.

From EXPLOIT to Advisory

<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Thu Aug 19, 2010 1:17 pm

From EXPLOIT to Advisory

(I had to on the subject... couldn't help it)

I don't want to re-type something I typed already :( swamped between work + lab + play + home + etc. So copy and paste ;)


There I was minding my business listening to Frontline Assembly's Machine Slave while attacking one vendor's product via packetfuzzing when in return I stumbled upon a vulnerability for another vendor. Not a big deal, the same thing happened while fiddling around and tripping up a nasty Wireshark bug earlier this year.

What interested me the most was, the collateral damage from the tool. What a wicked little tool on my hands. Imagine running a DoS attack inside of a virtualized server and making that DoS attack disconnect EVERY single machine on the virtualized server. Doesn't seem to matter who the target is or the source address being spoofed. After about 2 minutes, the entire VMWare stack is hosed. Hosed as in, there is nothing you can do to reset the virtualized host. Restart the virtualized machine? No workie workie. Restart VMWare as a service? No workie workie. All of the virtualized machines in the server are hosed, sayanora; "you are the weakest link goodbye."

Solution? Reboot the entire server. Unsure of a public release of the tool.

(humor http://www.youtube.com/watch?v=Qm2BpI6TCDE)

Possible attack uses:

    * Insider attack on a rogue nation state's cloud infrastructure.
    * Parallel(slash)Escalation based attack where reboot is needed. (surely non working VM servers'll do that)
    * Being a script kiddiot
    * Being an "Advanced Persistent Script Kiddiot"
    * INSERT_YOUR_OWN_ATTACK_HERE

With all this said, I now present a demo on mushroom cloud in high def (1280x720). X-lation full screen viewing is best

http://www.infiltrated.net/mushroomcloud/mushroomdemo/


Step 1) Exploit
Step 2) Lallygag and debate to disclose or ZDI the thing...
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Fri Aug 20, 2010 11:37 am

Re: From EXPLOIT to Advisory

Mushroom Cloud - The Morning After ...
http://www.infiltrated.net/mushroomcloud/morningafter/

In attempts to videoexplain what is going on... I launched mushroomcloud against itself ... Same results
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Aug 20, 2010 12:40 pm

Re: From EXPLOIT to Advisory

I'm gonna have to set this up, and see it for myself.  Amazingly simple...

Edit:  sil, offline, can you send my way?
Last edited by hayabusa on Fri Aug 20, 2010 12:47 pm, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software