8000

Barracuda Storage Server running 6.5.

I tried to enumerate this CMS and possibly get a shell since at some point I had Admin and write access to the /fs/ folder.

After setting up the administrator account for the CMS.

I noticed that the application was speaking in lsp rather than php or asp or aspx.

I tried grabbing a lsp reverse shell on this little dashboard but I was still unable to.

I think by this time I started to get a little bit frustrated since I was not able to come up with anything else. I believe this was a rabbit hole inteded to drain time. I think I will benefit in setting up a timer in enumerating certain websites or services. I will say "I will dedicate 20 minutes per exploit, if it does not work, it means it was not the intended way."

Moreover I was able to find a notable exploit for the future once I gain foothold.

BarracudaDrive v6.5 - Insecure Folder PermissionsExploit Database

This exploit has insecure file permissions which means that I am able to overwrite it with a malicious .exe payload and upon restarting the application I will be able to get a shell as the administrator.

PreviousgoBuster Next44330

Last updated 2 years ago