We are pleased to announce the official release of Core Impact Pro 2014 R2.1. More than 50 updates have been added thus far, and they are available through the regular update channel for all Core Impact customers who have upgraded to the latest version. Several exploit modules have been released, including several for "Shellshock" vulnerability attack vectors (e.g. remote attacks over HTTP, FTP, SSH, and DHCP). There is also a remote denial-of-service module exploiting the "WinShock" vulnerability (MS14-066); exploits for recent OLE-related vulnerabilities (MS14-060 and MS14-066), for browser attacks against Internet Explorer; an exploit for a critical Drupal vulnerability (CVE-2014-3704), leveraging our web framework to install an OS agent through an SQL injection; and a number of SCADA exploit modules for vulnerabilities discovered our research team (get the details: Advantech WebAccess Stack-based Buffer Overflow, Advantech EKI-6340 Command Injection, and Advantech AdamView Buffer Overflow). Until recently, when deploying an agent, connection methods were limited to "connect from target", "connect to target" and "reuse connection". We have added "HTTP channel," "HTTPS channel" and "DNS channel." At the moment, all remote exploits released during 2014 support these new connection methods, and we are in the process of adding these new connection methods to older exploits. In addition to the above, this release includes:

  • 8 client side exploits, including some for IE
  • 2 local exploits for Linux, 3 exploits for Windows and 1 for Adobe Reader
  • 2 denial-of-service modules for Windows
  • Several general updates, including improvements to antivirus evasion mechanisms and the AntiVirus Manager module, improvements to the throttling for DCE-RPC exploits, and resolving an issue with failing connections due to limits defined in some Windows OS relative to max RPC connections attempts

Lastly, here is the complete list of published modules:

Remote Exploits

Bash Remote Code Execution Exploit Bash Environment Variables Remote Code Execution Exploit for SSH PureFTPd Bash Variables Injection Exploit (CVE-2014-6271) MSRPC Server Service Remote Buffer Overflow Exploit (MS08-067) Update 6 Apache Struts includeParams Remote Code Execution Exploit Apache Struts ClassLoader Manipulation Remote Code Execution Exploit Update HP Network Node Manager I ovopi Option -L Buffer Overflow Exploit Openfiler Remote Code Execution Exploit Update MediaWiki Thumb.php Remote Command Execution Exploit Yokogawa CENTUM CS 3000 BKCLogSvr Buffer Overflow Exploit Kolibri WebServer HTTP POST Request Buffer Overflow Exploit Kolibri Web Server Get Request Buffer Overflow Exploit SolidWorks Workgroup PDM 2014 Opcode 2001 Remote Code Execution Exploit Update Eudora Qualcomm WorldMail IMAPd Service UID Buffer Overflow Exploit

Client Side Exploits

Microsoft Internet Explorer CMarkup Object Use-After-Free Exploit (MS14-021) Update 3 Microsoft Internet Explorer CInput Object Use-After-Free Exploit (MS14-035) Microsoft Windows OLE Packager INF File Remote Code Execution Exploit (MS14-060) Microsoft Windows OLE Automation Array Remote Code Execution Exploit (MS14-064) Update Foxit Reader imgseg DLL Hijacking Exploit Embarcadero ERStudio Data Architect TSVisualization ActiveX loadExtensionFactory Buffer Overflow Exploit Advantech Webaccess webeye Connect Buffer Overflow Exploit Advantech ADAMView GNI File Buffer Overflow Exploit

Local Exploits

Linux Kernel x86_64 Ptrace Sysret Privilege Escalation Exploit Linux Kernel n_tty_write Privilege Escalation Exploit Update Microsoft Windows Win32k TrackPopupMenu Null Pointer Dereference Privilege Escalation Exploit (MS14-058) Microsoft Windows Ancillary Function Driver Double Free Vulnerability Exploit (MS14-040) Update 2 Microsoft Windows Administrator UAC Elevation Bypass Update Adobe Reader X AdobeCollabSync Buffer Overflow Sandbox Bypass Exploit

Denial of Service

OpenSSL DTLS Fragment Buffer Overflow DoS Microsoft Windows Schannel Heap Overflow DoS (MS14-066)


Improvements to Bash Environment Variable Injection Exploits DHCP Server with Bash Variables Injection Exploit Connection methods improvements for remote exploits AV Evasion Improvements AV Evasion and ExelibHelper improvement Antivirus Manager Update Agent Escape Mechanism Update NTOSpider Importer Update Import Output from Qualys DCE-RPC Exploits Improvements Identity Verifier Log Update ClientSide Phishing Attack - ImageTag log Update Attack Camera using Weak Credentials Update Raw payload generation for executable agents Setup Metasploit Integration Update Metasploit Framework CVE Update DCE-RPC Exploits Improvements Remote Code Execution improvements for Solaris OS Command Injection Update Nessus RPC - RPT IG Wizard Update Crack WEP Wifi Network Update Drupal core - SQL injection Exploit Windows Domain IG Wizard Update Simple SMB File Share Server DLLMakerV2 Library Update exploitlib local privilege escalation update exploitlib framework update Modules maintenance New Email - Update Supported services list update