Exploit development can be an advanced penetration testing skill that takes time to master. Additionally, when on a job, pen testers often don’t have the resources to create a new exploit. Many resort to searching for and using pre-written exploits that have not been tested and must go through the timely effort of quality assurance testing in order to ensure they are secure and effective.
Core Impact users can save time by finding all the up-to-date exploits they need in one place. We provide a robust library of exploits designed to enable pen testers to safely and efficiently conduct successful penetration tests. Witten by our own internal team, you can trust they have been thoroughly tested and validated by our experts.
The universe of vulnerabilities is huge and not all of them represent the same risk for the customers. Vulnerabilities do not all have the same level of criticality. Some may be easily exploitable by a low-level user, while others may not be exploitable at all. To increase the efficiency of the attacks and the quality of the exploits provided, the Core Impact team has developed selection criteria to prioritize its analysis and implementation. We determine which exploits warrant creation based on the following questions:
What are the most critical attacks from the attacker’s perspective?
What new vulnerabilities are more likely to be exploited in real attacks?
What exploits are the most valuable for Core Impact?
Once an exploit is approved, its priority order considers the following variables:
Vulnerability Properties: CVE, disclosure date, access mechanism and privileges needed.
Target Environment Setup: OS, application prevalence, version and special configurations needed.
Value Provided to Core Impact: Customer request, usage in multiple attacks, allows the installation of an agent, etc.
Technical Cost vs. Benefit: An analysis weighing the resources needed to build an exploit with the internal and external knowledge gained in its creation.
Each one of these variables has a different weight and provides a ranking of the potential exploits to be developed. Following those criteria, the top of the list would contain, for example, a vulnerability on Windows (most popular OS) that can be exploited remotely, without authentication and that provides super user privileges.
Correspondingly, a vulnerability on an application that is rarely installed, needs special configurations, and requires User Interaction, would be at the bottom.
Stay Informed of New Core Certified Exploits
Subscribe to receive regular email updates on new exploits available for Core Impact
Browse the Core Certified Exploit Library
We provide pen testers with real-time updates for a wide range of exploits for different platforms, operating systems, and applications.
Search our continuously growing library to discover an exploit that will allow you to gain and retain access on the target host or application.
Title
Description
Date Added
CVE Link
Exploit Platform
Exploit Type
Product Name
Microsoft DHCP Server Service DoS
This module triggers a heap-based buffer overflow vulnerability in the DHCP service by sending a malformed DHCPv6 Relay-forward message.
Progress MOVEit Transfer UserGetUsersWithEmailAddress SQL Injection Vulnerability Exploit
This module exploits an SQL injection to deploy an agent in Progress MOVEit Transfer. The vulnerability is in the UserGetUsersWithEmailAddress function of UserEngine class. The deployed agent will run with moveitsvc user privileges.
Exploits / OS Command Injection / Known Vulnerabilities
Impact
Progress MOVEit Transfer UserGetUsersWithEmailAddress SQL Injection Vulnerability Webapp Exploit
This module exploits an SQL injection to deploy an agent in Progress MOVEit Transfer. The vulnerability is in the UserGetUsersWithEmailAddress function of UserEngine class. The deployed agent will run with moveitsvc user privileges.
Exploits / OS Command Injection / Known Vulnerabilities
Impact
Linux Kernel OverlayFS Logic Upper Local Privilege Escalation Exploit
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system
Linux Kernel Netfilter UaF NF Tables Local Privilege Escalation Exploit
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
Oracle Weblogic Server T3 ForeignOpaqueReference JNDI Injection Remote Code Execution Exploit
A vulnerability in Oracle WebLogic Server (component: Core) which can be exploited through the T3/IIOP protocol network, which transfers information between WebLogic servers and other Java programs. This vulnerability found in Oracle WebLogic Server can lead to remote code execution.
VMware Workspace ONE Access validateClaimRuleCondition Remote OS Command Injection Exploit
This module exploits a custom java bean validator to deploy an agent in VMware Workspace ONE Access. The vulnerability is in the validateClaimRuleCondition function of ClaimTransformationHelper class. The deployed agent will run with horizon user privileges.
Exploits / OS Command Injection / Known Vulnerabilities
Impact
VMware Workspace ONE Access validateClaimRuleCondition Remote OS Command Injection Webapp Exploit
This module exploits a custom java bean validator to deploy an agent in VMware Workspace ONE Access. The vulnerability is in the validateClaimRuleCondition function of ClaimTransformationHelper class. The deployed agent will run with horizon user privileges.
A vulnerability in the SetupCompleted class allows to unauthenticated remote code attackers to execute system commands. The deployed agent will run with SYSTEM privileges.
A vulnerability in the SetupCompleted class allows to unauthenticated remote code attackers to execute system commands. The deployed agent will run with SYSTEM privileges.
Microsoft Windows Common Log File System Driver Elevation of Privilege Vulnerability Exploit
The Common Log File System Driver (clfs.sys) present in Microsoft Windows is vulnerable to a memory corruption vulnerability. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by creating a specially crafted BLF file.
Veeam Backup and Replication Backup Service Remote Code Execution Exploit
This module exploits the unauthenticated endpoint of the Backup Service in Veeam Backup and Replication. The deployed agent will run with the privileges of the "SQL Server" process (NT AUTHORITY\\SYSTEM).
This module exploits an information disclosure vulnerability (CVE-2022-31711), a remote file download vulnerability (CVE-2022-31704), and a directory traversal vulnerability (CVE-2022-31706) in VMware vRealize Log Insight to deploy an agent with root privileges. The vulnerability is exploited via Apache Thrift RPC protocol. The deployed agent will run with the root account privileges.
A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device.
Exploits / OS Command Injection / Known Vulnerabilities
Impact
Microsoft Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploit
The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary memory overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver.
A vulnerability in the library Apache Santuario SAML SSO (Single Sign-On) method used by Zoho ManageEngine products allows to unauthenticated remote code attackers to execute system commands. This modules uses a specially crafted SAML against Zoho ManageEngine ServiceDesk Plus to execute system commands to deploy an agent. The deployed agent will run with the root user account privileges on Linux systems and with SYSTEM privileges on Windows systems.
Go Anywhere MFT Accept Deserialization Vulnerability Remote Code Execution Exploit
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.