bug fix release for 4.7.2

trustedsec · Mar 17, 2013 · b0b78b6 · b0b78b6
1 parent f74d8f7
commit b0b78b6
Show file tree

Hide file tree

Showing 8 changed files with 38 additions and 16 deletions.
diff --git a/config/set_config b/config/set_config
@@ -174,7 +174,7 @@ DIGITAL_SIGNATURE_STEAL=OFF
 #
 ### These two options will turn the upx packer to on and automatically attempt
 ### to pack the executable which may evade anti-virus a little better.
-UPX_ENCODE=ON
+UPX_ENCODE=OFF
 UPX_PATH=/usr/bin/upx
 #
 ### This feature will turn on or off the automatic redirection. By default for example in multi-attack

diff --git a/config/set_config.py b/config/set_config.py
@@ -9,10 +9,10 @@
 #  SET updated using the 'Update SET Configuration' menu item in      #
 #  the main menu. This file will be updated with the new settings.    #
 #                                                                     #
-#  set_config.py generated: 2013-03-16 15:46:18.978776                #
+#  set_config.py generated: 2013-03-17 18:00:06.885097                #
 #                                                                     #
 #######################################################################
-CONFIG_DATE='2013-03-16 15:46:18.978776'
+CONFIG_DATE='2013-03-17 18:00:06.885097'
 METASPLOIT_PATH="/opt/metasploit/apps/pro/msf3"
 METASPLOIT_DATABASE="postgresql"
 ENCOUNT=4
@@ -51,7 +51,7 @@
 SET_INTERACTIVE_SHELL=True
 TERMINAL="SOLO"
 DIGITAL_SIGNATURE_STEAL=False
-UPX_ENCODE=True
+UPX_ENCODE=False
 UPX_PATH="/usr/bin/upx"
 AUTO_REDIRECT=True
 HARVESTER_REDIRECT=False

diff --git a/readme/CHANGES b/readme/CHANGES
@@ -1,3 +1,14 @@
+~~~~~~~~~~~~~~~~
+version 4.7.2
+~~~~~~~~~~~~~~~~
+
+* fixed an issue where UPX would trigger even if not properly installed
+* fixed an issue that would cause a shellcode_ports exception to be found on multi-pyinjector - should have read shellcode_port
+* added an additional check in for upx coding when generating binaries
+* fixed an issue where creating a single payload without an attack would not found the proper rc file within SET
+* fixed an issue where selecting multi pyinjector would not find the proper meta_config rc file 
+* turned upx to off by default on the set configuration file
+
 ~~~~~~~~~~~~~~~~
 version 4.7.1
 ~~~~~~~~~~~~~~~~

diff --git a/set b/set
@@ -185,9 +185,9 @@ except KeyboardInterrupt:
     print "\n\nThank you for " + bcolors.RED+"shopping" + bcolors.ENDC+" with the Social-Engineer Toolkit.\n\nHack the Gibson...and remember...hugs are worth more than handshakes.\n"
 
 # handle exceptions
-except Exception, error:
-    log(error)
-    print "\n\n[!] Something went wrong, printing the error: "+ str(error)
+#except Exception, error:
+ #   log(error)
+  #  print "\n\n[!] Something went wrong, printing the error: "+ str(error)
 
 # cleanup routine
 cleanup_routine()
diff --git a/src/core/payloadgen/create_payloads.py b/src/core/payloadgen/create_payloads.py
@@ -126,9 +126,8 @@
     # if AUTO_DETECT=OFF prompt for IP Address
     match=re.search("AUTO_DETECT=OFF", data)
     if match:
-        ipaddr=raw_input(setprompt(["4"], "Enter the IP address for the payload (reverse)"))
-        filewrite.write(ipaddr)
-        filewrite.close()
+		ipaddr=raw_input(setprompt(["4"], "Enter the IP address for the payload (reverse)"))
+		update_options("IPADDR=" + ipaddr)
 
 # payload selection here
 try:
@@ -418,7 +417,7 @@
 
                                 # here we prep our meta config to listen on all the ports we want - free hugs all around
                                 filewrite = file("%s/src/program_junk/meta_config_multipyinjector" % (definepath), "a")
-                                port_check = check_ports("%s/src/program_junk/meta_config_multipyinjector" % (definepath), shellcode_ports)
+                                port_check = check_ports("%s/src/program_junk/meta_config_multipyinjector" % (definepath), shellcode_port)
                                 if port_check == False:
                                     filewrite.write("use exploit/multi/handler\nset PAYLOAD %s\nset LHOST 0.0.0.0\nset LPORT %s\nset ExitOnSession false\nexploit -j\n\n" % (choice9,shellcode_port))
                                     filewrite.close()

diff --git a/src/core/payloadgen/solo.py b/src/core/payloadgen/solo.py
@@ -21,7 +21,13 @@
     # if we didn't select the SET interactive shell as our payload
     if not os.path.isfile("src/program_junk/set.payload"):
         print_info("Please wait while the Metasploit listener is loaded...")
-        subprocess.Popen("ruby %s/msfconsole -L -n -r src/program_junk/meta_config" % (meta_path), shell=True).wait()
+        if os.path.isfile("%s/src/program_junk/meta_config" % (definepath)):
+            listen_path = ("%s/src/program_junk/meta_config" % (definepath))
+
+        if os.path.isfile("%s/src/program_junk/meta_config_multipyinjector" % (definepath)):
+            listen_path = ("%s/src/program_junk/meta_config_multipyinjector" % (definepath))
+
+        subprocess.Popen("ruby %s/msfconsole -L -n -r %s" % (meta_path,listen_path), shell=True).wait()
 
     # if we did select the set payload as our option
     if os.path.isfile("src/program_junk/set.payload"):

diff --git a/src/core/set.py b/src/core/set.py
@@ -770,8 +770,11 @@
                     reload(solo)
                 except:
                     import solo
-
+        #
+        #
         # Main Menu choice 4: Create a Payload and Listener
+        #
+        #
         if main_menu_choice == '4':
             filewrite = file("src/program_junk/payloadgen", "w")
             filewrite.write("payloadgen=solo")
@@ -787,7 +790,9 @@
 
             # if we didn't select the SET interactive shell or RATTE
             if not os.path.isfile("src/program_junk/set.payload"):
-                upx("msf.exe")
+                upx_check = check_config("UPX_ENCODE=")
+                if upx_check.lower() == "on":
+	                upx("msf.exe")
 
             # if the set payload is there
             if os.path.isfile("src/program_junk/set.payload"):

diff --git a/src/core/setcore.py b/src/core/setcore.py
@@ -222,7 +222,7 @@ def print_error(message):
     print bcolors.RED + bcolors.BOLD + "[!] " + bcolors.ENDC + bcolors.RED + str(message) + bcolors.ENDC
 
 def get_version():
-    define_version = '4.7.1'
+    define_version = '4.7.2'
     return define_version
 
 class create_menu:
@@ -351,7 +351,8 @@ def grab_ipaddress():
                             rhost = raw_input("[!] Invalid ip address try again: ")
                         if ip_check == True: break
                     return rhost
-            # if AUTO_DETECT=OFF prompt for IP Address
+
+        # if AUTO_DETECT=OFF prompt for IP Address
             match1 = re.search("AUTO_DETECT=OFF", line)
             if match1:
                 rhost = raw_input(setprompt("0", "IP address for the payload listener"))