Published on July 11th, 2017 | by MaxiSoler0
The Social-Engineer Toolkit (SET) v7.7 “Blackout” Released
The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec, LLC – an information security consulting firm located in Cleveland, Ohio.
This version incorporates support for hostnames in the HTA attack vector, and a redesigned Java Applet attack vector. Java is still widely used in corporations and with a valid code signing certificate can be one of the easiest ways to get a shell in an organization. In this version, the Java Applet is substantially more improved on reliability, evasion, and code execution. In addition, it’s now possible to specify a text file that has multiple commands to execute which you can incorporate your own payloads. Before you could only use either your own EXE or the Meterpreter shells built into SET. If you are doing something like your own PowerShell payload or another framework, you can have multiple commands:
This will execute each command in sequence and since through HTML parameters, can be as large as you want them to be.
SET in Action!
- rewrote grab_ipaddress() function to be a centralized routine that incorporates hostnames or IP addresses.
- rewrote grab_ipaddress() to include automatic detection of ipaddress or failover to manual entry. This will allow easier selection fo IP addresses without having to drop into a different window
- add hostname support for hta attack vector
- removed deploy binaries as a default option in the set.config file
- added ability for new menu for java applet that now allows you to specify multiple commands – useful if you want to insert things like empire payloads, etc.
- rewrote java applet to have additional functionality for multiple command menu
- better handling on command output
- fixed custom applet from not working properly
- fixed custom executable from not working properly
- added new unsigned obfuscated jar file
- added Java.java source files for customization
- added new Java Applet self-signed with new expirations
- Mac OS X
More Information: here
Thanks to our friend Dave Kennedy (ReL1K), for sharing this tool with us.