tomyk Posted February 21, 2012 Report Posted February 21, 2012 Full changelog below:~~~~~~~~~~~~~~~~version 3.0~~~~~~~~~~~~~~~~* added the Adobe U3D memory corruption exploit from Metasploit to SET* added new core library check_os for smart OS detection* bug fix in Phishing using the smtp_client module (Thanks for the patch Stephen Haywood)* rehauled set launcher to be windows compliant* rehauled set-proxy to be windows compliant* rehauled setup.py to be windows compliant* rehauled setcore to be windows compliant* added a new directory called thirdparty, this will dynamically import modules that are required versus having to install, if that fails you will have to manually download and install the depends* removed the subprocess.Popen depends on src/core/set.py, this is no longer needed and covered to os.remove, os.makedirs, and shutil.copyfile instead* Completely rehauled src/html/web_server.py to where it is no longer needed using pexpect. The goal is to move all depends to not require pexepct as it is not supported in Windows. All code now resides in src/html/spawn.py and is multi threading and background threaded* spawn.py uses multi-threaded webserver and rehauled to be windows compliant. pexpect is no longer used for windows systems as it is not supported, had to move to os.system for now, importing the module with thread locks caused lockup issues* rehauled listener.py to be compatible with windows* fixed a bug that would cause pexpect to not be found if selecting SET interactive shell (no longer needed)* rehauled src/webattack/web_clone/cloner.py to be windows compliant and now supports java applet attack rewrite for wgeting websites* changed set executable to cleanup program_junk but skip .svn which would cause conflicts, this works on both windows and nix based systems* fixed a bug on credential harvester if it wasn’t installed it should except via ImportError versus IndexError. this was changed to ImportError and allow normal execution while disabling SSL support* rehauled src/webattack/harvester/scraper.py to be windows compliant* rehauled src/webattack/harvester/harvester.py to be windows compliant* added the ability to keep execution flow of the backdoored executable (thanks pure_hate), this is now configurable through the config/set_config but disabled by default* added a new option in config/set_config to allow customized user-agent strings when doing web_cloning..some websites only support certain browser versions, this will allow you to change to whatever browser ou want* changed the user agent string from mozilla firefox 3.6 to be Windows 7 IE 8, more compatibility with websites: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)* removed the ability to be able to use spear phishing or wireless attack vectors on Windows for now* converted src/webattack/web_clone/cloner.py to be the standard import for setcore, it was from src.core import setcore as core, changed to from src.core.setcore import ** bug fix when launching java applet attack and metasploit in 3.0 would cause the listener to not spawn properly* bug fix when selecting the SET interactive shell it would not copy the proper executable to pack/obfuscate* bug fix that would cause the last exploit in spear phishing to not show a number* changed some output on wget to use -O instead of standard moves to filenames, much cleaner* major bug fix on how the listener and SET interactive shell handled non-encrypted communications* added proper encryption/decryption routines to interactive shell and set listener* added the ability to leverage partial encryption/decryption of communications to interactive shell and listener* fixed a bug that would cause the shell to not work properly due to an invalid content length when parsing through payload* fixed a bug that would prompt for port on SET interactive shell even after it was specified* rewrote fasttrack mssql attack vector to be windows compliant – had to switch off pexpect and move to os.system with unthreaded http server modules* added verbose messaging to attack vectors that are not yet supported for SET* rehauled multiattack to support windows-based attacks – it also now prompts if invalid payloads are selected* fixed a bug that when selecting menu 99 within multiattack, would say invalid selection. it now properly exits* increased the response time for using the SET interactive shell, it now loads much quicker* added a new config option to either use a staged downloader or download the SET interactive shell directory, this new feature is best for A/V detection but might be a little slower on what the user experiences. All of my testing shows that it doesn’t however I’m also not testing over the Internet. The main problem is the staged downloader does a download/exec which would get flagged by AV. The SET interactive shell on the other hand is a wrapped python interpreter so its much harder to detect and flag with signatures. This new config option can be turned on to support staged configs if you aren’t worried about A/V.* added new options within payloadprep.py (SET Interactive Shell prep) to detect the new config change options and flag the SE Interactive Shell as the main staged downloader* rewrote the Java Applet attack including the jar file to incorporate the straight staged downloader* added a new attack vector that I’ve been promising for several months called the QRCode Generator Attack Vector.. Create a QRCode with a URL then create a SET attack vector to assist with the attack* added new set menus to setcore so when you launch set theres some new ascii art… yea i got a little bored* fixed a bug that would cause the new stager option to not work within the Fast-Track MSSQL bruter menu* added a check to see if metasploit path was found, if not it will limit payloads only to SE Toolkit ones* added better handling around metasploit path detection and trigger error message when msf path is not set* added checking in set.py to detect attack vectors that require metasploit* added a new cleanup routine that circles through directories cleaning up remenants of things saved out during normal operation* rewrote portions of teensy payloads to support windows* fixed a bug that would cause the menu to not load properly randomly (randrang was from 1 to 8 versus 2 to 8)* added permission change to executable on ratteserver so that it will always function normally if execute flag is removed* fixed a path issue with RATTEServer that would cause it to not properly load and flag an issue* converted RATTEServer to os.system versus pexpect child.spawn – easily more portable and less reliability on third party module* added RATTEServer for Windows (Cygwin mod) to support Windows operating system* added RATTEServer to payload selection list to now be supported via windows operating systems* added RATTEServer to payloadprep and spawn.py to deploy RATTEServer based on operating system i.e. windows/posix* added the ability to import custom binaries into windows versus linux only mode* fixed a bug in RATTEServer that would flag an error when spawning RATTE on Windows* added a chmod +x routine per each run of set instance if posix is detected.. will make it easier if certain permissions aren’t set properly* added the ability to natively copy ratteserver.binary and cygwin to program_junk to be run* added payloadprep detailed error logging to the default log file being generated by SET* rehauled java applet to add additional features and re-compiled and signed* rewrote portions of shellcodeexec for better a/v avoidanceSursa:http://secmaniac.com Quote
bogdan_99rap Posted February 21, 2012 Report Posted February 21, 2012 Salut, stii cumva numele melodiei de pe fundal?? daca da da-mi un pm Quote
Skribul222 Posted February 22, 2012 Report Posted February 22, 2012 Salut, stii cumva numele melodiei de pe fundal?? daca da da-mi un pmDeci ce mentalitate are omu, doamne fereste, cineva arata un site misto, pe altul il intereseaza ce muzik e pe fundalul la prezentare... Quote
malsploit Posted February 22, 2012 Report Posted February 22, 2012 si de unde il descarc?Deja este inclus in backtrack.Daca ai alta distributie : cat brain | grep interesting >> blog • install set and metasploit on ubuntuDaca vrei mai multe detalii despre folosirea lui: 15 Step to Hacking Windows Using Social Engineering Toolkit and Backtrack 5 | Vishnu Valentino Ethical Hacking Tutorial, Security Tips and Trick Quote
poweromania Posted February 23, 2012 Report Posted February 23, 2012 Dar nu exista si o versiune pentru windows? Pentru ca tipul din tutorial il foloseste pe windows. Quote