CANVAS v6.56 released

Immunity’s CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide.

Version 6.56 - 09/03/2010

New Modules

  • GetLocale - gets the locale of a Win32 MOSDEF Node.
  • disable_windows_firewall - Turns the Firewall off on a Windows machine useful for bouncing.
  • brightstor_cmdexec - CVE-2008-4397 (automatically runs a MOSDEF callback using the CANVAS TFTP service)
  • ie_dumpfiles - CVE-2010-0255 - downloads files off an IE client, assuming they can talk to your SMB server.


CANVAS’s GUI is now partially localized. If run on a locale such as Chinese or Japanese CANVAS will automatically display localized information. Feel free to send us better translations, of course. We will be working to extend and enhance this in the future. A bug that prevented CANVAS from starting in multi-byte directories has been fixed as well.

Likewise, internal functions have largely been replaced with Unicode-friendly functions. This means the file browser, dir, chdir, getcwd(), and piped commands (Listener Shell) will work much better on non-English Windows.

"quit" works better from the commandline.

The default behavior if CANVAS cannot narrow down the language pack of a remote Windows is now "not to attack it". Previously it was "Assume it is English". This can be changed via the configuration module or as a MassAttack2 option.

Various bugs in reporting were also fixed.

Post scriptum

Compliance Mandates


Related Articles

Penetration testing & Ethical Hacking