d3d ^ is a freelance security researcher (among other things) that ❤ exploit development, bug hunting, and writing offensive security tools.

Exploit Public-Facing Applications

1 min read

In this post, I am going to go over a real world example of how public facing applications are attacked. This is a very common attack, and requires constant monitoring to avoid a possible data breach or compromise.

The MITRE ATT&CK Framework describes the attack as follows:

The use of software, data, or commands to take advantage of a weakness in an Internet-facing computer system or program in order to cause unintended or unanticipated behavior. The weakness in the system can be a bug, a glitch, or a design vulnerability.

To show how exploiting a public-facing application works, I am going to create a scenario in which a target is using WordPress to host their company blog.

Scenario

The attacker was tasked to compromise the public facing WordPress website.

Attacker perspective:

Since the target is running WordPress, the attacker will usually check if the server is vulnerable to any of the publicly released vulnerabilities before moving onto manual investigation. The tool WPScan will run a security probe against the target WordPress server to quickly let the attacker know if anything looks interesting. In this specific scenario, the web development team at the target company was late to upgrade WordPress to its latest version, thus leaving open an opportunity for a RCE (Remote Code Execution) attack by using CVE-2016-10033.

The team at legalhackers.com describes CVE-2016-10033 as follows:

An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application.

To exploit the vulnerability an attacker could target common website
components such as contact/feedback forms, registration forms, password
email resets and others that send out emails with the help of a vulnerable
version of the PHPMailer class.

If you want to know more about this exploit, the guys over at legalhackers.com did a good write-up located here.

d3d ^ is a freelance security researcher (among other things) that ❤ exploit development, bug hunting, and writing offensive security tools.

Hardware Additions

In this post, I am going to go over a real world example of how hardware additions are used to assist operators in creating...
d3d
42 sec read

Drive-by Compromise

In this post, I am going to go over a real world example of how a drive-by attack works to exploit a target user’s...
d3d
1 min read

Leave a Reply

Your email address will not be published. Required fields are marked *