The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET has quickly became a standard tool in a penetration testers arsenal. SET is written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be focused attacks against a person or organization used during a penetration test.
SET is a menu driven based attack system, which is fairly unique when it comes to hacker tools. The decision not to make it command line was made because of how social-engineer attacks occur; it requires multiple scenarios, options, and customizations. If the tool had been command line based it would have really limited the effectiveness of the attacks and the inability to fully customize it based on your target.
The latest release of Social-Engineer Toolkit, SET v6.2 codename “Recharge” is now available. This version has a number of features including a redesigned Java Applet for higher and more reliable exploitation. In addition, the powershell injection technique introduced in prior versions of SET has been slimmed down by 18 bytes which allows for more characters inside one attack. This means that the reverse_https/http payloads are now supported for PowerShell Injection.
For the Java Applet, it will now smart detect if PowerShell is installed. If it is installed, it will use the powershell injection and never deploy a binary. If powershell is not installed, it will fall back on a binary. The binaries themselves do absolutely nothing until passed an encrypted string and decrypt shellcode directly into memory. These payloads have been completely rewritten and incorporate virtual machines within the executables as well as anti-debugger detection. If powershell exploitation works appropriately, a binary will never be sent to the system automatically now.
SET version 6.2.
In addition, large portions of the Social Engineer Toolkit was rewritten to move completely off msfpayload and msfencode which are now being removed inside of Metasploit. All payload generation is either done through dynamic patching of already generated shellcode or through msfvenom directly. In addition, a number of the attacks have been enhanced including the MSSQL bruter attack for more reliability and detection. Additional client-side exploits have been added through Metasploit as well as a number of other additions.
changed IP address for the payload listener to specify LHOST
included TDS as a standard impacket library
added port to MSSQL display when its compromising system
moved create_payloads in payloadgen to be compliant with msfvenom creation and moved off msfpayload and msfencode
fixed multiple files still using msfpayload or msfvenom
fixed a bug that caused a tds exceptions error when using the SQL attack (missing tds library)
updated specific wording in setoolkit launcher
slimmed powershell injection code to reduce injection code by about 17 bytes
completely randomized the java applet to the point where it will randomize the name, no longer uses Signed_Update.jar – there were signatures floating around that were detecting it based on static names
randomized and obfuscated pyinjector code base and locked into its own virtual container and debugger protection
randomized and obfuscated multi pyinjector code base and locked into its own virtual container and debugger protection
added the java applet to now smart detect if powershell is installed, if it is then it will not download an executable which could be used on detection capabilities. Powershell is plenty stable and should not require any deviations for a binary to be downloaded.
added ability to check if certain paths are legitimate, if they are will deploy payloads via java applet
full msfvenom support and conversion off msfpayload msfencode