Immunity Products: MySQL, CANVAS, and you

immunityinc.com
sales@immunityinc.com
+1 786 220 0600

CANVAS: an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals.
learn more about canvas
SWARM: quickly deploy an exploit or reconnaissance tool against large sections of a cyber range.
learn more about swarm
SILICA: Immunity has built the first automated, WiFi specific, vulnerability assessment and penetration tool.
learn more about silica
IMMUNITY DEBUGGER: Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files.
learn more about immunity debugger
EL JEFE: Immunity's open source project, El Jefe is a Windows based process monitoring solution.
learn more about el jefe

IMMUNITY SERVICES

Certifications:
Certified Network Offense Professional (NOP)

Thursday, June 14, 2012

MySQL, CANVAS, and you

The latest MySQL vulnerability is a bit of a weird one - it's a bug in the underlying LibC which means that memcmp is broken in many cases. This is only the case on modern x64 machines, in certain configurations.

Actually exploiting this remotely over the Internet is probably a rare thing. Not only is MySQL rarely exposed, but if you are crazy enough to expose MySQL to the public, then it's more than likely you can't afford a x64 machine or virtual host. We expect our CANVAS customers will largely use this module for internal testing.

So without further ado, here's a movie of Immunity's implementation of it, with some penetration testing ideas for your perusal. You can view it in high quality here, or below in blurry blogger-view.

Immunity Products

// RECENT POSTS:

// SUBSCRIBE:

IMMUNITY SERVICES

Immunity Products

Thursday, June 14, 2012

MySQL, CANVAS, and you

No comments: