Social Engineering Toolkit (SET) version 3.7.1 codename “Street Cred” released

The Social Engineering Toolkit (SET) is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing. It was designed in order to arm penetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. The Social Engineer Toolkit leverages multiple attack vectors that take advantage of the human element of security in an effort to target attackers.

Official Social Engineer Toolkit change log:

• added the new java disableSecurity(); bypass native to the Java Applet – coded it funny,applet still pops up but if you hit cancel it executes no problem. Thought that would be more believable.

Actually, Social-Engineer Toolkit (SET) version 3.7 codename “Street Cred” was also released a few hours before the 3.7.1 update. This version had a number of new features including the ability to utilize the SET interactive shell to directly paste shellcode straight into memory and be executed on the victim machine. In addition, the new Java Applet zero day had been incorporated into SET under the Metasploit Web Attack Vector. This version also fixed a numberof known bugs including fixes towards the Arduino attack vectors. Additionally, the Metasploit Attack Vectors now incorporate dates to let you know which exploitsare more recent. This is the change log for SET 3.7:

• added better xp_cmdshell restore options in the MSSQL attack vector for Fast-Track
• minor changes to the java applet around parameter names and signing
• added the ability to do native shellcode injection into the SET interactive shell
• added the ability to do native injection in x86 and x64 now
• reliability update to the shellcode injection attack
• added better handling around corrupt stack injection in the shellcode injection
• added AES256 support for the communication around the SET interactive shell and the new shellcode injection attack
• added the new zero day exploit from the Metasploit Framework – Java 7 Applet Remote Code Execution
• fixed a bug that caused the browser autopwn to not function properly when selected and would move to the java applet instead
• bug fixes for teensy powershell downloader (thanks John Strand)
• fixed a number of menu system bugs including moving back and forward
• fixed a multiattack issue when using java applet and metasploit client attacks
• added dates to all of the metasploit exploits to show how recent they are

Download Social Engineer Toolkit 3.7.1:

svn co http://svn.trustedsec.com/social_engineering_toolkit set/

Visit Website -
http://www.secmaniac.com

Previous post regarding SET -
http://santoshdudhade.blogspot.in/2012/07/social-engineer-toolkit-set-351-released.html
http://santoshdudhade.blogspot.in/2012/08/social-engineer-toolkitset-version-36.html
http://santoshdudhade.blogspot.in/2012/08/social-engineer-toolkitset-version-36.html
http://santoshdudhade.blogspot.in/2012/05/social-engineer-toolkit-set-33-released.html
http://santoshdudhade.blogspot.in/2012/07/social-engineer-toolkit-34.html