Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: Kaseya

Re: Kaseya

From: M.B.Jr. <marcio.barbado_at_gmail.com>
Date: Thu, 29 May 2008 14:37:08 -0300

Dear Ralph,

On 5/27/08, Utz, Ralph <rutz_at_realtime-it.com> wrote:
> Well, from what I understand it gather's it's data by ping scanning the
> network and referencing the results to it's database of PCs that it's
> agent is installed on. If there is an IP that isn't in the database
> that comes up hot, it trys to access the IPC$ share I believe. If it
> can access it, it flags it as a Windows box and trys to install it's
> agent on the device. If not, it leaves it and moves on.

Your IP theory fails for dhcp LANs.

Kaseya's basic end-to-end connectionless protocol seems to go like this:
in the first moment at least, the MSP's Kaseya server acts as a
receiver for redundant, say, datagrams, that is, one-way-incoming
signals (from the MSP's perspective).
The Kaseya server feedback's not mandatory but once it's given, the
following would be formed of signals/requests with "Hello again, I'm
still here, wanna manage me and/or synchronize additional stuff?"
messages from its agents.
So far, our guessing is that the referred model would be less related
to network resiliency =)
Fourier would say this repetitive one-way-unicasting profusion (from
the customers' perspective) is a waste of energy, only.

Best regards,

> Weaknesses that stand out to me are 2 things. One being that depending
> on how often you have the appliance set to scan and how old your network
> gear is, it could flood your network. Two being that in order to access
> the IPC$ share on all the machines, you have to use a domain account
> that has rights to install software on the machine. Most times this
> ends up with the MSP requiring a domain admin account because no one
> wants to fool with delegating permissions.
>
> So in theory, you have an appliance that floods your network with pings
> and possible clear txt attempts at using a domain admin account.
>
>
> -----Original Message-----
> From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com]
> On Behalf Of M.B.Jr.
> Sent: Saturday, May 24, 2008 2:01 PM
> To: pen-test list
> Subject: Kaseya
>
>
> Hello list,
> there's this infrastructure tool set for automating managed services,
> named Kaseya (proprietary technology).
>
> Basically, the managed-services-provider controls one of his customers'
> remote LANs with two intercommunicating "appliances":
>
> * a Kaseya dedicated server located at the MSP data center; and
>
> * a "probe" equipment at the remote LAN.
>
> The audit team to which I belong is about to examine the probe-featured
> LAN.
> Right now, we're researching whether this "solution" can cause the LAN
> some weaknesses; the resulting research's report is going to shape the
> logical tests.
>
> So, the question is (I guess):
> does anyone know of any Kaseya-enhanced LAN security
> implication/vulnerability?
>
> Thank you,
> yours sincerely,
>
>
> --
> Marcio Barbado, Jr.
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes
> in Securing Web Applications
> Find out now! Get Webinar Recording and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
>
>
>
> The information in this email and in any attachments is confidential and may be privileged.
>
> If you are not the intended recipient, please destroy this message, delete any copies held
>
> on your systems and notify the sender immediately. You should not retain, copy, or use this
>
> email for any purpose, and any review or other use of this information by persons or
>
> entities other than the intended recipient or any retransmission without the written consent
>
> of the sender is expressly prohibited.
>
>
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes
> in Securing Web Applications
> Find out now! Get Webinar Recording and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
> 

-- 
Marcio Barbado, Jr.
"In fact, companies that innovate on top of open standards are
advantaged because resources are freed up for higher-value work and
because market opportunities expand as the standards proliferate."
Scott Handy
Vice President Worldwide Linux and Open Source, IBM
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes 
in Securing Web Applications  
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on May 29 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos