[Canvas] CANVAS 7.25 released

Immunity CANVAS canvas at immunityinc.com
Fri Feb 28 17:56:38 UTC 2020


########################################################################
#                       *CANVAS Release 7.25*                          #
########################################################################

*Date*: 28 February 2020

*Version*: 7.25

*Download URL*: https://canvas.immunityinc.com/getcanvas

*Release Notes*:

In this CANVAS release we are bringing you 7 new modules and bugfixes.
We have updated our installers in order to include a new dependency for
our curveball module (pyopenssl).

Our new modules include a total of four Remote Code Execution modules
targeting:
- Ruby on Rails (2)
- Citrix ADC/Gateway
- rConfig

We also added a module for the curveball vulnerability and two
post-exploitation modules for iDrac (retrieve list of users, remove user).

In addition to our modules we are also pushing a lot of bugfixes and
updates in order to support Windows 64bit on old modules.


==Changes==

o exploitmanager fix

o get_token_info no longer freezes other modules (e.g. GetSystem)

o Commands updated to support 64bit
 o dump_certstore
 o ps_networkinfo
 o ps_invokemimikatz
 o ad_adminhunter
 o ad_check4PSadmin
 o ad_dlexecute_psmosdef
 o ad_getcomputers
 o ad_getdomainusers
 o ad_getlocalusers
 o ad_getuserdetails

o GetSystem fixes and improvements
 o blacklisted event_viewer_mscfile
 o get_token_info is the first module to be called

==New Modules==

o netscaler_traversal_rce (CVE-2019-19781)

o curveball (CVE-2020-0601)

o rails_activestorage_rce (CVE-2019-5420)

o rails_accept_readfile (CVE-2019-5418)

o rconfig_ajaxserver_rce (CVE-2019-16662)

o del_idrac_user

o get_idrac_users


*CANVAS Tips 'n' Tricks*:

The rails_activestorage_rce module only affects apps deployed in
production mode and uses rails_accept_readfile to read files needed to
obtain Remote Code Execution.

########################################################################
########################################################################


More information about the Canvas mailing list