Pentesting for undisclosed company. Let's call them X as to not get us into trouble.
We are students and are doing our first pentest at an actual company instead of assignments at school. So we're very anxious. But today was a good day.
We found some servers with open ports so we checked a few of them out. I had a set of them with a bunch of open ports like ftp and... 8080. Time to check this out.
"please install flash player"... Security risk 1 found!

System seemed to be some monitoring system. Trying to log in using admin admin... Fucking works. Group loses it cause the company was being all high and mighty about being secure af. Other shit is pretty tight though.

Able to see logs, change password, add new superuser, do some searches for USERS_LOGGEDIN_TODAY! I shit you not, the system even had SUGGESTIONS for usernames to search for. One of which had something to do with sftp and auth keys. Unfortunatly every search gave a SQL syntax error. Used sniffing tools to maybe intercept message so we could do some queries of our own but nothing. Query is probably not issued from the local machine.

Tried to decompile the flash file but no luck. Only for some weird lines and a few function names I presume. But decompressing it and opening it in a text editor allowed me to see and search text. No GET or POST found. No SQL queries or name checks or anything we could think of.

That's all I could do for today. So we'll have to think of stuff for next week. We've already planned xss so maybe we can do that on this server as well.

We also found some older network printers with open telnet. Servers with a specific SQL variant with a potential exploit to execute terminal commands and some ftp and smb servers we need to check out next week.

Hella excited about this!

If you guys have any suggestions let us know. We are utter noobs when it comes to this.

  • 2
    Try a good old SQL injection in the search boxes.
  • 1
    @PrivateGER I didn't mention it but we did. Sadly without any results.
  • 2
    I hope you are very careful.

    Pentesting can lead to serious damage.

    There things I would check:

    Is there anything file related using a string? Something like zoom?img=pvwxyz
    Try to pass anything here and be creative, e.g. '../../etc/passwd' or Something like that...

    If u spot numeric Input, check for over/underflows (negative values, values outside 64 bit range...) and in case of timestamps / date values for Impossiblities (Shift year, 2 to 3 o clock on Dates where time changes from summer to winter time....) or rounding errors/international behaviour for time / float values.

    Last - Check what happens in case of nonsense data.
  • 0
    @IntrusionCM we are aware of can do some real damage. That's why we don't do things we thing can have an impact, like stop a service or change a password. We're in a production enviornment with sensitive data. I'm not pressing any button or execute any command if I'm not certain it won't do any harm.

    Those are some good suggestions and I will definitely try them if they haven't patched it up by next week. Thanks.
  • 1
    You have a new subscriber.
  • 1
    @-ANGRY-CLIENT- thanks man! :)
    Don't expect too much though. This company thing is only for a few weeks. Then there's just a smaller project for school and then nothing until next school year.
Add Comment