F5 BIG-IP remote root authentication bypass Vulnerability (Update Link and payload for Metasploit)

F5 BIG-IP remote root authentication bypass VulnerabilityCVE reference: CVE-2012-1493Affected platforms: BIG-IP platforms without SCCPVersion: 11.x 10.x 9.xDate: 2012-February-16Security risk: HighVulnerability: F5 BIG-IP remote root authentication bypassResearcher: Florent DaigniereVendor Status: Notified / Patch availableVulnerability Disclosure Policy: https://www.trustmatta.com/advisories/

Howto: Banner Grabbing

If you want full detail, please go to the Source.

If you just type nmap on the console you will get a pretty detailed help
with all the switched nmap can run. Lets first start with a ICMP Echo
scan... -PE, we are adding -sn , which disables port scanning for now.




ICMP Echo Scans



So we scan our network and discover ourselves (192.168.0.5) and another
host 192.168.0.10. We have

ghost-phisher - GUI suite for phishing and penetration attacks

Ghost Phisher is a computer security application that comes inbuilt
with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has
an integrated area for automatic capture and logging of HTTP form method
credentials to a database. The program could be used as an honey pot ,
could be used to service DHCP request , DNS requests or phishing attacks


New Version 1.3

Ghost Phisher

Apple Safari used to exploit zero-day security hole in Windows 7

The vulnerability lets hackers inject malicious code on victim PCs through overly large Web page iFrames






Security
company Secunia today announced a highly critical zero-day
vulnerability affecting Windows 7, exploitable via Apple's Safari
browser, of all things. Secunia confirmed that the vulnerability affects
fully patched Windows 7 Professional 64-bit and cautioned that

Master to tcpdump