Penetration Testing mailing list archives
Re: Kaseya
From: H D Moore <sflist () digitaloffense net>
Date: Wed, 28 May 2008 14:33:25 -0500
<0.02> If the "device" is actually a rogue SMB server, then it could proxy the domain authentication through to the real server, and gain shell access to the real server using the Kaseya account credentials. This is trivial to do with the Metasploit smb_relay module. This attack works on any software that authenticates to SMB services on rogue machines with domain admin credentials (Nessus, Retina, asset inventory systems, some system management tools, etc). The solution is mandatory SMB signing, which most orgs can't implement for a dozen other reasons. A workaround for vuln scanning software is to use a limited access account that can perform the vuln check, but isn't allowed write access to the file system or the Service Control Manager[1]. -HD </0.02> 1. http://www.nessus.org/documentation/nessus_domain_whitepaper.pdf On Tuesday 27 May 2008, Utz, Ralph wrote:
Well, from what I understand it gather's it's data by ping scanning the network and referencing the results to it's database of PCs that it's agent is installed on. If there is an IP that isn't in the database that comes up hot, it trys to access the IPC$ share I believe. If it can access it, it flags it as a Windows box and trys to install it's agent on the device. If not, it leaves it and moves on.
------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Kaseya M.B.Jr. (May 24)
- RE: Kaseya Shenk, Jerry A (May 26)
- RE: Kaseya Kevin Reiter (May 28)
- Re: Kaseya M.B.Jr. (May 28)
- Message not available
- Re: Kaseya M.B.Jr. (May 28)
- RE: Kaseya Shenk, Jerry A (May 26)
- RE: Kaseya Kevin Reiter (May 28)
- RE: Kaseya Utz, Ralph (May 28)
- Re: Kaseya H D Moore (May 28)
- Re: Kaseya M.B.Jr. (May 31)
- RE: Kaseya Kevin Reiter (May 29)
- Re: Kaseya H D Moore (May 29)
- Re: Kaseya M.B.Jr. (May 29)
- Re: Kaseya H D Moore (May 28)