Posts

#OMIGOD - CVE-2021-38647

Image
Hello All, In this blog post, we will explore the Unauthenticated Remote Code Execution vulnerability discovered by the WIZ team in Azure Open Management Infrastructure (OMI) application that was assigned a CVE ID - CVE-2021-38647. The blog post published by the WIZ team contains all the details that are required to exploit the vulnerability if a vulnerable instance is available. While reading the blog post, we thought of reproducing the scenario and create some quick PoC to exploit the vulnerability. We are releasing Proof of Concept (PoC) code in PowerShell & Python. The PoC code is published on the Github repo . About Azure Open Management Infrastructure (OMI) OMI is a UNIX/Linux application installed on the Azure UNIX/Linux VM that allows users to manage the machine & configuration remotely & locally. It is equivalent to Windows WMI that uses the Common Information Model (CIM). It runs with root privileges. The OMI application gets installed automatically when service

Abusing Resource-Based Constrained Delegation (RBCD) using Linux

Image
Hello All, In this post we will discuss on how to perform Resource-Based Constrained Delegation (RBCD) attack from an Linux machine to be specific we will use Kali Linux as an attacker machine. RBCD attacks is already been explained in detailed by  Will Schroeder ,  Elad Shamir  &  Dirk-jan Mollema  in their blog posts.  What is Resource-Based Constrained Delegation (RBCD) ? In Windows Server 2012 Microsoft introduced a new type of delegation wherein the Service Administrators or Owner of the resources are allowed to configure which accounts are trusted to delegate to them. As per the Microsoft Docs this can also be configured across the domains.  This also shifts the decision of whether a server should trust the source of a delegated identity from the delegating-from domain administrator to the resource owner. Access is controlled by the security descriptor on the target resource instead of an list of SPN records. The security descriptor are stored in  msDS-AllowedToActOnBehalfOf

Process Injection Tool Updates

Image
Hello All, In the post I will highlight few updates that are made to improve the code base & add long pending features to the Process Injection Tool that I wrote for learning about various Process Injection techniques and to enhance my knowledge about C# and Windows API. The tool for process injection can be found on my Github. https://github.com/3xpl01tc0d3r/ProcessInjection New Features: 1) Encryption - Added XOR & AES encryption support with custom key that needs to be passed to decrypt the shellcode at runtime. To encrypt the shellcode I have wrote another tool Obfuscator . I have wrote another short blog post for Obfuscator tool that can be found here . The tool currently only supports XOR & AES encryption. Obfuscated shellcode might help operator's to evade static detection while trying to inject the shellcode into remote process.  Required parameters to leverage Encryption: /enc  : This parameter is used to specify the encryption type(xor or aes). /key : This pa

Introduction to Obfuscator

Image
Hello All, In this post I will provide you an overview about the new tool that I wrote to encrypt the shellcode using XOR & AES encryption. This tool has been written to support the new features added to the process injection tool that I wrote for learning about various Process Injection techniques and to enhance my knowledge about C# and Windows API.  The tool for process injection can be found on my github repo https://github.com/3xpl01tc0d3r/ProcessInjection The tool Obfuscator can also be found on my github repo https://github.com/3xpl01tc0d3r/Obfuscator What is encryption ? In cryptography, encryption is the process of encoding information.This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Only authorized parties can decipher a ciphertext back to plaintext and access the original information. What is shellcode ? Shellcode is a set of instructions that executes a command in the software to take