We now have Social Engineer Toolkit version 3.6!
This release has a funny codename – “MMMMhhhhmmmmmmmmm".
This release incorporates the SCCM attack vectors demonstrated at Defcon. The automation piece is still under development and expected to be released soon. In addition, new exploits have been released as well as additional enhancements and bug fixes.
The Social Engineering Toolkit (SET) is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing. It was designed in order to arm penetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. The Social Engineer Toolkit leverages multiple attack vectors that take advantage of the human element of security in an effort to target attackers.”
Official Social Engineer Toolkit change log:
- adds the new SCCM attack vector to the social-engineer toolkit – allows you to patch SCCM servers to deploy backdoors
- updated the web gui interface to add updates to exploits
- fixed a menu bug in the web interface that would repeater numbers
- added the MSCOMCTL ActiveX Buffer Overflow (ms12-027) exploit to the web interface
- added the shellcodeexec alphanumeric shellcode payload to the web interface
- added Java Applet Field Bytecode Verifier Cache Remote Code Execution to the web interface
- added MS12-037 Internet Explorer Same ID Property Deleted Object Handling Memory Corruption to the web interface
- added Microsoft XML Core Services MSXML Uninitialized Memory Corruption to the web interface
- added Adobe Flash Player Object Type Confusion to the web interface
- fixed a menu bug that would not allow you to return to the previous menu in the java applet
- fixed a bug that would cause the multi-attack Metasploit, java applet, and cred harvester to not work on the right ports and raise a exceptions
- added background listener to credential harvester and multi-attack — allows credential harvester to continue to run even if Metapsloit has been exited
- fixed a bug that would still flag any website as cloned successfully. The new code fixes that by checking to ensure the site was properly cloned.
- fixed a cloning web bug that would error out then continue with payload selection
- added a cleanup routine to the web cloner for post completion on the cloner, this fixes a repetitive issue when launching multiple attacks in the menu system
svn co http://svn.trustedsec.com/social_engineering_toolkit set/Previous posts regarding SET -
http://santoshdudhade.blogspot.in/2012/07/social-engineer-toolkit-set-351-released.html
http://santoshdudhade.blogspot.in/2012/05/social-engineer-toolkit-set-33-released.html
http://santoshdudhade.blogspot.in/2012/07/social-engineer-toolkit-34.html
0 comments:
Post a Comment