The result of our experimentation: Three vulnerabilities were identified that led to the full compromise of our customer’s network infrastructure. Our curiosity increased when we realized that Domain Admin accounts, SSH keys, Linux root passwords and all the “juicy stuff” one normally finds in a password vault is stored on a Lansweeper server. ![]() At first, we were doubtful that explanation would hold up to scrutiny. According to him, a recent update must have reset the login permission on the dashboard. Our customer was actually shocked and swore that he had configured only Domain Admin access on this Web interface. We were fairly surprised during this test when we were able to access Lansweeper 5’s dashboard with a regular user account. Lansweeper is an inventory software that scans your network in order to gather system information such as patch level, network interfaces, resources status, etc. However, in one of these rare cases while performing an internal penetration test for a client, we had to do so. As a penetration testers, we rarely have to find ‘zero day’ vulnerabilities or perform ‘bug hunting’ in order to compromise Windows Active Directory Domains.
0 Comments
Leave a Reply. |