Category Archives: Vulnerability discovery

Msfenum: automation of MSF auxiliary modules

Low hanging fruit scans can be very useful when performing a penetration test. Especially when performing a internal penetration test a low hanging fruit scan can be very effective. Usually when performing a internal penetration test I am using among other things the Metasploit auxiliary modules to quickly enumerate the network. The modules can give some interesting findings very quickly, such as:

  • open SMB/NFS shares;
  • End-of-life systems, such as Windows XP & Windows 2003 server;
  • MS17-010 vulnerable systems.

Those findings are quick wins and can give you an entry point to the network in order to escalate privileges (e.g. MS17-010 -> DA creds) pretty fast. This helps to tell your customer that you were able to obtain high network permissions within a few hours (if you are able, a malicious attacker is able as well).

Continue reading

CVE-2014-2299: Wireshark MPEG file parser buffer overflow

Around the 6th of March 2014 i reported a security issue (CVE-2014-2299) to the developers of Wireshark-logoWireshark. I discovered the vulnerability in Wireshark using file fuzzing. The versions 1.10.0 to 1.10.5 and 1.8.0 to 1.8.12 of Wireshark are affected by the vulnerability.

The vulnerability is present in the wiretap/mpeg.c file. The maximum packed size was not checked correctly, so the vulnerability could lead to a Denial of Service (DoS) or arbitrary code execution. The exact modification which is done by the developers of Wireshark to fix the problem, can be found here:

https://code.wireshark.org/review/#/c/533/2/wiretap/mpeg.c

Continue reading