Exploits for code execution vulnerabilities are generally designed to deliver payloads on compromised systems. In Core Security solutions, these exploit payloads are called "agents."
An exploit's ability to successfully deploy and connect to an agent provides indisputable evidence that a vulnerability exists, thereby eliminating false positives and allowing you to perform penetration tests with 100% confidence.
How Agents Work
Exploits for code execution vulnerabilities typically execute a command shell (shellcode) on the target system and allow you to communicate with the shell via a network connection (e.g., binding the shell to a port or connecting back from the target to the attacking host). Core Security’s patented agents also allow you to interact with compromised systems via command shells, while providing additional capabilities that ensure safe and reliable testing.
Agents and Core Security Solutions
Core Security agents help to ensure that your penetration tests are safe, accurate and efficient through a number of key capabilities:
- A minimal footprint for safe penetration testing
Core Security solutions deploy agents into the memory of targeted systems, ensuring that your penetration tests are minimally invasive and safe for compromised systems. Agent code is typically smaller than most emails, and no additional application code needs to be deployed on the compromised system.
- A powerful interface to compromised systems
An agent provides an interface to the compromised system, allowing you to gather additional information, escalate access privileges or attempt to compromise other network resources. The interface is easy to use, providing common access across all target platforms and eliminating the need to write different scripts for each platform. In addition, Core Security’s patented agent technology allows you to run a command shell on any compromised system, even if the system does not have an accessible shell.
- Easy access to system calls and APIs
Core Security’s unique Syscall Proxying technology enables you to leverage agents to access any system call or Windows API on a compromised system.
- Support for binary plug-ins and code
Core Security solutions complement Syscall Proxying with additional functionality to support binary plug-ins and to execute arbitrary binary code on the target system, such as payloads dynamically created in runtime or as part of a customized exploit.
- Multiple connection methods
Core Security solutions support multiple connection methods, including connect to target, connect from target, reuse connection, HTTP/HTTPS tunneling and DNS tunneling. Agents can also be chained together to reach network resources with limited connectivity.
- Agent Auto-Injection
You can maintain contact with a targeted workstation, even if compromised client software is restarted. Upon gaining workstation access, our solutions inject an agent into a new process outside of the compromised software. You can therefore continue to gather information about the workstation and pivot attacks to other systems without interruption.
- Simple clean-up
Unless instructed otherwise, Core Security agents automatically uninstall themselves from memory upon termination of the communication channel, leaving no trace of the penetration test.
- Android Agent
Core Impact Pro has a Java based, HTTP back communication channel Android Agent. This agent can be used standalone for phishing attacks, packed as an Android application, or as the communication channel for a post exploitation facilitator when exploiting mobile vulnerabilities.
- SQL Agent
Core Impact Pro has a SQL Agent, which removes the burden in the exploitation and post-exploitation of SQL-injection vulnerabilities.
- WebApps Agents
They represent the information of how to exploit a web application vulnerability. If a WebApps agent exists in your Web View, then you have the ability to perform certain activities on the web application's server. In this regard, a WebApps agent is similar to an OS agent. There are 4 types of WebApps agents:
- SQL Agent: Represents the knowledge of how to exploit a web application using SQL Injection.
- RFI Agent for PHP: Represents the knowledge of how to exploit a web application using PHP File Inclusion.
- XSS Agent: Represents the knowledge of how to exploit a web application using Cross Site Scripting.
- Web Browser Agent: Obtained when you gain control of a web browser through a XSS attack. Web Browser Agents are launched on XSS agents.