The Social-Engineer Toolkit (SET) version 4.4 Codename: “The Goat” has been released. This version is a large leap forward on the java applet side of the house with a newly designed payload delivery system as well as the new multi-pyinjector supporting a dynamic cipher key exchange for AES 256 encryption. The multi-pyinjector is a payload that allows you to specify as many payloads as you want and will dynamically be loaded into memory. This is useful for situations where you do not know what egress ports are allowed outbound and don’t want to fail. This version was completely rewritten, scaled back, and optimized to perform better, handle abnormalities, as well as added encryption and obfuscation.
In addition, a number of enhancements have been made on the powershell injection technique which is also much more reliable and stable within the toolkit.
Lastly, the Java applet source code has been re-opened to open source and located within the SET directory structure. In order to download the toolkit, ensure you have git installed and type:
git clone https://github.com/trustedsec/social-engineer-toolkit/ set/
If you already have the latest github version of SET, simply type git pull or run the set-update tool.
Full change log below:
* Added new folder structure under src/webattack/java_applet – this includes again the source code of the Java Applet.
* Added compile program for making applets in the java_applet directory.
* Recompliled the Java Applet to add better obfsucation.
* Edited payloadgen to utilize more base64 encoded techniques.
* Added better stability to the multi injector payload when ports are not found
* Added new core library that called EncryptAES which allows you to encrypt specific string data
* Added obfsucation into the Java Applet and placed new params to pull
* Rewrote multipyinjector for better error handling and performance
* Added AES 256 encryption to the multi-pyinjector – before it would write out the shellcode to tmp files, instead it encrypts the entire data via 256 aes then pulls via command line and does not write out the files
* Added ability for SET and Java Applet to handle multi-pyinjector AES encrypted payloads through the pycrypto modules
* Modified the payload creation to encrypt payloads on the fly with a randomized cipher key exchange – each new payload generated will be a completely different AES cipher key
* Fixed a bug that would cause powershell to not fire properly when using multi-pyinjector. It now prompts for an additional port and appends it to the meta_config_multi_pyinjector answer file for metasploit
* Fixed a bug that would cause pyinjector to not properly execucute when not using powershell injection
* Updated the Java Applet to include the new multi pyinjectir cipher key addition once executed
* New encrypted binary multi pyinjector in place
* Added time delay between firing multiple payloads. When executing multiple instances stdapi.rb freaked out and wouldn’t load. This didn’t hinder the shell but you would manually need to add the lib in order to get the standard libraries within meterpreter. This has since been fixed.
* Large redesign of multi-pyinjector which is now streamlined to be as effecient as possible
* Added better checking for multi pyinjector when using powershell to add new detections around port.options
Artillery 0.6.6 has also been released. This release incorporates a bug fix that would cause Artillery to not properly start under certain conditions. In addition, the setup installation file has been updated to create required folder structures prior to running artillery.
* fixed a typo that would cause artillery not to start in some cases
* added folder create for src/program_junk and databases/ during installation of artillery
Author: David Kennedy
Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.