Never Trust Your Victim: Weaponizing Vulnerabilities in Security Scanners
Abstract
The first step of every attack is reconnaissance, i.e., to acquire information about the target. A common belief is that there is almost no risk in scanning a target from a remote location. In this paper we falsify this belief by showing that scanners are exposed to the same risks as their targets. Our methodology is based on a novel attacker model where the scan author becomes the victim of a counter-strike. We developed a working prototype, called RevOK, and we applied it to 78 scanning systems. Out of them, 36 were found vulnerable to XSS. Remarkably, RevOK also found a severe vulnerability in Metasploit Pro, a mainstream penetration testing tool.
- Publication:
-
arXiv e-prints
- Pub Date:
- June 2020
- DOI:
- 10.48550/arXiv.2006.09769
- arXiv:
- arXiv:2006.09769
- Bibcode:
- 2020arXiv200609769V
- Keywords:
-
- Computer Science - Cryptography and Security
- E-Print:
- Accepted at RAID 2020