Exploits/Tools

Speculative Store Bypass Checker (CVE-2018-3639)

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Meltdown Checker Update (CVE-2017-5154)

This module performs a local check in order to detect if the target is vulnerable to CVE 2017-5154 (aka Meltdown). This update adds Windows support.

Spectre Checker (CVE-2017-5153)

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre

Meltdown Checker (CVE-2017-5154)

This module performs a local check in order to detect if the target is vulnerable to CVE 2017-5154 (aka Meltdown).

Microsoft Windows LNK Shortcut Automatic File Execution Exploit (CVE-2017-8464)

This vulnerability allows to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."

Image Magick Command Injection Exploit

Insufficient input validation in ImageMagick can lead to code execution when processing with certain types of files. This update introduces a module that generates an MVG format file that, when manipulated by the vulnerable versions of ImageMagick tools, deploys an agent in the supported systems.

glibc getaddrinfo Buffer Overflow Verifier

This module executes a program designed to check for a buffer overflow in glibc's getaddrinfo function. Multiple stack-based buffer overflows in the send_dg and send_vc functions in the libresolv library in the GNU C Library allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family.

Microsoft Windows LNK Shortcut Automatic DLL Loading Exploit (MS15-020)

Microsoft Windows is prone to a vulnerability that may allow a DLL file to be automatically loaded because the software fails to handle LNK files properly. Specifically, the issue occurs when loading the icon of a shortcut file. A specially crafted LNK file can cause Windows to automatically execute code that is specified by the shortcut file. This vulnerability is the result of an incomplete fix for MS10-046 (CVE-2010-2568). WARNING: This is an early release module. This is not the final version of this module.

SMB Relay Update

This update add support to a new method to bypass SMB signing when doing a SMB relay attack.

POODLE TLS1.x to SSLv3 Downgrading Vulnerability Exploit

This module exploits a vulnerability in Internet Explorer 10/11 by downgrading the encryption from TLS 1.x to SSLv3. After that, part of the encrypted text plain will be decrypted.