Zer0Byte

Geekiest Techno News

Social-Engineer Toolkit Rebirth (SET) v2.1

Ok Geeks there is a New Update for SET our  fav Tool.

Check out the Video ( Freaking awesome, A Must Check out)

 

Full changelog below:

  • Added new menu for fasttrack integration
  •  Defined new folder structure for fasttrack integration
  • Rehauled the initial menu to slim down and break into social-engineering attacks versus Fast-Track attacks
  • Added new core module through setcore called kill_proc
  • Added new core module through setcore called meta_database
  • Added new autopwn functionality through fasttrack/autopwn.py, with the additions of fasttrack, the code is being completely redone, nothing will be the same
  • Added a new config option called METASPLOIT_DATABASE. This will be what database type to use with metasploit, default is postgresq
  •  Restructured normal set to be a new main menu versus just a calling stager. set.py and fasttrack.py will be the two main files for the functionality behind SET
  • Added scapy packet manipulation tool into src/core for indepth protocol creation lateron
  • Added portscan.py into core, this is a fast port scanner that will be used versus leveraging third party modules
  • Added new mssql module for port scanning mssql through the fasttrack menu
  • Added validate IP in the portscan to check if a solo IP address is legitimate
  • Added new definition scan() into the fasttrack mssql module
  • Added _mssql module as a dependancy and updated setup.py to include it during installation
  • Added new core module check_mssql() to ensure proper import for pymssql for Fast-Track attacks
  • Added new definition brute() for mssql brute forcing within fasttrack
  • Added the ability to use a mssql shell for raw queries for microsoft SQL based systems
  •  Added the ability to do either powershell or h2b attack method via windows debug to sql bruter
  • Added new function call launch_hex2binary in the mssql module in fasttrack
  • Fixed a bug in the interactive shell when quitting out caused a global exception for socket(AF) versus socket.socket(AF). It no longer throws an exception
  • Added all payloads from SET including interactive shell, ratte, and others into the MSSQL Bruter in Fast-Track
  • Added the ability to leverage powershell to deploy in Windows 7 and Server 2008 x64 bit systems where debug is removed
  • Added the ability to use Metasploit based payloads within the mssql bruter
  • Added a background http server nonthreaded to keep alive when SET does the mssql bruter
  • Added a new expoits section to the fast-track menu, this will be the ultimate home for custom exploits and such
  • Added MS08-067 to the new exploits section in the fasttrack menu
  • Added the Mozilla Firefox 3.6.16 mChannel Object Use After Free Exploit (Win7) in the fasttrack exploits menu section
  • Added additional spacing around the SET interactive shell to clear it up a bit when doing menu selection
  • Added the ability to trigger the auto re-enable of the xp_cmdshell stored procedure if disabled
  • Added the Apple QuickTime PICT PnSize Buffer Overflow from Metasploit to the Spear-Phishing attack vector
  • Added the Mozilla Firefox 3.6.16 mChannel use after free vulnerability from Metasploit into the Metasploit Browser attack vector
  • Added the Apple Quicktime PICT PnSize and FireFox 3.6.16 mChannel use after free to the SET-web interface
  • Fixed the menu structure around the web gui to reflect the new menu change with 1 – being social-engineering attacks versus all on the initial screen
  • Added the latest teensy attacks into the web gui, includes gnome wget, binary 2 teensy, sdcard teensy, and X10 arduino jammers
  • Added an awesome new option in the java applet attack vector, it will allow you to select shellcodeexec which means the Java applet will now deploy shellcodeexec then execute alphanumeric shellcode. Meterpreter will never touch disk!
  • Rewrote the java applet quite a bit to reflect the new changes on the java applet
  • Added new options in payloadgen for the java applet new menu structure for shellcodeexec
  • Added reverse meterpreter, reverse https, reverse http to the shellcodeexec attack
  • Fixed a bug that caused the create a fileformat payload to error out when specifying certain payloads
  • Added similar format to new menu structure to the SET interactive shell
  • Fixed some carriage return issues within the SET interactive shell
  • Fixed a bug that caused java repeater to not work properly (thanks Kevin Mitnick for bug report)
  • Added better URL handling of java repeater for post acceptance redirect
  • Fixed a long standing bug that would randomly cause internet explorer to crash, had to do with java applet and waitfor() on bufferstreams
  • Custom compiled shellcodeexec to not print any output and obfuscate
  • Added randomized obfuscation on shellcodeexec to randomize each time its deployed
  • Fixed a bug in SET interactive shell that would randomly cause bypassuac to throw an uploads exception
Related Links
Categories: Linux, Tools, TOP NEWS

Comments

  1. Regrettably, for many cloud computing platforms the car example you provide doesn’t compute. You may notice a vehicle as a means to an end, and all you care about is getting there, then you need an application platform like Google’s AppEngine. Here you merely add an application, and the rest is resolved. If on the other hand you run ec2, you’re no longer concerning about hardware, but still about instances and virtual servers. Every one of them run OS’s that need to be maintained; it’s like taking taxi’s but still having to know everything about the taxi’s engines. I predict that down the road we’ll move towards AppEngine like designs or ‘managed clouds’.

  2. i appreciate for that did wy explaining this