[Silica] SILICA v7.41

Oren Isacson oren at immunityinc.com
Mon Nov 30 12:45:30 UTC 2020


Immunity is proud to announce the release of SILICA v7.41!

- WPA traffic decryption using the Kr00k Attack (CVE-2019-15126):
The Kr00k Attack exploits a vulnerability in some very common Broadcom
chipsets that cause a device to send zero-key encrypted data packets
for a short period of time after a deauthentication packet is received.
This module will send deauthentication packets to trigger the
vulnerability, decrypt the packets, and display them on a wireshark
window.

The module supports attacking a single device, or all devices connected
to an access point. The module uses an heuristic based on the timing
and throughput of data packets from the target to be more effective.
The heuristic parameters can be adjusted from the Preferences Panel.

Note: Some Broadcom chipsets support a non-standard modulation scheme
that the SILICA card does not support. It is possible that this module
does not work when the target is connected to an Access Point that has
a Broadcom chipsets and they are using this modulation scheme. This
module was tested on a Raspberry Pi 3 target.

To view a demonstration of the new features visit:
https://vimeo.com/481719308/142b2d1d98

Videos can be found at:
Network Printer Attacks -
https://vimeo.com/270182796
Bypassing WPA2 encryption using the KRACK attack -
https://vimeo.com/251369829
SILICA 7.31: Samba Server Exploitation -
https://vimeo.com/230656937
D-link and Microsoft WSUS Exploits -
https://vimeo.com/209259981
Fake Captive Portal Demo -
https://vimeo.com/198045435
Malicious Access Point Detection -
https://vimeo.com/177231337
Karma attack filtering and background WPA handshake sniffer -
https://vimeo.com/165882825
Access Point Mapping - https://vimeo.com/157178038
Full Karma Attack - https://vimeo.com/155393829
SMB proxy and group policy exploit - https://vimeo.com/136964755
SSL attacks using SSL stripping and self signed certificates -
https://vimeo.com/122117823
Exploiting Android WebView.addJavaScriptInterface -
http://vimeo.com/109831748
Pixie Dust WPS Attack - https://vimeo.com/130883860
More WPS attacks - https://vimeo.com/album/3385057/video/115337910
General overview -
http://www.immunityinc.com/movies/SILICA_7.5_New_Features.mov
Wireless Window  -
http://www.immunityinc.com/movies/SILICA_Wireless_Window.mp4


SILICA Team


More information about the SILICA mailing list