After familiarisation with the web interface I found the “Backup” section, where you could backup and restore server configurations. Next, I decided to go for the web application. ![]() A backup to a root shell (CVE-2020-24046) I could inject flags and options to the ping and traceroute programs, but nothing interesting that allowed me to escape the console. I started with the network diagnostics menu to see what programs they allow you to run from there. The main menu allowed you to configure the network interfaces of the server, restart the web server and diagnose the network for connection problems. To investigate the SpamTitan solution further I needed more insight into the internals, so… challenge accepted: let’s escape from the jail. By default you can’t explore the file system of the machine as it only provides interaction via a Perl script (more on this later) displaying very limited functionality: The first thing you would see when you first access the SpamTitan appliance is that the default administrator user is running in a restricted console. I decided to have a look at the self-hosted format, so I downloaded the ISO, deployed using VMWare Workstation and launched it. After providing a corporate email, you can download an ISO with the most recent version of their appliance to test in your own infrastructure. SpamTitan provides their services in three formats: Cloud based, Private Cloud based, or self-hosted, installed using an ISO or VMware image. In this post I will detail some vulnerabilities I discovered that ultimately lead to the ability to have unauthenticated remote code execution. It has a lot of other features too as you could imagine from this type of product. As you could infer from the name of the product, this platform’s purpose was to detect Spam and or other malicious software sent via email. ![]() I recently tested an Internet facing Anti-Spam product called SpamTitan Gateway.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |