Red Team Tales 0x02: from SQLi to Domain Admin

By |2 Nov. 2018|

One of the activities included in the operation of the Tarlogic Red Team is the search for vulnerabilities in the software used by our clients. Sometimes this activity involves the discovery of 0-days as we have verified in articles previously published in the blog (OCS Inventory, Cobian Backup, OpenText TempoBox...). In other cases, the vulnerability is well known and public so it is only necessary to make effective its exploitation. In this article we will talk about an exercise where a well-known vulnerability (with CVE assigned) has been exploited, but for which however there are no public details of its exploitation. The reverse engineering process followed to achieve a functional exploit will be described. As a final result, the exploitation of this vulnerability ...