A vulnerability on the ThingsBoard IoT platform is discovered, where a normal user’s privileges can be escalated, by doing a simple post with an additional header, and exploiting the associated flaws, to take control over the entire platform and related accounts. Upon reporting of the vulnerability to the vendor, it was quickly resolved.
Phishing: Better Proxy than Story
| OUTPOST24
Social engineering is the art of manipulating people, so that they give up confidential information or perform an action you ask them to do. Read and learn first hand how modern phishing works to trick victims into giving up their credentials, bank information or computer access to secretly install malicious software.
To trick recipients of phishing emails into clicking, you want a domain name that looks very close to the original. You can manually start pondering on what would be great and not-too-obvious domains that look similar...
During an internal penetration test earlier this year, we got ourselves access to a couple of Windows workstations. Fully patched Windows 10 machines, from which we had to try and find a way to escalate our privileges to a user with higher privileges.
Our goal was to escalate our access all the way to Domain Admin, so that we could achieve the objective for this project as set out by the customer. We tried working our way through the internal network by identifying alive hosts, enumerating potential exploitable network services and obtaining credentials but with no luck. We found ourselves stuck on this one host, so decided to dive all the way into the rabbit hole.
This module exploits a vulnerability in IBM's WebSphere Application Server identified by CVE-2015-7450. An unsafe deserialization call of unauthenticated Java objects exists to the Apache Commons Collections (ACC) library, which allows remote arbitrary code execution.