The Social-Engineer Toolkit (SET) v3.5.1 has been released. This version adds the ability to us ethe SET config to not deploy binaries to the victim machine through the Java Applet. The new configuration option can be found under config/set_config and DEPLOY_BINARIES.
The Social Engineering Toolkit (SET) is an open source, python-driven, social-engineering penetration testing framework of custom tools that solely focuses on attacking the human element of penetration testing. It was designed in order to arm penetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. The Social Engineer Toolkit leverages multiple attack vectors that take advantage of the human element of security in an effort to target attackers.
By turning this off, SET will rely solely on the POWERSHELL_INJECTION technique for compromising the victim machine. This means that you have the ability to never touch disk period during the Java Applet attack.
Full changelog below:
- Fixed a bug in command center that would cause it to not load properly.
- Fixed a bug in the new Java Applet Field Bytecode that would cause it to not properly select the payload
- Added compatibility for IE10 on the Java Applet Attack Vector
- Turned AUTO_MIGRATE=OFF to AUTO_MIGRATE=ON by default, allowing sticky processes to free up when exploitation occurs
- Added a new config option DEPLOY_BINARIES. When this is turned OFF, the Java Applet will only use the POWERSHELL_INJECTION technique and never deploy a binary. Note that you must know if the victim has POWERSHELL installed.
- Fixed a couple of typos in the credential harvester.
In addition, AUTO_MIGRATE=ON has been turned on by default and will automatically migrate to a different thread/process. In IE10, IE would freeze periodically causing issues. Even though JVM is running in a separate thread pool, it would still cause freezing intermittently. The SET Command Center (web interface) had a bug fix to allow it to work properly.
Download Social-Engineer Toolkit
