The Social-Engineer Toolkit (SET) v7.2 Dirilis, SMS Spoofing Hadir Kembali

Wednesday, June 29, 2016

Bagi kalian yang sudah melihat serial Mr.Robot pasti juga memperhatikan scene social engineering dimana Eliot melakukan soceng menggunakan SMS Spoofing SET dari Kali Linux yang dia pakai. Namun ketika kalian ingin mempraktekkannya, menu SMS Spoofing yang seharusnya ada di nomor 7 tidak ada.

Karena beberapa alasan, menu SMS Spoofing memang dihapus di SET versi sebelumnya.
Namun di rilis terbarunya kemarin ( v7.2 ) dengan kodenama Wine and Gold, SMS Spoofing kembali hadir. Kali ini di menu nomor 10.

Lalu selain SMS Spoofing apa saja yang baru ?
Berikut fitur update di SET 7.2 yang saya lansir dari trustedsec
  1. fixed an issue on installer not copying SET directory properly
  2. changed delay time for HTA attack vector from 3 seconds to 10 seconds to allow proper loading
  3. added wording when using gmail and application specific passwords
  4. rewrote ms08-067 instead of being the python exploit to use the metasploit default which is much more reliable
  5. re-introduced the SMS spoofing method (now option 10) – it has been optimized and reduced to only use SMSGang as a main provider.
  6. added ability to add your own attachments via file format attacks instead of having to use the ones built in
  7. added ability to add your own attachments via mass mailer attack vector
  8. added new config option called wget_deep and incremented config to 7.2 – this will allow 1 deep download wgets
  9. added ability to select on deeper wgets through web cloner in the web attack vectors – this will allow you to clone the site and not just the index.html which might be better.. to enable this edit /etc/setoolkit/set.config and turn WGET_DEEP to on.
  10. added a new check upon startup (which may delay the start of set for a couple seconds, but it will check to see if there is a new version of SET available for you automatically – this is displayed on the main launcher UI when you first start SET
  11. fixed setup.py a bit to reflect more on whats out there.. I may convert this to a standard setup installer eventually
  12. updated the licensing agreement – should check it out =)
  13. changed the default payload in HTA and Java Applet attack to be reverse_https instead of reverse_tcp (although both can be specified)
  14. number of fixes around spacing for python3 and python3 compatibility (urllib)
  15. removed string decode on HTA attack vector which is no longer needed in python3 (and python2)
  16. changed urllib2 to import urllib instead for python2 and python3 compatibility in setcore
  17. changed encoding techniques to bytes instead of strings for python3 compatibility


Untuk cara installnya cukup mudah.
sudo su
git clone https://github.com/trustedsec/social-engineer-toolkit/ set/
cd set
python setup.py install
setoolkit

Nah menu SMS Spoofing sendiri ada di bagian :
Social-Engineering Attacks > SMS Spoofing Attack Vector .
Namun sayang karena seperti yang dijelaskan di update diatas, SMS Spoofing yang digunakan menggunakan provider SMSGang sehingga kita juga harus memiliki pincode SMSGang.
Untuk mendapatkannya kalian harus membeli dengan mata uang Euro disini :

Oke mungkin seklain dulu update kali ini, sekian dan semoga bermanfaat.

Artikel Terkait Exploit ,Hacker ,Linux ,Security

1 comment: