Hollywood Hacking: Tapping Webcams and Mics
This week's update has two new post modules for Metasploit, which enables the creative pen-tester to hit that creeper vibe so often missing on a typical engagement, both by Metasploit exploit dev Wei @_sinn3r Chen. They're both post-exploitation modules, so they presume you already have a session on the target via some other exploit.
First up is a webcam control module, which can take a snapshot using the target's webcam. Aside from capturing the looks of surprise when you execute your annoying popup, there are several office and cubicle configurations that expose sensitive information such as passwords, addresses, or other organization details within view of users' workstations, which are now on the table as collected evidence for a penetration test.
Second is a microphone control module, which brings the audio portion of your A/V torment. About a million attack scenarios open up when you've effectively bugged your target with their own equipment, but how to make sense of all your new input? Never fear, sinn3r put together a quick HOWTO on machine-driven keyword parsing using off-the-shelf tools, so now it's up to you to figure out how to prompt people to say their passwords and PINs aloud.
Java Exploits for CVE-2012-5076 and CVE-2012-5088
Java's been sticking in the security news, as you already know, so what better time to release some new exploits for some old vulnerabilities? Metasploit exploit developer Juan Vazquez dropped a couple new Java exploit this week, along with one of his exceedingly detailed blog posts of how he got there. So, check out Juan's New Java Modules post, and come to the realizations that a) Java 0-days are cool, but even slightly aged Java exploits can be just as fun to exploit, and b) nobody updates Java anyway, so using these exploits on an engagement is a great way to prove that.
- MYSQL File/Directory Enumerator by Robin Wood
- Java Applet AverageRangeStatisticImpl Remote Code Execution by juan vazquez and Unknown exploits CVE-2012-5076
- Java Applet Method Handle Remote Code Execution by juan vazquez and Unknown exploits CVE-2012-5088
- Jenkins Script-Console Java Execution by Spencer McIntyre and jamcut
- Nagios3 history.cgi Host Command Execution by Daniele Martini, Jose Selvi, Unknown, and blasty exploits CVE-2012-6096
- PHP-Charts v1.0 PHP Code Execution Vulnerability by AkaStep and Brendan Coles exploits OSVDB-89334
- Multi Manage Record Microphone by sinn3r
- Razer Synapse Password Extraction by Brandon McCann "zeknox", Matt Howard "pasv", and Thomas McCarthy "smilingraccoon"
- Windows Manage Webcam by sinn3r
If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows. If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration.
For additional details on what's changed and what's current, please see Brandon Turner's most excellent release note