Kang Asu
BADministration - Tool Which Interfaces with Management or Administration Applications from an Offensive Standpoint
BADministration is a tool which interfaces with management or administration applications from an offensive standpoint. It attempts to provide offsec personnel a tool with the ability to identify and leverage these non-technical vulnerabilities. As always: use for good, promote security, and fight application propagation.
Sorry for using python2.7, I found a lot of the vendor APIs would only run on 2.7 and I'm not experienced enough to mix and match python versions.
Application Propagation
In my opinion, we often do a fantastic job of network segmentation and we're starting to catch on with domain segmentation; however, one area I often see us fall down is application segmentation. Application segmentation is similar to network segmentation in that we're trying to reduce the exposure of a critical zone from a less trusted zone if it were to become exploited. Administration applications often have privileged access to all its clients, if an attacker lands on that administration application there is a good chance all the clients can become exploited as well. Application segmentation tries to ensure that server-to-client relationships don't cross any trust boundaries. For example, if your admin network is trust level 100 and it's administered by your NMS server, your NMS server should be considered trust level 100.
References
- https://www.codeproject.com/Articles/716227/Csharp-How-to-Scan-a-Process-Memory
- http://www.exploit-monday.com/2012/03/powershell-live-memory-analysis-tools.html
- https://stackoverflow.com/questions/46440950/require-and-option-only-if-a-choice-is-made-when-using-click/46662521
Installation
There will be a collection of python scripts, exes, and who knows what; for the central python module it's pretty simple
pip install -r requirements.txt
Current Modules
Solarwinds Orion
- solarwinds-enum - Module used to enumerate clients of Orion
- solarwinds-listalerts - Lists Orion alerts and draws attention to malicious BADministration alerts
- solarwinds-alertremove - Removes the malicious alert
- solarwinds-syscmd - Executes a system command on the Orion server via malicious alert
- Standalone x64 4.5 .NET BADministration_SWDump.exe - Scrapes memory for WMI credentials used by Orion.
- Can consume large amounts of memory, use at your own risk
- Compile me as x64
Check us out at
Regards
Kang Asu
No comments:
Post a Comment
# Silahkan berkomentar, bertanya dan kritik dengan sopan
# Disini anda boleh menyisipkan Link di kolom komentar
# Tetapi akan saya moderasi atau Review terlebih dahulu tiap komentar
# Jangan sampai komentar anda mengandung SPAM.
# Terima Kasih - Regards Muhammad Sobri Maulana