Showing posts with the label vulnerabilities

Attacking The Network's Security Core - Hunting For Vulnerabilities In A Network Security Tool

A network can only be as secure as the tools used to secure it Overview This is Part 1 in a 4 part series about my process hunting for vulnerabilities in a network auditing tool (used to protect networks by detecting and fixing security holes) and fully exploiting one of the vulnerabilities I found. I recommend reading the series in ascending numeric order. Links to parts 2, 3, and 4 at the end of this post. Target 🎯 I decided to look for (and successfully found) vulnerabilities in network security tool, as a vulnerability in such a tool could allow attackers to hide themselves in an otherwise secure network, or even be exploited for lateral movement. One such network security tool that came to mind is Nipper-ng , a firewall security auditing tool and firewall configuration parser. In addition to being a security product itself, Nipper-ng is used behind the scenes in other security products such as ManageEngine's OpManager and Firewall Analyzer . The tool is also inclu

CVE-2019-12181 Serv-U Exploit Writeup

Tl;dr: I found a privilege escalation 0day ( CVE-2019-12181 ) in the Serv-U FTP Server through command injection. POC code available here Target 🎯 I searched for a program that isn't too niche and market specific that it hasn't had time to develop its security. Yet, I didn't want to commit long months of research to find a vulnerability in an extremely popular program that has already been reviewed by many security researchers. I came across Serv-U FTP Server from shodan and decided to pursue this target after seeing the respectable number of over 168,000 instances running worldwide exposed to the Internet. As its name suggests, Serv-U FTP Server is an FTP server; but it also has a web interface for easy file management and a web admin interface. Serv-U is available both for Linux and Windows. On Linux, the ftp server is a SUID executable and runs as root. Therefore, even an attack that can only be executed locally is still a threat as it will giv

What Is A Software Vulnerability?

tl;dr In the broadest sense, a software vulnerability is a flaw that allows the vulnerable system to perform unplanned actions . Examples of the results of these unplanned actions include, sensitive information disclosure (example) , denial of service (DOS) (example) , authentication bypass (example) , and most dangerously, full takeover of a system (aka RCE) (example) by a malicious attacker. Formal Definitions According to ENISA (European Union Agency for Network and Information Security) a vulnerability is, " The existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event" ( reference ). According to  NICCS (National Initiative for Cybersecurity Careers & Studies) a vulnerability is , " Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur " ( reference ). The definitio