[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] backdoors in spamtitan

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] backdoors in spamtitan
From: yello man <yelloman7@xxxxxxxxxxx>
Date: Tue, 15 Oct 2013 04:16:02 +0000

a few month ago backdoors in barracuda was found

https://www.schneier.com/blog/archives/2013/01/backdoors_built.html
http://www.theregister.co.uk/2013/01/24/barracuda_backdoor/

apparently their competitor spamtitan was quick making fun of them

http://community.spiceworks.com/topic/294951-reported-backdoors-on-barracuda-appliances

without considering they had their own backdoors

the security of the product is a fucking joke, containing everything from 
authentication bypass to root exploits. there is really no hope, the developers 
didnt even try. they can patch those specific vulnerabilities, but have no idea 
what theyre doing. i only scratched its surface.

# cat /home/admin/.ssh/authorized_keys (ssh -l stadmin)
ssh-rsa 
AAAAB3NzaC1yc2EAAAADAQABAAAAgQCyREqWliqOnRZgB1B3V6b0x+bPJUfAU4dOzHCuGRI+D0r3Vv/wrs/6ssnm+AoH7/+PcICFVQdBcGxqLd8an9xOfDaEGuHd9e/Is4dR5dth8ZUp+zalC9rvrnu0nPNaQpJUlkRTEkNw0JZjHK0B6rtWjgM49Jgn3Twnl9i8g+YsjQ==
ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAIEAtl1th7MBswDC2U6VTYAJ6q4+D9UtCI2gahblYC5980bI/lnyRIA84UUEgeiOfzkaB8FrSZJ12r01/bNQIEagGrCGjHyCGGK0wjpxJMggRguaIFIQzNO6y6l4ZBKh+I8PycIXr0ed918D4di4rubSOGhMEp6ZEpImQ9BsWMagrBE=
 sean@xxxxxxxxxxxxxxxxxxxxxx
ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAIEAyc5wKKYYctH7QJ7SK2+21stuziDEkBCXvrIewbq4WH557sbJ9u6/5VTD1uEbYiw8fk+JvK9uRuRiz469ZXmjoBR52hAgDPvwxRMwSbMaceE9FllA6Xg1KKSAhq9oXwHepeUNp74BgmqRxyGHiRUZqST+E8M51mVvt/ZCecvZEgc=

# cat /root/master.password.orig
root:$1$LaCGzmLp$2dNXQ0N7wk8oxppWNsZRT/:0:0::0:0:Charlie &:/root:/bin/csh

and finally, there's a stsupport user in the web

psql> SELECT * FROM USERS;
 id | mailbox_id | priority | policy_id |   email   |   fullname    | user_name 
| user_level |     report_date     |             password
----+------------+----------+-----------+-----------+---------------+-----------+------------+---------------------+----------------------------------
  3 |          2 |        0 |         1 | stsupport | Support Admin | admin     
| S          | 2008-01-01 00:00:00 | fc4e859ffb9f54767a0026773b0583d9           
                          
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Critical vulnerabilities discovered in Gazelle and TBDEV.net
Next by Date: [Full-disclosure] remote root exploit in pineapp mail-secure
Previous by thread: [Full-disclosure] Critical vulnerabilities discovered in Gazelle and TBDEV.net
Next by thread: [Full-disclosure] remote root exploit in pineapp mail-secure
Index(es):
- Date
- Thread