| Ticket | Info |
|---|---|
| DE8831 | Improved description to include token example for Sequence Number parameter from Send Packet action of QUIC protocol. |
| Name | Category | Info |
|---|---|---|
| AWS Console Oct17 | Distributed Computing | AWS Management Console (AWS Console) is a web-based interface for users to manage and monitor the Amazon infrastructure suite, such as EC2, IAM, EBS, S3, SQS, Amazon Elastic MapReduce, and Amazon CloudFront, etc. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| AWS EC2 Nov17 | Distributed Computing | EC2 (Elastic Compute Cloud) is one of the services provided by Amazon Web Services(AWS). It provides secure, resizable compute capacity in the cloud and allows users to create, launch, and terminate virtual machine instances as needed and paying by the seconds for the active usage. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| AWS S3 Oct17 | Distributed Computing | S3 (Simple Storage Service) is one of the services provided by Amazon Web Services(AWS). It allows users to store, manage and retrieve any amount of data on the web with scalability, high availability, and low latency at commodity costs. This service is provided through web service interfaces including REST, SOAP and BitTorrent. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Meraki Nov17 | Enterprise Applications | Cisco Meraki provides unified management of mobile devices, Macs, PCs, and the entire network from a centralized dashboard. Enforce device security policies, deploy software and apps, and perform remote, live troubleshooting on thousands of managed devices. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Zendesk Nov17 | Enterprise Applications | Simulates the use of the Zendesk website as of November 2017. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Category | Info |
|---|---|---|
| AWS Console Oct17 | Distributed Computing | The user performs the following actions - Loads the AWS main page; launches AWS console; signs in with user's e-mail address; navigates to user's account page; checks account's billing information; checks account's credentials; creates a new access key; downloads the key file; deletes the created key; signs out of AWS console. |
| AWS EC2 Nov17 | Distributed Computing | The user creates and configures a set of objects in EC2 necessary for a virtual machine instance via Amazon EC2 API first; then creates an instance; in the end, terminates the instances and cleans up the objects. |
| AWS S3 Oct17 | Distributed Computing | The user performs the following actions via Amazon S3 API - checks if name exists for new buckets; creates two new buckets, one each for the source and the destination; uploads a file to the source bucket; creates a new file in the source bucket; lists files in the source bucket; copies files from the source to the destination buckets; verifies the copying by listing files in the destination bucket; downloads the two files from the source bucket; deletes the files and buckets. |
| Meraki Configure Network Nov17 | Enterprise Applications | Simulates a Meraki user that changes the settings of a network from the centralized dashboard. |
| Meraki Manage MDM Network Nov17 | Enterprise Applications | Simulates a Meraki user that manages a MDM network by adding devices, apps and setting profiles. |
| Meraki Monitor Devices Nov17 | Enterprise Applications | Simulates a user that uses the monitoring features of Meraki. |
| Zendesk Nov17 | Enterprise Applications | Simulates the use of the Zendesk website as of November 2017. All of the available actions for this flow are exercised. |
| Zendesk Nov17 Create New Ticket | Enterprise Applications | Simulates use of the Zendesk website as of November 2017. The user accesses the sign in page, signs in, views the Views panel, create a new ticket and then logs out. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E17-3dsr1 |
BID-101114 CVE-2017-11771 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) SECURITY_TRACKER-1039538 URL |
Exploits | This strike exploits a Heap Buffer Overflow vulnerability in Windows Search Service of Microsoft Windows. The vulnerability can be triggered by sending a crafted request to the target system. By exploiting this vulnerability, an attacker could run arbitrary code on the target server in the context of SYSTEM. NOTE: When run in OneArm mode, the strike requires /Users to be shared and Anonymous access enabled. |
| 10.0 | E17-3df81 |
APSB-17-30 BID-100708 CVE-2017-11284 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) |
Exploits | This strike exploits an insecure deserialization vulnerability in Adobe ColdFusion. The vulnerability is due to improper checks of user-supplied objects in the RMI Registry. Successful exploitation will result in code execution. |
| 10.0 | E17-0wu81 |
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-42560 |
Exploits | This strike exploits a Stack Buffer Overflow vulnerability in Flexense DiskPulse Enterprise Server. The vulnerability is due improper length validation of user controlled request URI. By exploiting this vulnerability, an attacker could execute arbitrary code in the security context of SYSTEM. NOTE: Strike will launch calc.exe when run in OneArm mode. Verified against Flexense DiskPulse Enterprise v9.9.16 32bit running on Windows 7 x86 with DEP disabled. |
| 8.5 | E17-0i6p1 |
CVE-2017-8961 CVSS-8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C) URL ZDI-17-849 |
Exploits | This strike exploits an arbitrary file upload vulnerability in Hewlett Packard Enterprise (HPE) Intelligent Management Center. By design, the uri /imc/flexFileUpload should accept xml documents in multipart/form-data encoding. However, file extension and type are not validated, allowing for arbitrary file upload. An attacker can send specially crafted HTTP POST requests containing an arbitrary file with multipart/form-data to upload the file. If the file is of type .jsp or .jspx, the attacker can then request the file to achieve arbitrary code execution with SYSTEM privileges. |
| 7.5 | E17-0wlx1 |
CVSS-7.5 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-42261 |
Exploits | This strike exploits a stack buffer overflow vulnerability in Easy File Sharing Web Server. The vulnerability is due to a lack of boundary checking on user input when requesting vfolder.ghp resource. By exploiting this vulnerability, an attacker could potentially execute arbitrary code in the security context of user. NOTE: Strike will launch calc.exe when run in OneArm mode. Verified against Easy File Sharing Web Server Version 7.2 running on Windows 7 x86 with DEP disabled. |
| 7.5 | E17-0wj91 |
CVSS-7.5 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-42165 |
Exploits | This strike exploits a stack buffer overflow vulnerability in Easy File Sharing Web Server. The vulnerability is due to a lack of boundary checking on user input when requesting sendmail.ghp resource. By exploiting this vulnerability, an attacker could execute arbitrary code in the security context of user. NOTE: Strike will launch calc.exe when run in OneArm mode. Verified against Easy File Sharing Web Server Version 7.2 running on Windows 7 x86 with DEP and ASLR disabled. |
| 7.5 | E17-3egl1 |
BID-101261 CVE-2017-12629 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-43009 |
Exploits | This strike exploits an XML External Entity expansion vulnerability in Apache Solr. The vulnerability exists due to insufficient checking when handling the incoming XML external entities. Successful exploitation will result in code execution. |
| 7.5 | E17-3egl2 |
BID-101261 CVE-2017-12629 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-43009 |
Exploits | This strike exploits a remote code execution in Apache Solr. The vulnerability exists due to Apache Solr RunExecutableListener class can be used to execute arbitrary commands on postCommit or newSearcher events. Successful exploitation will result in code execution. |
| 6.8 | E17-0wtk1 |
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) EXPLOITDB-42536 |
Exploits | This strike exploits a Stack Buffer Overflow vulnerability in Flexense DiskPulse. The vulnerability is due improper length validation of user input from imported XML files. By exploiting this vulnerability, an attacker could execute arbitrary code in the security context of the user. |
| 5.0 | D17-3fwf1 |
BID-101085 CVE-2017-14495 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) URL |
Denial | This strike exploits a memory exhaustion vulnerability in DNSMasq. When run with certain options, DNSMasq will incorrectly parse non-QUERY DNS messages. If a non-QUERY message has a Questions count of 1 but no actual questions section, DNSMasq will store certain data to memory before encountering an error when attempting to pass over the non-existent Question section. During error handling, the stored data will not be freed, resulting in a memory leak. An attacker can repeated send specially crafted DNS messages to exhaust system memory, resulting in a denial of service condition. |