10.6. Additional SET Features

We won’t cover every aspect of the Social-Engineer Toolkit, but it does have some particularly notable aspects. One tool of note is the SET Interactive Shell: an interactive shell that can be selected as a payload instead of Meterpreter. Another feature is RATTE (Remote Administration Tool Tommy Edition), a full HTTP tunneling payload that was created by Thomas Werth. It relies on HTTP-based communications and piggybacks proxy settings on the target machine. RATTE is particularly useful when the target uses egress and packet inspection rules that can detect non-HTTP traffic. RATTE uses the Blowfish encryption algorithm for communications to allow full encryption over HTTP.

Two other tools include the SET Web-GUI (a full-fledged web application that automates several of the attacks discussed above) and the wireless attack vector. To run the SET Web-GUI, simply enter ./set-web from the SET home folder. The Web-GUI is written in Python and is a great way to perform attacks through a web interface. The wireless attack vector creates a rogue access point on the attacking machine. When the target connects to the access point, any website he visits is redirected to the attacker machine, which can then launch a number of SET attacks (such as harvester or the Java applet) on the target.