This module connects to the remote host and attempts to determine by sending specially crafted requests, if the target is vulnerable or not to CVE-2024-0204 based on the inspection of the target's response. If the target is vulnerable, the module will create a new admin user in the target system using the provided credentials. If no credentials are provided, it will generate a random one. Also, the new admin credentials will be added as an identity.
This module connects to the remote host and attempts to determine by sending specially crafted requests, if the target is vulnerable to CVE-2023-27997. The detection of the vulnerability is probabilistic. The module does ~400 requests trigguering the heap overflow in a special way that it doesn't corrupt anything used in memory and another ~400 requests without doing the overflow. Then it calculates the mean of each group and does a Welch's T-Test. It could be the case that the result of the test is not reliable. In that case, the module is going to repeat the process. Therefore the module could need several minutes 10min, in order to have a good result.
This module connects to a remote target via any exposed DCE RPC endpoints and fingerprints them to determine if the machine appears to be compromised by the Conficker worm. The module is able to detect B, C and D variants of the worm.
This module connects to the remote host and attempts to determine by sending specially crafted requests, if the target is vulnerable to CVE-2023-20198 based on the inspection of the target's response. If the target is vulnerable, the module will create a new local administrator user in the target system using the provided credentials. Also, the new credentials will be added as an identity.
This module uses a SQL injection vulnerability in Fortinet FortiWeb to deploy an agent in the appliance that will run with root user privileges. The vulnerability is reached via the /api/fabric/device/status endpoint. The module will first check if the target is vulnerable using the previous endpoint with a generic payload. Then, it will use the vulnerability to upload and write a webshell in disk that will allow the execution of OS commands to deploy an agent. Next, it will use the vulnerability again to upload, write an execute a python script that will give execution permission to the uploaded webshell. Finally, it will send several requests to the webshell to deploy a Core Impact agent. Once the agent is deployed, the webshell and the python script will be erased from the target system.
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Subscribe to Impact