Open source project exhibited at Asia’s biggest hacking conference
A hacking tool designed to aid privilege escalation by leveraging known security vulnerabilities was demonstrated at Black Hat Asia last week.
Vulmap, an open source project, contains an online local vulnerability scanner used for probing Windows and Linux systems.
Besides discovering vulnerabilities on the localhost, it also displays information about the flaw, including the CVE number and risk score and, if it exists, related exploit ids and exploit titles.
This information can then be used to facilitate privilege escalation attempts.
Yavuz Atlas, developer of Vulmap, demonstrated how to successfully use the tool during Black Hat Asia’s Arsenal track.
RELATED Tool that turns Domain Name System into a security layer unveiled at Black Hat 2020
He told The Daily Swig: “Since Vulmap’s main goal is aiding privilege escalation, this [CVE] information is useful.
“When you get a shell in a system with lower [user] rights, there are some main methods to escalate your privilege. One of them is finding a vulnerable application that runs with a higher privilege and exploiting it to get a shell with its rights.”
This process, he says, is aided with the use of a vulnerability scanner such as Vulmap. Atlas added: “Finding a vulnerable application manually… is not an easy task.”
Vulmap pulls data from vulnerability intelligence search engine Vulmon, instead of relying on a locally maintained database. This ensures users are provided with the most detailed and up-to-date information, Atlas said.
On the defense
Vulmap is primarily used for offensive purposes, but it can also be deployed by defensive security teams.
The tool is currently aimed at detecting third-party software vulnerabilities. Looking ahead, Atlas said it will be expanded to scan for operating system bugs.
“There are some demands from the community for making a remote version ,” he added
“We have not decided priorities of future works, but if we have time Vulmap project can expand in the future.”
READ MORE Open source post-exploitation framework automates silent RCE attacks on Windows devices