8000
Last updated
Last updated
Barracuda Storage Server running 6.5.
I tried to enumerate this CMS and possibly get a shell since at some point I had Admin and write access to the /fs/ folder.
After setting up the administrator account for the CMS.
I noticed that the application was speaking in lsp rather than php or asp or aspx.
I tried grabbing a lsp reverse shell on this little dashboard but I was still unable to.
I think by this time I started to get a little bit frustrated since I was not able to come up with anything else. I believe this was a rabbit hole inteded to drain time. I think I will benefit in setting up a timer in enumerating certain websites or services. I will say "I will dedicate 20 minutes per exploit, if it does not work, it means it was not the intended way."
Moreover I was able to find a notable exploit for the future once I gain foothold.
This exploit has insecure file permissions which means that I am able to overwrite it with a malicious .exe payload and upon restarting the application I will be able to get a shell as the administrator.