- #Solar winds ssh full#
- #Solar winds ssh series#
We could go deeper and look for some sort of API abusement, overflows or format strings.
There is a 3 non-common open port (37892, 37890, 37891) Pentester Comment: I believe those ports are used for communication between agents and server. We could look for /manager/ path for known attacks such as war deploy etc. Pentester Comment: Most of the product are using 80 and 443 to redirect user to 80. There is number of web management interface running on 80, 443, 8080, 8443. Here is the initial attack vectors we had planned to continue with: |_ssl-date: T11:32:53+00:00 -1s from scanner time.Ĩ080/tcp open http Apache Tomcat/Coyote JSP engine 1.1Ĩ443/tcp open ssl/https-alt Apache-Coyote/1.1 | Signature Algorithm: sha512WithRSAEncryption | Issuer: commonName=SWI LEM CA/organizationName=SolarWinds/stateOrProvinceName=Texas/countryName=US | ssl-cert: Subject: commonName=swi-lem/organizationName=SolarWinds/countryName=US |_http-title: SolarWinds Log & Event Manager |_ Supported Methods: GET HEAD POST OPTIONS ➜ ~ nmap -sS -A -p -version-all 12.0.0.154 -Pn -nĢ2/tcp open ssh OpenSSH 5.5p1 Debian 6+squeeze8 (protocol 2.0) #Solar winds ssh full#
Like every pentester do, we performed a full network scan on selected IP address. Performing Full Nmap and Deciding Initial Attack Vectors We detected a web interface during the network scanning and then our journey has begun. In this article, I will share the details how I’ve got root access to the SolarWinds Log & Event Management product.
#Solar winds ssh series#
This is the fourth article of my article series called as “Unexpected Journey” which all of them focused on different SIEM products. By time goes, I’ve found myself more focusing on SIEM product during penetration test.
0 kommentar(er)
