Skip to content

2023.10

Major Features / Enhancements

  • Auto-Injected Credentials: Added ability to auto-inject credentials into a regularly scheduled pentest using a NodeZero Runner.
  • Remote Access Tool Improvements: NodeZero's Remote Access Tool (RAT) has been updated with new techniques to evade some EDRs.

New Attack Content

  • Cisco IOS XE Web UI Exploit (CVE-2023-20198): Devices with the Web UI enabled are exposed to a vulnerability letting remote attackers establish a high-privileged account, potentially achieving full device control. This flaw is known to be exploited actively.
  • JetBrains TeamCity RCE: NodeZero detects and exploits an authentication bypass vulnerability (CVE-2023-42793) leading to unauthenticated remote code execution in JetBrains TeamCity.
  • H2 Console RCE: Exploitation of a vulnerability (CVE-2022-23221) in H2 Console versions up to 2.1.210 is now supported, enabling remote code execution.
  • Confluence Auth Bypass/ Priv Esc: Vulnerabilities in Confluence Data Center and Confluence Server versions (8.x before 8.3.3, 8.4.3, and 8.5.2) have been addressed. These versions had an unauthenticated RCE through a Broken Access Control Vulnerability. Successful exploitation allowed for the addition of a new admin user who could then upload and execute a Confluence plugin, achieving RCE as the Confluence user.
  • Apache Solr File Read (H3-2023-0023): Added support for exploitation on both Windows and Unix systems.
  • Azure Authentication Improvement: NodeZero now supports authentication using both Azure Refresh and Azure Access Tokens, enhancing the Azure attack flow.
  • Shodan External Host Discovery: Integrated Shodan's top 100 ports into the external host discovery TCP scan. Optimized the timing profile of these scans to increase precision and reduce potential network congestion.
  • WS_FTP Server RCE (CVE-2023-40044): NodeZero can now exploit a .NET deserialization vulnerability in WS_FTP Server versions (before 8.7.4 and 8.8.2). This flaw in the Ad Hoc Transfer module lets pre-authenticated attackers execute remote commands on the WS_FTP Server's underlying OS.

Bug Fixes

  • Fixed a regression bug which affected host discovery when using Zmap. This affected Internal Operations and NodeZero‚Äôs ability to discover hosts outside of its network.