• Request Info

Core Impact Pro 2014 R2 New Features

Introducing Core Impact Pro 2014 R2

With the release of Core Impact Pro 2014 R2, Core Security continues to provide the most comprehensive software solution for proactively assessing the security posture of any organization.  

New capabilities released in Core Impact Pro 2014 R2 include:

  • Android Agent and Post Exploitation Modules
  • Windows Domain Information Gathering modules
  • Windows Management Instrumentation support
  • Wifi Pineapple Mark V Support for FakeAP
  • Support for Tenable Security Center
  • Network Attack Vector Enhancements

Android Agent and Post Exploitation Modules

As mobile technology usage and BYOD adoption increases, the mobile attack vector has drawn an increasing amount of attention by attackers. On top of our current existing mobile functionality, this version of Core Impact Pro adds a Java based, HTTP back communication channel Android Agent. This agent can be used standalone for phishing attacks, packed as an Android application, or as the communication channel for a post exploitation facilitator when exploiting mobile vulnerabilities. Taking advantage of our Wi-Fi Fake Access Point functionality, we have included an attack for the Android WebView addJavascriptInterface() vulnerability, modifying device traffic joined to our Fake AP in real-time and installing an Android Agent on those vulnerable devices.

Our Android Agent functionality currently supports the following capabilities:

  • Shell access
  • Get/Send SMS
  • Make a phone call
  • Contacts CRUD (Create Read Update Delete)
  • Calls log info
  • Geo-location/line number info
  • Upload/Download files

Windows Domain Information Gathering modules

When attacking a Windows network, knowledge of the Domain under attack helps prioritize further actions. This new version of Core Impact Pro adds several Information Gathering modules specifically for Windows Domains. If you’re running on an agent under a Windows domain account, or the Core Impact Pro user has domain identities (e.g. NTLM hashes), Windows Domain IG Wizard provides and imports into the workspace:

  • List of domain controllers
  • List of trusted domains
  • Domain account policies
  • List of domain administrators
  • List of domain users and groups
  • List of machines joined to the domain

Windows Management Instrumentation support

Manipulated frequently by malware and installed by default in Windows, WMI is the ideal way to interact with systems in a stealthy way.

This version of Impact allows to:

  • Install Agents using WMI: Using the source agent’s or user-specified Administrator identities, an agent can be installed at the target system using WMI, without creating a Windows Service and having the agent running as Administrator.
  • Agent-less Shell Access: Using the source agent’s or user-specified Administrator identities, an interactive shell can be launched against the target using the WMI Win32_Process() class. This shell does not require an agent installed, hence being a stealthy way to interact with remote systems.
  • Programmatically use WMI for persistence: for those users developing modules within our framework, Impact Pro now allows to programmatically create WMI Event Consumers at target systems, used by many malwares for back-door creation.

Wi-Fi Pineapple Mark V Support for Fake AP

Fake/Karma Access Point functionality allows man-in-the-middle (MiTM) attacks, effectively tricking victims into associating their devices to a system running Core Impact Pro. This version of Core Impact Pro adds support for Wi-Fi Pineapple Mark V devices, taking advantage of this device’s hardware capabilities. Just plug the Pineapple device into a workstation and be up an running in seconds with the Fake Access Point Wizard. The access point redirects all the devices‘ traffic to the Impact console allowing you to run MiTM modules (e.g. the Android WebView addJavascriptInterface() exploit).

Support for Tenable Security Center

This version of Core Impact Pro adds support for Tenable Security Center (TSC) that can be used with our Vulnerability Scanner Validator Wizard. This importer allows connecting against the TSC system, selecting the scanner result you want to import and let Core Impact Pro commit the hosts and vulnerabilities for later validation.

Network Attack Vector Enhancements

Core Impact Pro 2014 R2 adds new functionality to the network attack vector, including the following major items:

  • Windows secrets and token manipulation: Pass-the-Hash (PtH) and token manipulation are one of the easiest ways for attackers to escalate privileges and perform lateral movements inside a Windows network aiming at compromising as many systems as possible. In this version we’ve added Incognito and Mimikatz support (32 and 64 bits) and remote/local LSA, Cached Logon Credentials and SAM secrets extraction without injecting code in the target/local system on top of our existing PtH modules.
  • HTTP/s Channel performance: this is one of the preferred communication channels used by attackers. We spent a lot of time improving this channel performance for Windows Agents, significantly improving the amount of syscalls per second, which translates in a fastest interaction with the agent.

Next Steps

Request Info