Dear Geeks check out the another Cool Update from our Favorite developer @dave_rel1k .
Nice name given to the Project :p
Full changelog below:
- Added better handling when generating your own legitimate certifcate and ensure proper import into SET
- Adjusted java repeater time to have a little more delay, seems to be more reliable and stable if that occurs.
- Removed the check from the main launch of SET for pymssql and only added it when the fast-track menu was specified
- Removed the derbycon posting since it already happened. When we get closer I’ll re-add it back in with detailed information
- Removed old files in the java applet attack that were not needed.
- Added better granularity checking the Java Applet attack when the shellcode exec or normal attacks were being specified.
- Fixed a bug that caused infectious media bomb out if shellcodeexec was specified as a payload
- Added a legal disclaimer for first inital use of SET that is must be used for lawful purposes only and never malicious intent
- Added improved stability of the java applet attack through better payload detect/selection
- Fixed a bug with shellcodeexec and creating a payload and listener through SET, it would throw an exception, it now exports shellcodeexec properly and exports alphanumeric shellcode
- Added new config check inside core.py, will return value of config, easier..will gradually replace all config checks with this
- Fixed an issue that would cause AUTO_REDIRECT=OFF to still continue to redirect. This was caused from a rewrite of teh applet and the same parameters not being filtered properly
- Added more customizing Options to RATTE. Now you can specifiy custom filename ratte uses for evading local firewalls. So you can deploy RATTE as readme.pdf.exe and it will run as iexplore.exe to bypass local firewalls. You can although specify if RATTE should be persistent or not. For testing network firewalls you won’t need a persistent one. Doing a penetration test you may choose a persistent configuration.
- Fixed a bug in RATTE which could break connection to Server. RATTE now runs much more stable and can bypass high end network firewalls much more reliable.
- Added a new config option called POWERSHELL_INJECTION, this uses the technique discovered by Matthew Graeber which injects shellcode directly into memory through powershell
- Added a new teensy powershell attack leveraging Matthew Graebers attack vector.
- Rehauled the Java Applet attack to incorporate the powershell injectiont technique, its still experimental, so will remain OFF in the config by default. The applet will not detect if Powershell is installed, and if so, use the shellcode deployment method to gain memory execution without touching disk through PowerShell.
- Fixed a bug that would cause mssql bruter to error if powershell injection was enabled or other attack vectors