with it.

Also, I can never resist a good Tron reference. ;)
Put that in your pipe and grep it!
<<

White ghost

User avatar

Newbie
Newbie

Posts: 36

Joined: Sun Oct 30, 2011 11:21 am

Location: ASIA

Post Thu Nov 03, 2011 1:17 am

Re: Social-Engineer Toolkit SET v2.2 Codename: “Son of Flynn” Released

yes its intersting
MCITP CCENT
<<

White ghost

User avatar

Newbie
Newbie

Posts: 36

Joined: Sun Oct 30, 2011 11:21 am

Location: ASIA

Post Thu Nov 03, 2011 1:19 am

Re: Social-Engineer Toolkit SET v2.2 Codename: “Son of Flynn” Released

can we sniff computers in other subnet with it
MCITP CCENT
<<

millwalll

Post Thu Nov 03, 2011 4:31 am

Re: Social-Engineer Toolkit SET v2.2 Codename: “Son of Flynn” Released

cool SE just keeps getting better.
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Thu Nov 03, 2011 9:06 am

Re: Social-Engineer Toolkit SET v2.2 Codename: “Son of Flynn” Released

hmm, I like Powershell..  Damn these guys, there is not enough time in the day to play with all the cool toys!!! 
Certs: GCWN
(@)Dewser

Return to Tools

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software