Core Certified Exploits

Library of expert validated exploits for safe and effective pen tests

Browse the Core Certified Exploit Library  

 

Exploit development can be an advanced penetration testing skill that takes time to master. Additionally, when on a job, pen testers often don’t have the resources to create a new exploit. Many resort to searching for and using pre-written exploits that have not been tested and must go through the timely effort of quality assurance testing in order to ensure they are secure and effective.

Core Impact users can save time by finding all the up-to-date exploits they need in one place. We provide a robust library of exploits designed to enable pen testers to safely and efficiently conduct successful penetration tests. Witten by our own internal team, you can trust they have been thoroughly tested and validated by our experts.

The universe of vulnerabilities is huge and not all of them represent the same risk for the customers. Vulnerabilities do not all have the same level of criticality. Some may be easily exploitable by a low-level user, while others may not be exploitable at all. To increase the efficiency of the attacks and the quality of the exploits provided, the Core Impact team has developed selection criteria to prioritize its analysis and implementation. We determine which exploits warrant creation based on the following questions:

  • What are the most critical attacks from the attacker’s perspective?
  • What new vulnerabilities are more likely to be exploited in real attacks?
  • What exploits are the most valuable for Core Impact?

Once an exploit is approved, its priority order considers the following variables: 

  • Vulnerability Properties: CVE, disclosure date, access mechanism and privileges needed.
  • Target Environment Setup: OS, application prevalence, version and special configurations needed.
  • Value Provided to Core Impact: Customer request, usage in multiple attacks, allows the installation of an agent, etc.
  • Technical Cost vs. Benefit: An analysis weighing the resources needed to build an exploit with the internal and external knowledge gained in its creation. 

Each one of these variables has a different weight and provides a ranking of the potential exploits to be developed. Following those criteria, the top of the list would contain, for example, a vulnerability on Windows (most popular OS) that can be exploited remotely, without authentication and that provides super user privileges. 

Correspondingly, a vulnerability on an application that is rarely installed, needs special configurations, and requires User Interaction, would be at the bottom.

Stay Informed of New Core Certified Exploits

Subscribe to receive regular email updates on new exploits available for Core Impact

Browse the Core Certified Exploit Library

We provide pen testers with real-time updates for a wide range of exploits for different platforms, operating systems, and applications. 

Search our continuously growing library to discover an exploit that will allow you to gain and retain access on the target host or application.

Title Description Date Added CVE Link Exploit Platform Exploit Type Product Name
Viper RGB Driver Kernel Arbitrary Read Write Local Privilege Escalation Exploit The vulnerability allows read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection. CVE-2019-18845 Windows Exploits / Local / Privilege Escalation Impact
Windows Win32k Elevation Of Privilege Exploit (CVE-2019-0803) This module exploits a win32k component vulnerability This can be exploited to execute arbitrary code with System privileges. It is working until KB4507004 update 2019/07/08 it is patched in KB4507449 Security Monthly Quality Rollup for Windows 7 x64-based Systems 2019/07/09 CVE-2019-0803 Windows Exploits / Local / Privilege Escalation Impact
Adobe ColdFusion JNBridge Remote Code Execution Exploit Adobe ColdFusion is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JNBridge protocol. CVE-2019-7839 Windows, Linux Exploits / Remote Impact
Advantech WebAccess SCADA GetUserPasswd BwPAlarm Buffer Overflow Exploit The specific flaw exists within BwPAlarm.dll, which is accessed through the 70603 IOCTL in the webvrpcs process. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer. CVE-2018-18999 Windows Exploits / Remote Impact
Apache Solr ENABLE_REMOTE_JMX_OPTS JMX-RMI Remote Code Execution Exploit Apache Solr is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine. By exploiting known methods, it is possible to remotely load an MLet file from an attacker controlled web server that points at a jar file. CVE-2019-12409 Linux Exploits / Remote Impact
AVEVA InduSoft Web Studio Remote Command Injection Exploit AVEVA InduSoft Web Studio is prone to a remote vulnerability that allows attackers to execute commands under the context of the program user. CVE-2019-6545 Windows Exploits / Remote Impact
File Sharing Wizard POST Method Exploit File Share Wizard is prone to a buffer-overflow vulnerability when handling a crafted POST packet. CVE-2019-16724 Windows Exploits / Remote Impact
MAPLE Computer SNMP Administrator Exploit Maple Computer SNMP Asministrator is prone to a buffer-overflow vulnerability when handling a crafted packet. CVE-2019-13577 Windows Exploits / Remote Impact
Microsoft Windows Remote Desktop Protocol BlueKeep Remote Code Execution Exploit This module triggers a use after free vulnerability in the Remote Desktop Service by sending a malformed packet. CVE-2019-0708 Windows Exploits / Remote Impact
Disk Pulse Enterprise Import Command Buffer Overflow Exploit This module exploits a buffer overflow on Disk Pulse Formats plugin when parsing a specially crafted .XML file. After the file is downloaded, the user must open it from the application, clicking on the Command option in the menu bar (or right clicking in the middle window), then choosing Import Command ... and selecting the file. CVE-2017-7310 Windows Exploits / Client Side Impact
Fuji Electric Alpha5 Smart Loader Exploit This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it. CVE-2018-14788 Windows Exploits / Client Side Impact
LibreOffice LibreLogo Python Global Event Scripting Vulnerability Exploit This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it. CVE-2019-9851 Linux, Windows Exploits / Client Side Impact
LibreOffice LibreLogo Python Scripting Vulnerability Exploit This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it. CVE-2019-9848 Linux, Windows Exploits / Client Side Impact
Microsoft Internet Explorer Scripting Engine Memory Corruption Exploit This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting an invalid pointer reference in Internet Explorer. CVE-2019-0752 Windows Exploits / Client Side Impact
Microsoft Internet Explorer VBScript UAF Exploit (2019) This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting an invalid pointer reference in Internet Explorer. Windows Exploits / Client Side Impact
WECON LeviStudioU SMtext Buffer Overflow Exploit A stack-based buffer overflow in WECON LeviStudio HMI Editor allows an attacker to execute arbitrary code via crafted .UMP file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it. Windows Exploits / Client Side Impact
SolarWinds Dameware Mini Remote Control Unauthenticated RCE Exploit Tenable found an unauthenticated remote code execution vulnerability in the SolarWinds Dameware Remote Mini Remote Client Agent Service (DWRCS.exe) version 12.1.0.89. CVE-2019-3980 Windows Exploits / Remote Impact
rConfig ajaxServerSettingsChk and search_crud Remote OS Command Injection Exploit This module exploits an unauthenticated OS command injection vulnerability in rConfig using the rootUname parameter present in ajaxServerSettingsChk.php. Also, this module exploits an authenticated OS command injection vulnerability using the catCommand parameter present in search.crud.php. CVE-2019-16662, CVE-2019-16663 Linux Exploits / OS Command Injection / Known Vulnerabilities Impact
Apache Solr Velocity Template Remote OS Command Injection Exploit This module exploits an OS command injection vulnerability in Apache Solr, via the Velocity Template. CVE-2019-17558 Linux, Windows Exploits / OS Command Injection / Known Vulnerabilities Impact
Robot Attack Vulnerability Checker Poor implementations of SSL servers using PKCS1 v1.5 allow an attacker to perform RSA decryption and signing operations using the private key of said servers This module tries to verify if the vulnerability is present in the target server by comparing its responses to various handcrafted messages Linux Information gathering / Vulnerability checkers Impact
Kibana Timelion Visualizer Remote Javascript OS Command Injection Exploit This module exploits a javascript command injection vulnerability in Kibana, in the Timelion application. CVE-2019-7609 Linux Exploits / OS Command Injection / Known Vulnerabilities Impact
Atlassian Jira Template Injection Vulnerability Remote OS Command Injection Exploit This module exploits a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. The ContactAdministrators action doesn't require authentication but it's not enabled by default. The SendBulkMail does require authentication and the "JIRA Administrators" access level. CVE-2019-11581 Windows, Linux Exploits / OS Command Injection / Known Vulnerabilities Impact
Atlassian Crowd pdkinstall Plugin Install Vulnerability Exploit The pdkinstall development plugin is incorrectly enabled in release builds of Atlassian Crowd and Crowd Data Center. An attacker can leverage this vulnerability to install a malicious plugin and execute code in the system. CVE-2019-11580 Windows, Linux Exploits / Remote File Inclusion / Known Vulnerabilities Impact
Oracle Weblogic Server AsyncResponseService Deserialization Vulnerability Remote Code Execution An unauthenticated attacker can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host. The attacker must have network access to the Oracle Weblogic Server T3 interface. CVE-2019-2725 Linux, Windows Exploits / OS Command Injection / Known Vulnerabilities Impact
Cisco Data Center Network Manager Arbitrary File Upload Vulnerability Exploit This module uses an arbitrary file upload vulnerability, an authentication bypass (which depends on the target version) and a information disclosure vulnerability in order to upload and execute a WAR file in the Tomcat webapps folder. Since the Apache Tomcat server is running with root (SYSTEM in Windows targets) user, the deployed agent will run with the same privileges. CVE-2019-1619, CVE-2019-1622, CVE-2019-1620 Windows, Linux Exploits / Remote File Inclusion / Known Vulnerabilities Impact
Download JSON