About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Vulnerabilities in McAfee ePolicy Orchestrator- 334

Mikhail Klyuchnikov - PTSecurityPosted 5 Years Ago
  • McAfee ePO is software that helps IT administrators unify security management across endpoints, networks, data, and compliance solutions from McAfee and third-party solutions.
  • The bugs for this were not very unique; but, the chaining of these bugs was quite interesting. All of the issues come from an API that checks the validity of a database connection.
  • First, there is a CSRF bug in this API (just NO protections at all).
  • The second issue is that if the connection request ONLY has the host and the port the credentials are automatically reused. Using this and specifying the host, we can man-in-the-middle (MitM) the connection; this acts as a SSRF bug! The connection also has test database commands being ran.
  • To tie this all together, we can use the CSRF to send the request to OUR server and change the connection information. Now, with this MitM, we can change the SQL command. Finally, use this to execute arbitrary commands on the server.
  • The final (unrelated to the chain) bug was zip functionality. Most zip CLI tools prevent directory traversal. However, a lot of processing libraries in languages do not. By using this, it was possible to write arbitrary files to arbitrary locations.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed