Wubi Posted August 11, 2012 Report Posted August 11, 2012 Guys! The Social Engineer Toolkit (SET) has been updated recently! We now have Social Engineer Toolkit version 3.6! We wrote about the Social Engineer’s Toolkit in our old post here. This release has a funny codename – “MMMMhhhhmmmmmmmmm.” This release incorporates the SCCM attack vectors demonstrated at Defcon. The automation piece is still under development and expected to be released soon. In addition, new exploits have been released as well as additional enhancements and bug fixes. Full change log can be found below.“The Social Engineering Toolkit (SET) is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing. It was designed in order to arm penetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. The Social Engineer Toolkit leverages multiple attack vectors that take advantage of the human element of security in an effort to target attackers.”Official Social Engineer Toolkit change log:adds the new SCCM attack vector to the social-engineer toolkit – allows you to patch SCCM servers to deploy backdoors updated the web gui interface to add updates to exploits fixed a menu bug in the web interface that would repeater numbers added the MSCOMCTL ActiveX Buffer Overflow (ms12-027) exploit to the web interface added the shellcodeexec alphanumeric shellcode payload to the web interface added Java Applet Field Bytecode Verifier Cache Remote Code Execution to the web interface added MS12-037 Internet Explorer Same ID Property Deleted Object Handling Memory Corruption to the web interface added Microsoft XML Core Services MSXML Uninitialized Memory Corruption to the web interface added Adobe Flash Player Object Type Confusion to the web interface fixed a menu bug that would not allow you to return to the previous menu in the java applet fixed a bug that would cause the multi-attack Metasploit, java applet, and cred harvester to not work on the right ports and raise a exceptions added background listener to credential harvester and multi-attack — allows credential harvester to continue to run even if Metapsloit has been exited fixed a bug that would still flag any website as cloned successfully. The new code fixes that by checking to ensure the site was properly cloned. fixed a cloning web bug that would error out then continue with payload selection added a cleanup routine to the web cloner for post completion on the cloner, this fixes a repetitive issue when launching multiple attacks in the menu system Download Social Engineer Toolkit 3.6:svn co / - Revision 1467: /social_engineering_toolkit set/Sursa: Social Engineer Toolkit version 3.6! — PenTestIT Quote