Focus on The Social-Engineer Toolkit (SET) v5.2 “Urban Camping”
This version adds a complete rewrite of the PowerShell injection techniques within SET and
incorporates an automatic process downgrade attack detailed here:
https://www.trustedsec.com/may-2013/native-powershell-x86-shellcode-injection-on-64-bitplatforms/.
The attack will automatically detect if PowerShell is installed, then detect what
platform its running on. If 64 bit is detected, it will automatically downgrade the process to a 32
bit process for native shellcode injection.
[adsense size='1']
Changelog :
* incorporated the new x86 PowerShell downgrade attack. This will automatically use x86
shellcode regardless of operating system. (https://www.trustedsec.com/may-2013/nativepowershell-
x86-shellcode-injection-on-64-bit-platforms/)
* changed platform detection from if($env:PROCESSOR_ARCHITECTURE -eq “AMD64?) to
[IntPtr]::Size -eq 6 (thanks Matthew Graeber)
* rewrote payload generator in powershell menu to use new process downgrade attack
* rewrote java applet to use the new process downgrade attack
* rewrote powershell generation within setcore to use the powershell downgrade attack
* changed the default Java Applet wording to “Applet verified as safe (TRUSTED)”.
* fixed a bug that would cause SQL bruter to error out when specifying a single host and the
host was not alive
more info and download : https://github.com/trustedsec/social-engineer-toolkit
Gloss