Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: RE: Kaseya

RE: Kaseya

From: Utz, Ralph <rutz_at_realtime-it.com>
Date: Tue, 27 May 2008 14:38:51 -0500

Well, from what I understand it gather's it's data by ping scanning the
network and referencing the results to it's database of PCs that it's
agent is installed on. If there is an IP that isn't in the database
that comes up hot, it trys to access the IPC$ share I believe. If it
can access it, it flags it as a Windows box and trys to install it's
agent on the device. If not, it leaves it and moves on.

Weaknesses that stand out to me are 2 things. One being that depending
on how often you have the appliance set to scan and how old your network
gear is, it could flood your network. Two being that in order to access
the IPC$ share on all the machines, you have to use a domain account
that has rights to install software on the machine. Most times this
ends up with the MSP requiring a domain admin account because no one
wants to fool with delegating permissions.

So in theory, you have an appliance that floods your network with pings
and possible clear txt attempts at using a domain admin account.

-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com]
On Behalf Of M.B.Jr.
Sent: Saturday, May 24, 2008 2:01 PM
To: pen-test list
Subject: Kaseya

Hello list,
there's this infrastructure tool set for automating managed services,
named Kaseya (proprietary technology).

Basically, the managed-services-provider controls one of his customers'
remote LANs with two intercommunicating "appliances":

  * a Kaseya dedicated server located at the MSP data center; and

  * a "probe" equipment at the remote LAN.

The audit team to which I belong is about to examine the probe-featured
LAN.
Right now, we're researching whether this "solution" can cause the LAN
some weaknesses; the resulting research's report is going to shape the
logical tests.

So, the question is (I guess):
does anyone know of any Kaseya-enhanced LAN security
implication/vulnerability?

Thank you,
yours sincerely, 

--
Marcio Barbado, Jr.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
The information in this email and in any attachments is confidential and may be privileged. 
If you are not the intended recipient, please destroy this message, delete any copies held 
on your systems and notify the sender immediately. You should not retain, copy, or use this 
email for any purpose, and any review or other use of this information by persons or 
entities other than the intended recipient or any retransmission without the written consent 
of the sender is expressly prohibited.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes 
in Securing Web Applications  
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on May 28 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos