Wednesday, January 30, 2008

PIX/ASA Finesse 7.1 & 7.2 Privilege Escalation

I was trying to get into admin mode without the enable password during a penetration test and i came across a post by Terry where he describes a designing flaw in the PIX/ASA Finesse Operation System, version 7.1 and 7.2. Well, it was possible to escalate a normal level 0 user to a level 15 privilege user. The exploit is simple and it only works locally, at the console and remotely with Telnet. However, do note that it will NOT work if SSH, TACACS or Radius is implemented in the firewall. Below are the steps.

1. Login with your user level 0 account. Once logon, you will be prompted to enter the enable password which is the privilege password.

2. At this prompt if you move your cursor forward with a space or character(it doesn't matter if there are more then one), and then proceed to delete any spaces or characters, by holding down the backspace a second after deleting the last character it should immediately drop you into level 15 privilege-exec mode.

It had been tested on PIX 515E, Finesse version 7.2 and i had also tested it on the PIX 525.

The Hacka Man

Wednesday, January 16, 2008

Web Attacker Toolkit

Sorry for the lack of updates. Been roaming around for the past 2 months and felt a little lazy in updating my blog. i was reading news on the internet today and i read something about a hacking toolkit that was able to compromise thousands of webservers and that caught my attention. Well, apparently the tool called the "Web Attacker Toolkit" can be bought from the Russian hacking group called Inex-Lux for a cheap price. All unpatched IE and Firefox browsers can be compromised, with a trojan silently being installed into the local PC without user knowing it. Once a trojan is installed, the game is over. After reading the news, of course i have upgraded my IE and my Firefox to the latest version to avoid any exploitation. Check out those three links below:

http://www.informationweek.com/news/showArticle.jhtml?articleID=186700539

http://www.websense.com/securitylabs/alerts/alert.php?AlertID=472

http://informationweek.com/news/showArticle.jhtml?articleID=205603044

The Hacka Man