Exploit development can be an advanced penetration testing skill that takes time to master. Additionally, when on a job, pen testers often don’t have the resources to create a new exploit. Many resort to searching for and using pre-written exploits that have not been tested and must go through the timely effort of quality assurance testing in order to ensure they are secure and effective.
Core Impact users can save time by finding all the up-to-date exploits they need in one place. We provide a robust library of exploits designed to enable pen testers to safely and efficiently conduct successful penetration tests. Witten by our own internal team, you can trust they have been thoroughly tested and validated by our experts.
The universe of vulnerabilities is huge and not all of them represent the same risk for the customers. Vulnerabilities do not all have the same level of criticality. Some may be easily exploitable by a low-level user, while others may not be exploitable at all. To increase the efficiency of the attacks and the quality of the exploits provided, the Core Impact team has developed selection criteria to prioritize its analysis and implementation. We determine which exploits warrant creation based on the following questions:
What are the most critical attacks from the attacker’s perspective?
What new vulnerabilities are more likely to be exploited in real attacks?
What exploits are the most valuable for Core Impact?
Once an exploit is approved, its priority order considers the following variables:
Vulnerability Properties: CVE, disclosure date, access mechanism and privileges needed.
Target Environment Setup: OS, application prevalence, version and special configurations needed.
Value Provided to Core Impact: Customer request, usage in multiple attacks, allows the installation of an agent, etc.
Technical Cost vs. Benefit: An analysis weighing the resources needed to build an exploit with the internal and external knowledge gained in its creation.
Each one of these variables has a different weight and provides a ranking of the potential exploits to be developed. Following those criteria, the top of the list would contain, for example, a vulnerability on Windows (most popular OS) that can be exploited remotely, without authentication and that provides super user privileges.
Correspondingly, a vulnerability on an application that is rarely installed, needs special configurations, and requires User Interaction, would be at the bottom.
Stay Informed of New Core Certified Exploits
Subscribe to receive regular email updates on new exploits available for Core Impact
Browse the Core Certified Exploit Library
We provide pen testers with real-time updates for a wide range of exploits for different platforms, operating systems, and applications.
Search our continuously growing library to discover an exploit that will allow you to gain and retain access on the target host or application.
Title
Description
Date Added
CVE Link
Exploit Platform
Exploit Type
Product Name
Belkin BullDog Plus UPS-Service Buffer Overflow Exploit
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing MiniShare. The UPS management software contains a built-in web server which allows for remote management of the UPS. The management interface is protected by a username and password and the authentication is performed via Basic authentication. There is a small stack-based overflow in the base64 decoding routine which handles the Basic authentication data. Authentication is not required to exploit this vulnerability.
This module exploits a buffer overflow vulnerability in Bifrost Server. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/81.
Windows
Exploits / Remote
Impact
BigAnt IM Server AntDS Buffer Overflow Exploit
This module exploits a buffer overflow vulnerability in BigAnt IM Server. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/6661.
BigAnt IM Server DDNF Username Buffer Overflow Exploit
This module exploits a buffer overflow vulnerability in BigAnt IM Server. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/6661.
Windows
Exploits / Remote
Impact
BigAnt IM Server HTTP GET Request Remote Buffer Overflow Exploit
This module exploits a vulnerability in the AntServer Module (AntServer.exe) that can be exploited to cause a stack-based buffer overflow by sending a specially crafted, overly long HTTP GET request to TCP port where the server is listening.
BigAnt IM Server USV Request Remote Buffer Overflow Exploit
This module exploits a vulnerability in the AntServer Module (AntServer.exe) to cause a stack-based buffer overflow, by sending a specially crafted, overly long "USV" request to the TCP port where the server is listening.
Windows
Exploits / Remote
Impact
BigAnt Server DUPF Command Arbitrary File Upload Exploit
This module exploits a buffer overflow vulnerability in BigAnt IM Server. This vulnerability can be exploited remotely by uploading and executing a file.
This module exploits a nameserver vulnerability that occurs when processing a maliciously crafted T_NXT resource record received in a DNS reply message. After successful exploitation, an agent will be deployed. This agent will inherit the user identity and capabilities of the abused service, usually those of the user used to run the bind daemon. However, the uid (as opposite to the euid) of the agent will be that of the super user in most cases (usually '0'). Note that the deployed might be running in a chroot jail.
A routine within the Protocol Analysis Module component that monitors ICQ server responses (used in all current ISS host, server, and network device solutions), contains a series of stack based buffer overflow vulnerabilities.
Blue Coat Authentication and Authorization Agent Buffer Overflow Exploit
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing Blue Coat. The vulnerability is caused due to a boundary error in bcaaa-130.exe when processing an overly long command. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command.
Windows
Exploits / Remote
Impact
Blue Coat Systems WinProxy Exploit
An overly long header directly overwrites the SEH handler for the frame allowing for control over EIP. After successful exploitation an agent will be installed.
Bopup Communications Server Remote Buffer Overflow Exploit
This vulnerability allows remote attackers to execute arbitrary code on installations of Bopup Communications Server, which can be exploited by malicious people to compromise a vulnerable system. Bopup Communications Server is prone to a buffer-overflow vulnerability when handling a large amount of data, this can trigger an overflow in a finite-sized internal memory buffer.
This module exploits a buffer overflow vulnerability in the database service (ibserver.exe) of the Borland InterBase application. The exploit triggers a stack-based buffer overflow by sending a specially crafted "create" request to port 3050/TCP of the vulnerable system and installs an agent if successful.
This module exploits a buffer overflow vulnerability in the database service (ibserver.exe) of the Borland InterBase 2007 application. The exploit triggers an integer overflow and can cause a stack-based buffer overflow by sending a specially crafted packet to port 3050/TCP of the vulnerable system and installs an agent if successful.
The OpenBSD IPv6 Stack is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as kernel. This bug can be exploited remotely. The attack must be issued from the same local net of the target host. If the attack is used more than once, it may crash the target host.
This module exploits a stack buffer overflow in the Computer Associates BrightStor ARCServe Backup Tape Engine service present in a function exposed as Opnum 38 of DCE-RPC interface 62b93df0-8b02-11ce-876c-00805f842837 v1.0.
This module exploits a vulnerability in BrightStor ARCserve/Enterprise Backup, which can be exploited by an attacker to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Discovery Service when processing received network traffic. This can be exploited to cause a buffer overflow by sending an overly large TCP packet to port 41523.
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.
This module exploits a vulnerability in Computer Associates License Manager Service, which can be exploited by malicious code to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the service when processing received network traffic. This can be exploited to cause a buffer overflow by sending an overly large TCP packet to port 10202, 10203 or 10204.
CA BrightStor ARCserve Backup Discovery Service exploit
This module exploits a vulnerability in BrightStor ARCserve/Enterprise Backup Server, which can be leveraged by an attacker to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the Discovery Service when processing received network traffic. This can be exploited to cause a buffer overflow by sending an overly large TCP data stream to port 41523.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing CATIA. The vulnerability is caused due to a boundary error when copying a user supplied input to a fixed size stack buffer. The copying procedure stops when a null byte is found and no size check is proceeded.
CA ARCserve D2D installs the Apache Axi2 Web services engine with default administrator credentials for the Axis2 administration console. This module will login into the Axis2 administration console and will deploy an .AAR Web service, in order to install an agent on the target machine.
This module exploits a stack-based buffer overflow in CA BrightStor ARCserve Backup for Windows, allowing remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument.
CA BrightStor ARCserve Backup LGServer Service Exploit
This module exploits a buffer overflow vulnerability in the LGServer Service (LGServer.exe) component of CA BrightStor ARCserve Backup for Laptops and Desktops and installs an agent if successful. This vulnerability can be exploited remotely by sending a specially crafted packet to port TCP/1900.
CA BrightStor ARCserve Backup Media Server Exploit
This module exploits a buffer overflow in the handling of RPC data in the Computer Associates BrightStor ARCServe Backup Media Server service (mediasvr.exe) which is a component of BrightStor ARCserve Backup Tape Engine.