9/21/2023 0 Comments Solar winds ssh![]() ![]() Regardless of how an attacker gains access to the Accounts table, the easiest approach to gaining access is to backup the existing hash, then replace the PasswordHash column for an enabled administrative user. If the attacker has local administrator access to the Orion server, they can modify the Accounts table using the Orion Database Manager GUI application. If direct access to the SQL Server database for Orion is possible, a modification to the Accounts table will allow for easy access to the console. An attacker that can man-in-the-middle the SQL Server communication can use this to login to the Orion web console with an arbitrary password by replacing the password hash when the web server queries the Accounts table during login. An attacker can then monitor network traffic between the Orion server and a separate SQL Server instance, extracting hashed user passwords and encrypted network device credentials. The Orion product is typically managed from the web console this can use a local account database or an existing Active Directory service. Gaining access to the web console without a login Since the Orion server houses credentials and can often be used to push and pull network device configurations, it can be a gold mine for expanding access during a penetration test. ![]() An Orion system used to manage a large network will typically use a standalone SQL Server installation, while smaller networks will use a local SQL Server Express instance. The Orion product uses a Microsoft SQL Server backend to store information about user accounts, network devices, and the credentials used to manage these devices. We found some fun ways to abuse this product during security tests and wanted to share our notes with the community. ![]() The Orion platform includes modules such as the Network Engineers Toolkit, Web Performance Monitor, and Network Configuration Management, among many others. The SolarWinds Orion product suite in particular is popular with network administrators and IT teams of all sizes. We run into a wide variety of network management solutions during our security assessments and penetration tests. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |