Security News #0x85
- There is a new Metasploit module to exploit Adobe Flash player. Currently the module is restricted to only Internet Explorer on Windows 7 running Adobe Flash player 188.8.131.52. The underlying vulnerability is CVE 2015-0138 which is reported to impact Adobe Flash player before 184.108.40.2069 and 14.x through 16.x before 220.127.116.115 on Windows and OS X and before 18.104.22.1682 on Linux. The post from Project Zero at Google on this issue is well worth reading.
- Older versions of Windows were vulnerable to an attack that exploited how Windows handles shortcut files; there is an existing and a new Metasploit module to attack the problem; the vulnerability is CVE 2010-2568 and was patched in MS 10-046. Mostly. It turns out that the patch does not quite solve the problem, and there are two new Metasploit modules that are able to exploit the issue, even if MS10-046 is installed on Server 2003 SP2, or if MS14-027 is installed on Server 2008 SP2. (Sigh). The underlying vulnerability is now named CVE 2015-0096 and it was patched in MS15-020.
- openEMR 4.2.0 suffers from both Cross site scripting and SQL injection vulnerabilities.
- If you want to see how Red Team approached the pacific regional CCDC event this past weekend, take a look at the blog from LockBoxx.
- Did you know that you can grab plaintext passwords from a memory dump of lsass? Mimikatz for the win.
- Would you like to learn more pivoting using SSH and/or Meterpreter? Take a look at the post from Arr0way.
- Did you know it is possible to run man-in-the-middle attacks against MSSQL?
- Here is a neat trick that can recover a MySQL password without restarting the MySQL daemon.
- If you are a student looking at different ways to maintain persistence on a Windows system, you might want to take a look at the approach of blakhal0, who uses Windows scheduled tasks.
- RIP Terry Pratchett.
+++ Divide By Cucumber Error. Please Reinstall Universe And Reboot +++
— (Terry Pratchett, Hogfather)