[Silica] SILICA v7.38

Oren Isacson oren at immunityinc.com
Tue Jul 16 20:02:02 UTC 2019


Immunity is proud to announce the release of SILICA v7.38!

- APT Remote Code Execution Exploit (CVE-2019-3462)
 This module exploits a vulnerability in apt to achieve remote code
 execution. The vulnerability is caused by incorrect sanitation of the
 302 redirect field in the HTTP transport method of apt versions 1.4.8
 and earlier. This attack will be used with the "Become this network
 with client-side injection" action, when the "transparent HTTP proxy"
 option is set. If a client joins the network, and tries to install a
 package using apt, the attack will be performed.  In order for it to
 succeed, apt should download release files (Release.gpg).

- Fixes an issue that prevents SILICA from joining certain WEP networks.

Videos can be found at:
Network Printer Attacks -
https://vimeo.com/270182796
Bypassing WPA2 encryption using the KRACK attack -
https://vimeo.com/251369829
SILICA 7.31: Samba Server Exploitation -
https://vimeo.com/230656937
D-link and Microsoft WSUS Exploits -
https://vimeo.com/209259981
Fake Captive Portal Demo -
https://vimeo.com/198045435
Malicious Access Point Detection -
https://vimeo.com/177231337
Karma attack filtering and background WPA handshake sniffer -
https://vimeo.com/165882825
Access Point Mapping - https://vimeo.com/157178038
Full Karma Attack - https://vimeo.com/155393829
SMB proxy and group policy exploit - https://vimeo.com/136964755
SSL attacks using SSL stripping and self signed certificates -
https://vimeo.com/122117823
Exploiting Android WebView.addJavaScriptInterface -
http://vimeo.com/109831748
Pixie Dust WPS Attack - https://vimeo.com/130883860
More WPS attacks - https://vimeo.com/album/3385057/video/115337910
General overview -
http://www.immunityinc.com/movies/SILICA_7.5_New_Features.mov
Wireless Window  -
http://www.immunityinc.com/movies/SILICA_Wireless_Window.mp4


SILICA Team







More information about the SILICA mailing list