mirror of
https://github.com/trustedsec/social-engineer-toolkit
synced 2024-11-27 15:00:27 +00:00
Added a script for me to use
This commit is contained in:
parent
bf0ac67474
commit
1cef0b285c
5 changed files with 22 additions and 11 deletions
|
@ -8,4 +8,4 @@ DISCLAIMER: This is only for testing purposes and can only be used where strict
|
|||
|
||||
Any modifications, changes, or alterations to this application is acceptable, however, any public releases utilizing this code must be approved by TrustedSec. Check the LICENSE file for more information.
|
||||
|
||||
The Social-Engineer Toolkit is an open-source penetration testing framework designed for Social-Engineering. SET has a number of custom attack vectors that allow you to make a believable attack in a fraction of the time. SET is a product of TrustedSec, LLC - An Information Security consulting firm located in Cleveland Ohio.
|
||||
The Social-Engineer Toolkit is an open-source penetration testing framework designed for Social-Engineering. SET has a number of custom attack vectors that allow you to make a believable attack in a fraction of the time. SET is a product of TrustedSec, LLC - An Information Security consulting firm located in Cleveland, Ohio.
|
||||
|
|
|
@ -170,7 +170,7 @@ TERMINAL=SOLO
|
|||
### Digital signature stealing method must have the pefile Python modules loaded
|
||||
### from http://code.google.com/p/pefile/. Be sure to install this before turning
|
||||
### this flag on!!! This flag gives much better AV detection
|
||||
DIGITAL_SIGNATURE_STEAL=ON
|
||||
DIGITAL_SIGNATURE_STEAL=OFF
|
||||
#
|
||||
### These two options will turn the upx packer to on and automatically attempt
|
||||
### to pack the executable which may evade anti-virus a little better.
|
||||
|
@ -220,13 +220,10 @@ POWERSHELL_INJECT_PAYLOAD_X86=windows/meterpreter/reverse_tcp
|
|||
### NOTE THAT POWERSHELL INJECTION MUST BE SET TO ON.
|
||||
POWERSHELL_MULTI_INJECTION=ON
|
||||
#
|
||||
### THIS WILL CONFIGURE WHICH PORTS TO USE FOR POWERSHELL INJECTION
|
||||
POWERSHELL_MULTI_PORTS=443,21,22,25
|
||||
#
|
||||
### THIS WILL SPECIFY WHICH PORTS TO ITERATE THROUGH TO DO THE POWERSHELL INJECTION. NOTE IF YOU ARE USING SET
|
||||
### PORT 80 IS USED BY THE WEB SERVER. THE REST OF PORTS SHOULD BE OPEN. CONSIDER IF YOU WANT TO USE PORT 80 TO
|
||||
### PLACE THE LISTENER ON A DIFFERENT SERVER.
|
||||
POWERSHELL_MULTI_PORTS=21,22,23,25,53,3389,443,8080
|
||||
POWERSHELL_MULTI_PORTS=22,53,443
|
||||
#
|
||||
### This will display the output of the powershell injection attack so you can see what is being placed on the
|
||||
### system.
|
||||
|
|
|
@ -9,10 +9,10 @@
|
|||
# SET updated using the 'Update SET Configuration' menu item in #
|
||||
# the main menu. This file will be updated with the new settings. #
|
||||
# #
|
||||
# set_config.py generated: 2013-03-14 10:18:10.495402 #
|
||||
# set_config.py generated: 2013-03-15 11:13:36.564372 #
|
||||
# #
|
||||
#######################################################################
|
||||
CONFIG_DATE='2013-03-14 10:18:10.495402'
|
||||
CONFIG_DATE='2013-03-15 11:13:36.564372'
|
||||
METASPLOIT_PATH="/opt/metasploit/apps/pro/msf3"
|
||||
METASPLOIT_DATABASE="postgresql"
|
||||
ENCOUNT=4
|
||||
|
@ -50,7 +50,7 @@ COMMAND_CENTER_INTERFACE="127.0.0.1"
|
|||
COMMAND_CENTER_PORT=44444
|
||||
SET_INTERACTIVE_SHELL=True
|
||||
TERMINAL="SOLO"
|
||||
DIGITAL_SIGNATURE_STEAL=True
|
||||
DIGITAL_SIGNATURE_STEAL=False
|
||||
UPX_ENCODE=True
|
||||
UPX_PATH="/usr/bin/upx"
|
||||
AUTO_REDIRECT=True
|
||||
|
@ -65,8 +65,7 @@ POWERSHELL_INJECTION=True
|
|||
POWERSHELL_INJECT_PAYLOAD_X64="windows/x64/meterpreter/reverse_tcp"
|
||||
POWERSHELL_INJECT_PAYLOAD_X86="windows/meterpreter/reverse_tcp"
|
||||
POWERSHELL_MULTI_INJECTION="True"
|
||||
POWERSHELL_MULTI_PORTS="443,21,22,25"
|
||||
POWERSHELL_MULTI_PORTS="21,22,23,25,53,3389,443,8080"
|
||||
POWERSHELL_MULTI_PORTS="22,53,443"
|
||||
POWERSHELL_VERBOSE=False
|
||||
WEB_PROFILER=False
|
||||
DEPLOY_OSX_LINUX_PAYLOADS="False"
|
||||
|
|
|
@ -25,6 +25,10 @@ version 4.7
|
|||
* rewrote the java jar file to handle multiple powershell alphanumeric shellcode points injected into applet.
|
||||
* added signed and unsigned jar files to the java applet attack vector
|
||||
* removed create_payload.py from saving files in src/html and instead in the proper folders src/program_junk
|
||||
* fixed a payload duplication issue in create_payload.py, will now check to see if port is there
|
||||
* removed a pefile check unless backdoored executable is in use
|
||||
* turned digital signature stealing from a pefile to off in the set_config file
|
||||
* converted all src/html/msf.exe to src/program_junk/ and fixed an issue where the applet would not load properly
|
||||
|
||||
~~~~~~~~~~~~~~~~
|
||||
version 4.4.5
|
||||
|
|
11
src/webattack/java_applet/unsigned.py
Normal file
11
src/webattack/java_applet/unsigned.py
Normal file
|
@ -0,0 +1,11 @@
|
|||
#!/usr/bin/python
|
||||
#
|
||||
# simple jar file
|
||||
#
|
||||
import subprocess
|
||||
import os
|
||||
subprocess.Popen("rm Java_Update.jar", stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=True)
|
||||
subprocess.Popen("rm Java.class", stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=True)
|
||||
subprocess.Popen("javac Java.java", shell=True).wait()
|
||||
subprocess.Popen("jar cvf Java_Update.jar Java.class", shell=True).wait()
|
||||
print "[*] Jar file exported as Java_Update.jar"
|
Loading…
Reference in a new issue