Worked a bit on SET last night to allow a few new updates. For one, there was certain scenarios where you would utilize NAT/Port Forwarding instead of having a fully dedicated machine on the outside. This would cause issues because the Java Applet needed to bind to your local interface. This has now changed and a new flag has been added. When you turn off the AUTO_DETECT=OFF, you will be prompted and asked if your in a NAT/Port Forward scenario and allow you to specify an external IP address and eliminate the issues with that.

In addition, there are certain circumstances where most organizations don’t allow the client browser to download an executable from the internet for obvious reasons. The java applet attack vector now downloads a raw file with no extension type that is randomized each time. Once downloaded it writes out the file as an executable and essentially bypasses potential restriction mechanisms for executable.

A couple of minor bug fixes as well through this process, I broke the Java Applet attack vector last night but all of that’s working now, was primarily due to me changing the NAT/Port forward, required a bit of rehaul on the applet attack internals.

Defcon 18 PowerShell OMFG….

This was a presentation by me and Josh Kelley (winfang) at Defcon 18 in Las Vegas Nevada.

05 Social-Engineer Toolkit (SET) – Version 0.6.1 Catch-up

Instead of redoing all of the tutorials, this is a catch-up tutorial that bridges the gap between 0.5 and 0.6.1, a significant release in the Social-Engineer Toolkit. This version incorporates a number of bug fixes, new attack vectors, and new options. Included in this tutorial is the Teensy USB/HID Attack Vector, the Man Left in the Middle Attack Vector, and the TabNabbing attack vector. You can find all of the original tutorials for the Social-Engineer Toolkit under the tutorials tab on the navigation bar.

Here is a quick demo of the newly committed Metasploit DLL Hijack exploit that was just incorporated into SET. By browsing a website, it launches a fileshare and based on what filetypes are vulnerable and if clicked on gets you a shell. By default p7c wab ppt and pptx is susceptible to attack. Note that p7c and wab does not work on Windows 7. The Metasploit team rocks!!!