We are pleased to announce the official release of Core Impact Pro 2016 R1.1. More than 83 updates have been added thus far, and are available through the regular update channel for all Core Impact customers who have upgraded to the latest version. The team has been working on several privilege escalations, a number of remote exploits for widely deployed software, and numerous enhancements. This release includes:

  • 15 remote exploits, including modules for Apache Struts 2, Jenkins, Joomla and OpenSSH.
  • 6 client side exploits.
  • 7 local exploits, with 3 modules targeting Microsoft Windows, 1 targeting Apple Mac OS X and 1 targeting Linux.
  • Enhancements for numerous exploits.
  • Updates in the CVE association to our exploits.
  • Improvements related to our AV evasion capabilities.
  • Improvements to our module for POODLE, including better documentation.
  • Improvements related to agents packaging and persistence.
  • Improvements to our importers from third-party scanners.
  • Several general updates.

Here is the complete list of published modules: Remote Exploits

  • Advantech WebAccess Dashboard Viewer Remote Code Execution Exploit
  • Apache Struts 2 DefaultActionMapper method Remote Code Execution Exploit
  • Apache Struts 2 REST Plugin Remote Code Execution Exploit
  • Atlassian Bamboo commons-collections Java Library Deserialization Vulnerability Remote Code Execution Exploit
  • Hewlett Packard Enterprise Data Protector EXEC_BAR User Name Buffer Overflow Exploit
  • Jenkins JRMP Java Library Deserialization Vulnerability Remote Code Execution Exploit
  • Jenkins XStream Java Library Deserialization Vulnerability Remote Code Execution Exploit
  • Joomla User Agent Object Injection Exploit Update
  • Magento eCommerce Web Sites Deserialization Remote Code Execution Exploit
  • ManageEngine OpManager Exploit
  • Novell ServiceDesk Remote Code Execution Exploit
  • OpenSSH xauth Command Injection Vulnerability Exploit
  • Ruby on Rails Action View Directory Traversal Exploit
  • Solarwinds Virtualization Manager Java JMX-RMI Remote Code Execution Exploit
  • Trend Micro InterScan Web Security Virtual Appliance testConfiguration OS Command Injection Exploit

Client Side Exploits

  • Acunetix Web Vulnerability Scanner GUI Html Script Injection Exploit
  • Microsoft Internet Explorer VBScript AccessArray Redefinition Exploit
  • Microsoft MSHTML dll based Binary Planting Exploit (MS16-037)
  • Microsoft Windows Media Center .MCL File Processing Remote Code Execution (MS16-059)
  • TrendMicro node.js HTTP Server Remote Code Execution Exploit
  • WECON LeviStudio PLC HmiSet Type Buffer Overflow Exploit

Local Exploits

  • Apple Mac OS X XPC Entitlements Local Privilege Escalation Exploit
  • FreeBSD atkbd SETFKEY Ioctl Privilege Escalation Exploit
  • Linux Kernel CONFIG_BPF_SYSCALL Local Privilege Escalation Exploit
  • Microsoft Windows Integer Overflow Exploit (MS16-039)
  • Microsoft Windows Secondary Logon Vulnerability Exploit (MS16-032)
  • Microsoft Windows WPAD Elevation of Privilege Exploit (MS16-077)
  • Solarwinds DameWare Mini Remote Control Server Privilege Escalation Exploit

Maintenance

  • AV Evasion Improvements
  • AV Evasion Improvements in 64-bit agents
  • AV evasion binary improvements
  • CVE Database Update
  • Exploits Update for Impact Professional 2016_R1
  • Fake HTTP Server Update
  • Grab Frame from WebCam Update
  • IBM AppScan Importer Update
  • Install Agent using ssh Update
  • Local Information Gathering Update
  • Make Agent Persistent Update
  • Microsoft Windows Shell File Association Vulnerability Exploit (MS14-027) Update
  • Mimikatz module Update
  • Nessus and Nexpose RPC connection improvements
  • Network Reports Update
  • OracleDB DBMS AW.EXECUTE CDA Command Remote Stack Overflow Exploit Update
  • Package agent in VBA Script 64-bit Update
  • Package agent in VBA Script Remote Package Update
  • Package and Register log Update
  • POODLE TLS1.x to SSLv3 Downgrading Vulnerability Exploit Update
  • Proxy Identity Verifiers Update
  • Reprise License Manager activate_doit Command actserver Parameter Buffer Overflow Exploit Update
  • Reprise License Manager edit_lf_process Write Arbitrary Files Exploit Update
  • Send Agent by E-Mail Update
  • Supported services list Update
  • Vulnerabilities Tab in Quick Information View Update
  • Web Apps Reporting and Output Update