Wednesday, February 24, 2010

Social-Engineering Toolkit (SET) V0.4.1 Rise of the Pink Pirate

One of the biggest complaints on SET v0.4 was the anti-virus detection, well the default option now allows you to utilize multi-encoder options through msfencode to piggy back multiple methods. I spent about 8 hours going through every combination of A/V detection and finding which combination worked the best. It’s not a 100 percent science and it changes since shikata is a polymorphic-based shellcode. The combination I ended up coming up with was:

Shikata encoding 5 times
Alpha_Upper encoding 2 times
Shikata encoding 5 times
Countdown encoding 5 times

This combination gets around roughly 85 percent of the virus vendors out there. This will probably need to continuously changed. I am also looking at writing a dynamic encoder custom to SET that would create a decoder stub in memory and would be somewhat polymorphic and add on-top of the encoders in MSF. Hopefully have this in 0.5 which is expected to release in the April timeframe.

To access this new feature, do the following:

Video demo: Social-Engineer Toolkit High-Level Demo

No comments: