[Silica] SILICA v7.40

Oren Isacson oren at immunityinc.com
Thu Feb 20 18:59:28 UTC 2020


Immunity is proud to announce the release of SILICA v7.40!

- Windows CryptoAPI Spoofing (CVE-2020-0601 )
A spoofing vulnerability exists in the way Windows CryptoAPI
(Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.
SILICA will try to exploit this vulnerability to spoof SSL certificates
with the "FakeAP with service impersonation" module.

- NETGEAR Telnet Enable Vulnerability
Several NETGEAR routers have a telnet daemon that can be enabled
remotely and accessed with default credentials. SILICA will try to
exploit this vulnerability with the "Attack" module and use it to
obtain credentials for the router's HTTP Console.

- Apple EAP-success attack (CVE-2019-6203)
There is a vulnerability in Apple devices that allows an attacker to
create fake access points that successfully spoof real access points.
This works by sending EAP-success messages that the Apple devices accept
even before validating credentials. SILICA will exploit this
vulnerability when creating a FakeAP with 802.1X encryption.

- Fix missing "edit key" submenu option for 802.1X networks.

Videos can be found at:
Network Printer Attacks -
https://vimeo.com/270182796
Bypassing WPA2 encryption using the KRACK attack -
https://vimeo.com/251369829
SILICA 7.31: Samba Server Exploitation -
https://vimeo.com/230656937
D-link and Microsoft WSUS Exploits -
https://vimeo.com/209259981
Fake Captive Portal Demo -
https://vimeo.com/198045435
Malicious Access Point Detection -
https://vimeo.com/177231337
Karma attack filtering and background WPA handshake sniffer -
https://vimeo.com/165882825
Access Point Mapping - https://vimeo.com/157178038
Full Karma Attack - https://vimeo.com/155393829
SMB proxy and group policy exploit - https://vimeo.com/136964755
SSL attacks using SSL stripping and self signed certificates -
https://vimeo.com/122117823
Exploiting Android WebView.addJavaScriptInterface -
http://vimeo.com/109831748
Pixie Dust WPS Attack - https://vimeo.com/130883860
More WPS attacks - https://vimeo.com/album/3385057/video/115337910
General overview -
http://www.immunityinc.com/movies/SILICA_7.5_New_Features.mov
Wireless Window  -
http://www.immunityinc.com/movies/SILICA_Wireless_Window.mp4


SILICA Team









More information about the SILICA mailing list