160
Chapter 10
Figure 10-8: Teensy attack code upload
Additional SET Features
We won’t cover every aspect of the Social-Engineer Toolkit, but it does have
some particularly notable aspects. One tool of note is the SET Interactive
Shell: an interactive shell that can be selected as a payload instead of Meter-
preter. Another feature is RATTE (Remote Administration Tool Tommy
Edition), a full HTTP tunneling payload that was created by Thomas Werth.
It relies on HTTP-based communications and piggybacks proxy settings on
the target machine. RATTE is particularly useful when the target uses egress
and packet inspection rules that can detect non-HTTP traffic. RATTE uses
the Blowfish encryption algorithm for communications to allow full encryp-
tion over HTTP.
Two other tools include the SET Web-GUI (a full-fledged web applica-
tion that automates several of the attacks discussed above) and the wireless
attack vector. To run the SET Web-GUI, simply enter
./set-web
from the SET
home folder. The Web-GUI is written in Python and is a great way to perform