Thursday, January 20, 2011

Immunity Releases CANVAS 6.66

This release should be promising, as it provides updates to my personal favorite exploits that revolve around the SMB services on Windows hosts using port 445.


----------
19 January 2011
Version: 6.66 ("BEAST")
Release Notes:
This release introduces brand new DCERPC and SMB libraries and updates
to exploits using them. Some of the new features supported include NTLMv2
authentication, seal/sign with packet privacy option, full unicode support
and configurable fragmentation on both DCERPC and SMB layers for improved
covertness against sniffers and intrusion detection systems.
Moreover, Immunity has included improved SMB client and faster SMB brute forcing
modules, a new SMB server, 80+ updated modules that take advantage
of the new DCERPC/SMB features and, finally, two new exploits for
the Linux RDS and MS10-068 vulnerabilities.

Changes
  • libs/newsmb: Improved dcerpc/smb libraries
    (NTLMv1/v2, packet privacy/SEAL/SIGN, fragmentation,
    unicode)

  • Modules that use msrpc/smb functionality (too many
    to list) now gain aforementioned features and improved
    IDS evasion through expanded covertness feature.
New Modules
  • Linux_RDS (Linux Kernel <= 2.6.36-rc8 privilege escalation exploit)

  • MS10_068 (Microsoft Active Directory DoS)
CANVAS Tips 'n' Tricks:

New DCERPC covertness functionality: Covertness = 2 will enable crypto at the DCERPC layer. 5 will also enable moderate fragmentation at the DCERPC and SMB (if making use of that transport) layers. Finally, for those times that one has to go all out, 11 will deploy crypto and maximum fragmentation at both layers. Proceed with care!
Download URL: https://canvas.immunityinc.com/cgi-bin/getcanvas.py
Forum: https://forum.immunityinc.com/

2 comments: