Vailyn Versions Save

[New Features]

• added an ASCII only mode, for environments that don't support UTF8
• added option to use your favourite terminal emulator instead of konsole in the RCE attack
• both additions can be toggled and configured in core/config.py

[Improvements]

• added a possible location for apache2 logs to the dictionary
• made /etc/passwd REGEX matching optional (controlled in config.py)

[Bug Fixes]

• modified payload so it works if target is not running bash as default shell
• fixed issues with SSH log poisoning attack
  • password prompt showing up (fixed by using sshpass)
  • payload being truncated due to max username length

[Improvements]

• added filter evasion by random capitalization of php://input
• RCE module looks for log files in multiple locations
• cleaned up code for techniques 1, 2, 5

[Bug Fixes]

• fixed php://input regression introduced in 3.2.3
• increased RCE payload request timeout, so that shell can spawn on remote servers before cancelling

[Bug Fixes]

• changed default /etc/passwd to etc/passwd
  • for some filters, not working payloads would be marked as working, since the absolute path /etc/passwd would remain
  • support for absolute paths & RFI is planned for a later release, no concrete date known though
• fixed wrapper RCE payloads not working due to missing URL encoding

[Improvements]

• quit Vailyn once reverse shell was received
  • else, all later checks would pass automatically, as long as shell is active
• additional check against false positives when using /etc/passwd as file (REGEX)
• added missing tooltips in GUI

[Bug Fixes]

• fixed: RCE module was not able to detect shell due to type mismatch
• fixed: RCE module was not able to detect shell from single-threaded servers due to request blockage
• updated outdated GUI labels
• fixed: authentication cookie not used in cookie fetching request
• fixed: cookie crawler would scan authentication cookie, leading to false positives due to being logged out

[Bug Fixes]

• fixed an issue in the RCE module that nullbytes would not be applied to wrappers
• minor display issue in the RCE selection menu

[New Features]

• new attack vector: POST JSON (-a 5, crawler moved to -a A)

[Bug Fixes]

• fixed an issue that POST Data was not correctly set for wrapper RCE

[Improvements]

• removed Arjun fork from lib/ and use original latest version
  • install Arjun >= 2.1 via pip
• changed the way the cookie from -c is handled
  • provided in header format to the tool (f.i. id=foo;secret=bar)

[New Features]

• support for LFI wrappers (like php://filter) in Phase 1 + Phase 2 File Leaking
  • specify argument --lfi

[Improvements + Usage Changes]

• regrouped --lists FILEDICT DIRDICT and --listen IP PORT together in 1 argument: -p2 TP P1 P2, --phase2 TP P1 P2
  • use -p2 leak FILEDICT DIRDICT to leak files
  • use -p2 rce IP PORT to use the RCE module
• changes to the "short" argument names to make them more logical
• minor UI improvements
• code style improvements

[Bug Fixes]

• fixed some compatibility issues with Microsoft Windows (see updated installation instructions if you use Windows)
• fixed style sheet issue, making tooltips unreadable if a light theme is used
• fixed a rare false positive in the path attack mode (-a 2) by introducing another check
• fixed crash when passing authentication cookie via -c and improved how this cookie is transferred to Arjun by the crawler
• fixed notify2 crashes when called as subprocess by other scripts by introducing argument --notmain. Developers using Vailyn in their tools can add this argument if affected.

[Improvements]

• Code Style Improvements

[Bug Fixes]

• fixed a crash introduced by 3.0.0-1, which occurred when using --nosploit and no results have been found
• fixed a rare false positive in the path attack mode (-a 2) by introducing another check
• fixed crash when passing authentication cookie via -c and improved how this cookie is transferred to Arjun by the crawler

[Improvements]

• added some new wrappers to --lfi
• wrappers now use filter evasion by random capitalization