[Silica] SILICA v7.22
Oren Isacson
oren at immunityinc.com
Tue Sep 8 13:25:40 EDT 2015
Immunity is proud to announce the release of SILICA v7.22!
- Group Policy Exploit for Microsoft Windows (MS15-011)
Tested on Windows 7 targets joined to Windows 2008 R2 domain
controllers (DC). The SILICA VM's host should be on the same network
than the DC, that means packets should be able to reach the DC, and
the DNS server address should point to the DC. This exploit was tested
while on FakeAp with service impersonation mode. When successful, this
module will make changes to some registry values under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Window
on the target.
- SMB Transparent Proxy
When running a FakeAp with service impersonation, SILICA intercepts all
SMB packets. SMB traffic accessing ".exe" files will be modified to
include backdoors. This works as long as mandatory SMB signing is not
enabled on the target.
- Use-after-free in Adobe Flash Player (CVE-2015-5119)
This release also include some bug fixes, included:
- Issue with ARP scanning in man-in-the-middle/main-in-the-middle module.
- Issue with FakeAp module when handling large number of connections.
- Issue with FakeAp with service impersonation module with slow DNS
resolving.
To view a demonstration of the SMB proxy and group policy exploit visit:
https://vimeo.com/136964755
For any questions or support please email silica at immunityinc.com
Videos can be found at:
SSL attacks using SSL stripping and self signed certificates -
https://vimeo.com/122117823
Exploiting Android WebView.addJavaScriptInterface -
http://vimeo.com/109831748
Password stealing -
http://partners.immunityinc.com/movies/Silica-BrowserAutoFill-Take2.mov
AP less WEP cracking -
http://silica.immunityinc.com/AP_less_WEP_cracking.mov
Access point impersonation -
http://partners.immunityinc.com/movies/Access_point_impersonation.mp4
Custom traffic injection -
http://partners.immunityinc.com/movies/Traffic_injection.mp4
General overview -
http://www.immunityinc.com/movies/SILICA_7.5_New_Features.mov
Wireless Window -
http://www.immunityinc.com/movies/SILICA_Wireless_Window.mp4
Key retrieval (WEP, LEAP, WPA1,2) -
http://partners.immunityinc.com/movies/Lightning_Demo_SilicaU02.mp4
Passive session hijacking (facebook, twitter, gmail etc) -
http://partners.immunityinc.com/movies/Lightning_Demo_SilicaU_01.mp4
Pixie Dust WPS Attack -
https://vimeo.com/130883860
More WPS attacks -
https://vimeo.com/album/3385057/video/115337910
SILICA Team
More information about the SILICA
mailing list