Social-Engineer Toolkit (SET) Updates on 0.6.1

Bookmark and Share

Worked a bit on SET last night to allow a few new updates. For one, there was certain scenarios where you would utilize NAT/Port Forwarding instead of having a fully dedicated machine on the outside. This would cause issues because the Java Applet needed to bind to your local interface. This has now changed and a new flag has been added. When you turn off the AUTO_DETECT=OFF, you will be prompted and asked if your in a NAT/Port Forward scenario and allow you to specify an external IP address and eliminate the issues with that.

In addition, there are certain circumstances where most organizations don�t allow the client browser to download an executable from the internet for obvious reasons. The java applet attack vector now downloads a raw file with no extension type that is randomized each time. Once downloaded it writes out the file as an executable and essentially bypasses potential restriction mechanisms for executable.

A couple of minor bug fixes as well through this process, I broke the Java Applet attack vector last night but all of that�s working now, was primarily due to me changing the NAT/Port forward, required a bit of rehaul on the applet attack internals

See: http://www.secmaniac.com

{ 0 komentar... Views All / Send Comment! }

Posting Komentar