background image

160

Chapter 10

Figure 10-8: Teensy attack code upload

Additional SET Features

We won’t cover every aspect of the Social-Engineer Toolkit, but it does have 
some particularly notable aspects. One tool of note is the SET Interactive 
Shell: an interactive shell that can be selected as a payload instead of Meter-
preter. Another feature is RATTE (Remote Administration Tool Tommy 
Edition), a full HTTP tunneling payload that was created by Thomas Werth. 
It relies on HTTP-based communications and piggybacks proxy settings on 
the target machine. RATTE is particularly useful when the target uses egress 
and packet inspection rules that can detect non-HTTP traffic. RATTE uses 
the Blowfish encryption algorithm for communications to allow full encryp-
tion over HTTP.

Two other tools include the SET Web-GUI (a full-fledged web applica-

tion that automates several of the attacks discussed above) and the wireless 
attack vector. To run the SET Web-GUI, simply enter 

./set-web

 from the SET 

home folder. The Web-GUI is written in Python and is a great way to perform