| Ticket | Info |
|---|---|
| DE9161 (1468163) | Additional exception handling code was created to handle SSL handshakes that failed in the middle of connections. They will report as strike errors, since this error occurs before a malicious strike is sent or received.. |
| Ticket | Info |
|---|---|
| US79883 | Changes to the Audio superflows "WhatsApp Voice Call" superflow is now by default using standard traffic consisting of both relayed and peer-to-peer traffic. "WhatsApp Peer to Peer Voice Call" superflow was removed. A new superflow was introduced that simulates the scenario of relayed-only traffic called "WhatsApp Voice Call Relayed". Bugs and enhancements - video call superflows were added: "WhatsApp Voice Call" and "WhatsApp Voice Call Relayed" - the length of the calls can be changed through a parameter instead of using a Goto action to create a loop, time of the call can be controlled separately for the peer-to-peer and relayed traffic - the RTCP packets marking the start and end of the call were updated to match the latest version of the protocol - the sequence numbers of the RTP packets are now correct - health messages can appear inside RTP traffic, not only at the beginning and the end - RTCP control messages and health messages can be switched on and off - size and fields of RTCP packets is fixed (AVB and Sender Report) |
| US80080 | The following SMB 3.0 features have been implemented:- message signing using AES-128-CMAC- message encryption on a per-share basis using AES-128-CCM- secure negotiation- multichannel (establish alternate channel for a session)Message types supported: NEGOTIATE, SESSION_SETUP, TREE_CONNECT, CREATE, READ, WRITE, CLOSE, VALIDATE_NEGOTIATE_INFO. |
| US80581 | Updated superflow 'Pandora'. Added TLS actions to this superflow. |
| US80586 | Updated superflow 'Citrix' and 'Citrix Full'. Added TLS actions to these superflows. |
| US82655 | Deprecate Application Protocol 'Baidu Oct 16'. |
| US82680 | Deprecated Application Protocol 'Reddit'. |
| US83044 | Added a new Action 'Value Response - UDP' to Application Protocol 'Memcached'. |
| Name | Category | Info |
|---|---|---|
| SMBv3 | Data Transfer/File Sharing | The Server Message Block (SMB) Protocol enables clients to request file and print services from a server system over the network. This flow simulates version 3.0 of the protocol. Tokens are not supported in this flow. |
| Baidu Feb18 | Social Networking/Search | Baidu is primarily a search engine that scours the Web for content. In addition, Baidu offers a wide range of search and search-related products such as local search, maps, book search, blog search, patent search, an encyclopedia, mobile entertainment, a dictionary and an anti-virus platform. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. |
| Reddit Feb18 | Social Networking/Search | Reddit is a social news aggregation, web content rating, and discussion website. Registered members submit content to the site such as links, text posts, and images, which are then voted up or down by other members. Content is divided into numerous categories called 'subreddits'. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. |
| iTunes Desktop Feb18 | Voice/Video/Media | iTunes is a media player, media library and Internet radio broadcaster application developed by Apple Inc. It is used to play, download, and organize digital multimedia files on personal computers running the macOS and Windows operating systems. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. |
| Name | Category | Info |
|---|---|---|
| DDoS Memcached Reflection Flood | Database | This denial of service attack simulates a Memcached reflection attack. This traffic is typically seen by the victim as a large flood of data from UDP sourceport 11211. |
| SMTP 100K TLS | Email/WebMail | Simulates an SMTP Email session over TLS, in which the client connects to the server, issues a STARTTLS command, tells where to send the data, and then sends the message of type pdf and size 100KB.[RFC 1035][RFC 2487][RFC 5321]. |
| Netflix Player | Voice/Video/Media | Simulates a Netflix session that uses the player through a content delivery network (CDN). The client views the movie page, authenticates and then streams the movie data. |
| Steam Login TLS Encypted | Games | This emulates a login to the Steam gaming network. The TCP traffic is TLS encrypted. |
| WhatsApp Video Call | MobileVoice/Video/MediaChat/IM | Video call part of the WhatsApp mobile application. Simulation of a call session containing both peer-to-peer and relayed traffic. |
| WhatsApp Video Call Relayed | MobileVoice/Video/MediaChat/IM | Video call part of the WhatsApp mobile application. Simulation of the scenario when a peer-to-peer connection cannot be established and all traffic is relayed through servers. |
| WhatsApp Voice Call | MobileVoice/Video/MediaChat/IM | Simulates the WhatsApp Call protocol. The call length can be varied, within a granulation of two seconds. |
| WhatsApp Voice Call Relayed | MobileVoice/Video/MediaChat/IM | Video call part of the WhatsApp mobile application. Simulation of the scenario when a peer-to-peer connection cannot be established and all traffic is relayed through servers. |
| DICOM ASSOCIATE Operation TLS Encrypted | Secure Data Transfer | Digital Imaging and Communications in Medicine (DICOM) A-ASSOCIATE command emulation. Uses TLS encyption. |
| DICOM C_STORE Operation TLS Encypted | Secure Data Transfer | Digital Imaging and Communications in Medicine (DICOM) P-STORE command emulation. A DICOM data set is transfered from the client to the server after the two endpoints establish an association. This is followed by the association being released. Uses TLS encyption. |
| Baidu Access Network of Web Portals Feb 18 | Social Networking/Search | Access the web portals related to the Baidu search engine, present in the quick links section. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. |
| Baidu Browse Web Pages Feb 18 | Social Networking/Search | Use the Baidu engine to search for websites using strings and pictures. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. |
| BreakingPoint SMBv3 Encrypted File Download | Data Transfer/File Sharing | Simulates an SMB 3.0 encrypted session in which the client authenticates and connects to the server to request and download a file. |
| BreakingPoint SMBv3 Establish Alternate Channel | Data Transfer/File Sharing | Simulates SMB 3.0 multichannel feature by multiplexing one session on two connections. |
| BreakingPoint SMBv3 Secure Negotiation | Data Transfer/File Sharing | Simulates SMB 3.0 secure dialect negotiation. |
| Reddit Account Management Feb 18 | Social Networking/Search | Access the setting menus and the inbox for a Reddit account. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. |
| Reddit Browse Content Feb 18 | Social Networking/Search | Search and access posts, do specific actions such as commenting, subscribing and access different parts of the website. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. |
| iTunes Desktop App Store Feb18 | Voice/Video/Media | Start the Apple iTunes application, browse the App Store, then search for an app, view and download it. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E14-zrax1 |
BID-70351 CVE-2014-4121 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) MS14-057 |
Exploits | This strike exploits a heap corruption vulnerability in Microsoft .NET Framework. The vulnerability is due to an integer underflow occurring while Internationalized Resource Identifier (IRI) elements are processed. A remote, unauthenticated attacker can execute arbitrary code in the context of .NET web application by sending crafted IRI strings to the vulnerable server. |
| 10.0 | E10-ytbd1 |
BID-37926 CVE-2010-0073 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) SECUNIA-38345 |
Exploits | A command execution vulnerability was found in Oracle WebLogic Server's Node Manager. The vulnerability is due to the fact that the resources of Node Manager utility within WebLogic Server can be reached without authentication. Vulnerability can be exploited by sending a specially crafted HTTP request to the process listening on port 5556/TCP. Successful exploitation can result in arbitrary code execution in the context of the running process. |
| 10.0 | E10-ytfr1 |
10-006 10-012 BID-38085 CVE-2010-0231 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) |
Exploits | This strike exploits an insufficient entropy vulnerability in Microsoft Windows SMB. The Microsoft Windows implementation of SMB does not have sufficient entropy in the NTML challenge/response authentication method. If an attacker can capture a successful authentication, the attacker can send a large number of authentication requests until the challenge is duplicated, at which point the attacker can use the collected response to authenticate. Successful exploitation may result in successful authentication. Note: for testing speed, this strike sends 20 messages. And actual attack would likely send hundreds per second. |
| 8.5 | E17-0xa01 |
CVSS-8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C) EXPLOITDB-43128 URL |
Exploits | This strike exploits a command injection vulnerability existing in ESF pfSense firewall. This vulnerability is due to improper sanitization of the PHP cmdName parameter. A successful attack allows the attacker to execute on the target machine arbitrary system commands under the context of the ROOT user. |
| 7.8 | E17-3ftc1 |
CVE-2017-14384 CVSS-7.8 (AV:N/AC:L/AU:N/C:C/I:N/A:N) ZDI-18-129 |
Exploits | The vulnerability allows attackers read access to arbitrary file contents accessible in the Dell EMC Storage Manager server by insufficient validation of user input on requests. Successful exploitation could result in arbitrary file accessible on target with SYSTEM privileges. |
| 7.8 | D18-8va31 |
CVE-2018-1000027 CVSS-7.8 (AV:N/AC:L/AU:N/C:N/I:N/A:C) URL |
Denial | This strike exploits a null pointer dereference vulnerability in Squid Proxy Server. Due to an implementation error, a null pointer dereference occurs when Squid attempts to fetch HTML fragments from esi:include elements. This dereference results in a segmentation fault, leading to abnormal termination of the Squid process. |
| 7.6 | E18-0mx11 |
CVE-2018-5093 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a vulnerability in the Mozilla Firefox browser. Specifically, the vulnerability exists in the WebAssembly component of Firefox. When handling a table object, the get and set methods are not properly validated. It is possible for a user to provide a value to the index argument of one of these methods to access random memory in the heap buffer of where this table object is stored. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
| 7.6 | E17-3dtu1 |
BID-101081 CVE-2017-11810 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-43131 GOOGLE-1340 |
Exploits | This strike exploits a vulnerability in the Microsoft Internet Explorer browser. Specifically, the vulnerability exists in jscript.dll. Javascript can be crafted in such a way that allows for a Use-After-Free to occur in the JsErrorToString function, which can cause a heap buffer overflow. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
| 7.5 | E18-0oiy1 |
CVE-2018-7178 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-44136 SCIP-113544 |
Exploits | This strike exploits an SQL injection vulnerability in the Saxum Picker 3.2.10 component for Joomla! The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure. |
| 7.5 | E18-0o2g1 |
CVE-2018-6584 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-44108 SCIP-113541 |
Exploits | This strike exploits an SQL injection vulnerability in the DT Register 3.2.7 component for Joomla! The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure. |
| 7.5 | E17-mggs1 |
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a file upload vulnerability in Clipbucket web application. The vulnerability is due to improper validation of the user controlled input to the file uploading scripts. By exploiting this vulnerability, a remote, unauthenticated attacker can upload any file including PHP scripts and execute them on the target server. NOTE: When run in one-arm mode, target web application index needs to be available at http://[server]. |
| 6.8 | E17-3fj41 |
CVE-2017-14016 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) MSF-HTTPS://GITHUB.COM/RAPID7/METASPLOIT-FRAMEWORK/BLOB/MASTER/MODULES/EXPLOITS/WINDOWS/SCADA/ADVANTECH_WEBACCESS_WEBVRPCS_BOF.RB ZDI-17-938 |
Exploits | This strike exploits a buffer overflow vulnerability in Advantech WebAccess. The vulnerability is due to lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. A specially crafted DCE/RPC request can overflow a buffer, which could lead to arbitrary code execution or abnormal termination within the context of the WebAccess process. |
| 6.8 | E18-8vab1 |
CVE-2018-1000035 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a heap buffer overflow vulnerability in Info-Zip unzip tool up version 6.0.0. The vulnerability is due to invalidation of filenames contained in the archive file to be unzipped. An attacker could potentially run arbitrary code on the target system by enticing a user to unzip a maliciously crafted zip file. |
| 6.8 | E17-3dfw2 |
BID-95344 CVE-2017-11308 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits an integer overflow vulnerability in Adobe Acrobat Reader ImageConversion component. The vulnerability is due to improper parsing of EMF+ records in an EMF file. Successful exploitation may result in execution of arbitrary code with user privileges. Failure to exploit will not typically result in a crash. |
| 5.0 | E17-3hmo1 |
CVE-2017-16736 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:P/A:N) URL ZDI-18-055 |
Exploits | An arbitrary file overwrite vulnerability has been identified in Advantech WebAccess SCADA web platform. The vulnerability is caused by the lack of proper input sanitisation of the gmicons.asp picfile parameter. The vulnerability can be exploited by sending a specially-crafted request, allowing the attacker to execute code on the remote machine with the privileges of the application process. |
| 5.0 | E18-0jvu3 |
CVE-2018-5445 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) URL ZDI-18-142 |
Exploits | An arbitrary file overwrite vulnerabilty has been identified in Advantech WebAccess SCADA web platform. The vulnerability is caused by the lack of proper input sanitisation of the certUpdate.asp filename parameter. The vulnerability can be exploited by sending a specially-crafted request, allowing the attacker to execute code on the remote machine with the privileges of the application process. |
| 4.3 | E17-0f3v1 |
BID-98785 CVE-2017-4971 CVSS-4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N) URL |
Exploits | This strike exploits a remote command injection vulnerability in the Pivotal Spring Web Flow framework. The vulnerability exists due to insufficient validation of binding SPEL expression. The vulnerability can be exploited by sending a specially crafted HTTP request, allowing arbitrary command injection. |
| 4.3 | E13-zife1 |
BID-58793 CVE-2013-2618 CVSS-4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N) EXPLOITDB-24913 URL |
Exploits | This strike exploits a remote code execution vulnerability in Network Weathermap plugin for Cacti. The vulnerability is due to improper input validation of the "map_title" parameter in HTTP requests to "editor.php" script. By exploiting this vulnerability, a remote, unauthenticated attacker can execute arbitrary PHP code on the target server. NOTE: When run in one-arm mode, Weathermap plugin editor needs to be available at http://[server]/cacti/plugins/weathermap/editor.php |
| 4.3 | E17-0ifa1 |
CVSS-4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N) URL |
Exploits | This strike exploits a command injection vulnerability in Clipbucket web application. The vulnerability is due to improper input validation of the "file_name" parameter in HTTP requests to "file_uploader.php" script. By exploiting this vulnerability, a remote, unauthenticated attacker can execute arbitrary OS commands on the target server. NOTE: When run in one-arm mode, file_uploader.php script needs to be available at http://[server]/api/file_uploader.php. Test will create a file named "exploited" in the same location as the vulnerable script. |
| 2.6 | E18-0jl81 |
BID-102389 CVE-2018-0780 CVSS-2.6 (AV:N/AC:H/AU:N/C:P/I:N/A:N) EXPLOITDB-43720 GOOGLE-1433 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. The ASM EmitCall function does not properly handle invalid function calls and this can lead to an out of bounds read. This may lead to a denial of service condition in the browser, or potentially remote code execution. |