Exploiting e-mail sandbox

Exploiting e-mail sandbox Exploiting e-mail sandbox - Start
myesha-ticknor

myesha-ticknor

2020-04-06 0K 0 0 0

Description

backdoor it with one evil e-mail. Nikolay Klendar. b. sploit gmail.com. Head of IT Security at . Offensive Security Certified Expert. Not a bug hunter. Hobbies:. programming. kitesurfing, snowboarding. ID: 776158 Download Presentation

Embed code:
php setting hidden security php setting hidden security network url analysis admin sandbox report ddei detections export multiple rces
Download Presentation

Exploiting e-mail sandbox




Download Presentation - The PPT/PDF document " Exploiting e-mail sandbox" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.



Presentations text content in Exploiting e-mail sandbox

Slide1

Exploiting e-mail sandbox

backdoor it with one evil e-mail

Nikolay Klendarbsploit gmail.com

Slide2

Head of IT Security at Offensive Security Certified ExpertNot a bug hunterHobbies:programmingkitesurfing, snowboarding

Who am I

Slide3

DDEI Implementation scheme

Access to Web UI could be restricted

Slide4

Source Code Analysis

Slide5

WhiteBox

Analysis. Admin UI RCE

Conditions:No authentication requiredNo CSRF protection

Slide6

Multiple RCEs

/hidden/firewall_setting/firewall_setting.php/hidden/db_export/db_export.php/hidden/network_dump/php/network_dump.php/hidden/kdump/php/kdump_setting.php/hidden/url_extract/url_extract.php/hidden/url_filter/url_filter.php/hidden/postfix_setting/postfix_setting.php/admin/php/network_setting.php/report/report_ui/php/report_setting.php

/

usandbox

/

import_native_sandbox.php

/

php

/

screenshot.php

/

php

/

syslog_setting.php

/

detections/

download_pdf.php

/detections/

write_new_html_with_svg.php

get_filesize.php

ajax_checklicense_AC.php

Slide7

Potential vectors of compromise

Direct

request from management

network

Place

<img src=“https://ddei/vuln_script.php”> at own site and wait for

admin

Something

more interesting?

Slide8

GrayBox Analysis. HTML injection

Slide9

Possible attack scenario

1

.

Attacker:

creates

an

email with malicious content (link or

attachment

) and puts exploit in

to subject

2. Admin: opens Dashboards

-

>Trends tab. Exploit runs without additional

user interaction

3. Reverse shell from

SandBox

to attacker C&C

=> full compromise with root privileges

Slide10

Connecting Sandbox to C&C

Slide11

Critical Patch

https://

success.trendmicro.com/solution/1116750-security-bulletin-multiple-vulnerabilities

-in-trend-micro-deep-discovery-email-inspector-ddei-2-5

Slide12

Conclusion

16 RCEs with CVSS 10 were reported and confirmed by vendorHarden even security systemsImplement source code analysis in SDLC

Join to HCFB security team: bsploit gmail.com

About DocSlides
DocSlides allows users to easily upload and share presentations, PDF documents, and images.Share your documents with the world , watch,share and upload any time you want. How can you benefit from using DocSlides? DocSlides consists documents from individuals and organizations on topics ranging from technology and business to travel, health, and education. Find and search for what interests you, and learn from people and more. You can also download DocSlides to read or reference later.
Tags
Science and technologies Online Teaching Workshop Refugees World Issues Politics Movies Animation Music Recreation