Gary Jones
Gary Jones
SprayingToolkitPassword SprayingnmaprdesktopCybersecurity

Exploiting Misconfigurations with SprayingToolkit

Exploiting Misconfigurations with SprayingToolkit
0 views
3 min read
#SprayingToolkit#Password Spraying#nmap#rdesktop#Cybersecurity
Table Of Content

Exploiting Misconfigurations with SprayingToolkit

Situation:

This exercise focused on exploiting infrastructure misconfigurations in artstailor.com to gain system access. The tasks involved using the SprayingToolkit for a password spraying attack, discovering misconfigurations in the pfsense firewall, and forwarding RDP connections to achieve remote desktop access.

Obstacles:

  1. User Enumeration: Creating a valid list of usernames required research and educated guesses.
  2. Firewall Credentials: Gaining access to the firewall depended on the discovery of default credentials.
  3. Port Misconfigurations: Identifying and exploiting open ports required thorough scanning and analysis.

Actions Taken:

  1. User Credential Discovery:
    • Created a username.txt file based on themes from the cast of the show Invincible.
    • Compiled a passwords.txt file of simple, demographic-appropriate passwords.
    • Used atomizer.py from the SprayingToolkit to perform a password spraying attack on https://mail.artstailor.com.
    • Discovered valid credentials: s.wilkins:Fall2021.
  2. Port Scanning:
    • Conducted an nmap scan to identify open ports on innerouter.artstailor.com.
    • Found ports 443 and 8443 open for HTTPS services.
  3. Firewall Access:
    • Accessed the pfsense firewall login page at innerouter.artstailor.com:8443.
    • Logged in using the default credentials (admin:pfsense) and modified settings to allow remote desktop protocol (RDP).
  4. RDP Redirection:
    • Forwarded the connection from innerouter.artstailor.com to the internal IP 10.70.184.39 on the RDP port.
    • Successfully accessed the remote desktop of costumes.artstailor.com using rdesktop.

Results:

  1. Misconfigurations Identified:
    • Default Credentials: The pfsense firewall was accessible using default admin credentials.
    • Open Ports: Ports 443 and 8443 were misconfigured, allowing external access.
    • Weak Passwords: Simple, predictable passwords enabled the password spraying attack.
  2. System Access Achieved:
    • Gained valid user credentials (s.wilkins:Fall2021).
    • Accessed the remote desktop of costumes.artstailor.com.
  3. Critical Vulnerabilities:
    • Misconfigured firewall allowed unauthorized users to modify critical settings.
    • Open ports and weak passwords exposed the system to external threats.

Tool Purpose Overview:

SprayingToolkit:

  • A Python-based tool used to perform password spraying attacks, testing common credentials across a list of usernames.

atomizer.py:

  • A specific module within the SprayingToolkit used for executing targeted password spraying.

nmap:

  • A network scanning tool used to identify open ports and services on the target system.

rdesktop:

  • A remote desktop client used to connect to the compromised system.

Recommendations:

  1. Firewall Security:
    • Change default pfsense credentials to unique, strong passwords.
    • Disable or restrict external access to ports 443 and 8443.
  2. Enforce Strong Password Policies:
    • Require passwords to be at least 12 characters long with mixed-case letters, numbers, and symbols.
    • Avoid demographic-appropriate passwords or common seasonal terms.
  3. Regular Vulnerability Scans:
    • Conduct routine scans to identify open ports and misconfigurations.
  4. User Awareness Training:
    • Educate users on the importance of strong password practices to prevent credential-based attacks.

View PDF Document