AutoSploit: Mass Exploitation Just Got a Lot Easier ...

Network Computing Darkreading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

50%

Ram.Sass,
User Rank: Author
2/15/2018 | 7:29:02 AM

Re: MSF and Mobile

So the short answer is probably not a big issue for mobile at this point. As far as I know, Shodan searches only for IP addresses, finding the folks who were negligent in adding protections. Mobile only really has an IP when it connects to a router for wifi connectivity. Android, arguably the largest open source project, would probably have quite a number of exploits that could be hit, but I'm not sure that Autosploit would really know how to find the devices, since it is dependent on Shodan for building its target list. I hope that this makes sense. I'll of course be following this story to see how it evolves.

Reply | Post Message | Messages List | Start a Board

50%

Ram.Sass,
User Rank: Author
2/11/2018 | 11:19:50 AM

Re: Example

At this point, it's hard to tell which projects it will impact most, but we can assume that the most popular ones will be most affected since there are more targets to hit with this wide net approach. For example, a lot of IoT type devices (which are basically small servers) are based on Linux-based toolkits and are rarely if ever patched. What will be interesting to follow is whether this leads to more folks getting on top of their patching ops, although this is unlikely to make it to the airwaves.

Reply | Post Message | Messages List | Start a Board

50%

ragediver24,
User Rank: Apprentice
2/8/2018 | 8:34:57 PM

MSF and Mobile

Will this work for mobile devices as well? Since MSF can hack Android on Kali?

Reply | Post Message | Messages List | Start a Board

50%

aumickmanuela,
User Rank: Apprentice
2/7/2018 | 9:57:36 AM

Example

What other examples can you add? Any other projects?

Reply | Post Message | Messages List | Start a Board

50%

aumickmanuela,
User Rank: Apprentice
2/7/2018 | 9:57:22 AM

Example

What other examples can you add? Any other projects?

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

New Mexico Man Sentenced on DDoS, Gun Charges

Dark Reading Staff 5/18/2018

Is Threat Intelligence Garbage?

Chris McDaniels, Chief Information Security Officer of Mosaic451, 5/23/2018

Cracking 2FA: How It's Done and How to Stay Safe

Kelly Sheridan, Staff Editor, Dark Reading, 5/17/2018

Webinars

Learn About Cyber Attackers & How They Target Your Organization

Phishing: Trends, Attacks & Defense Strategies

Cyber Threats to ICS, Are You Ready?

Webinar Archives

White Papers

Discover Hidden Credentials & Harden Your Network

2018 Security Report

4 Support Teams That Embraced Mobile

Prioritize Support Services to Provide Better End User Experience (IDC Report)

Mobile Devices: The New Support Frontier for IT (IDG Report)

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Shhh! They're watching... And you have a laptop?

Cartoon Archive

Current Issue

The Changing Role of the CISO

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

[Strategic Security Report] Navigating the Threat Intelligence Maze

Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.

Download Now!

[Strategic Security Report] Cloud Security's Changing Landscape

0 comments

The State of Ransomware

0 comments

The Dark Reading Security Spending Survey

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-11415
PUBLISHED: 2018-05-24

SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.

CVE-2018-11412
PUBLISHED: 2018-05-24

In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.

CVE-2018-11413
PUBLISHED: 2018-05-24

An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration.

CVE-2018-11414
PUBLISHED: 2018-05-24

An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly.

CVE-2018-10593
PUBLISHED: 2018-05-24

A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corrup...

Terms of Service
Privacy Statement
Legal Entities