Conspiracy Revelation: 25.11.2020: Bajatax Smashed – 2nd Round – Bajatax Exploit zertrümmert – 2te Runde…
They call it also “ZEROLOGON”…
“Using a WordPress flaw to leverage Zerologon vulnerability and attack companies’ Domain Controllers:
October 7, 2020 By Pierluigi Paganini
Using a WordPress flaw (File-Manager plugin–CVE-2020-25213) to leverage Zerologon (CVE-2020-1472) and attack companies’ Domain Controllers.
Recently, a critical vulnerability called Zerologon – CVE-2020-1472 – has become a trending subject around the globe.
This vulnerability would allow a malicious agent with a foothold on your internal network to essentially become Domain Admin with just one click. This scenario is possible when communication with the Domain Controller can be performed from the attacker’s viewpoint.
Although communication with the internal network and Domain Controller can only be made on the intranet, many networks have weak policies and a bad architecture based on network segregation and segmentation, which allows, for example, that web servers – located at the DMZ – can also communicate internally with the internal network assets and with the Domain Controllers. In detail, network segmentation involves partitioning a network into smaller networks; while network segregation involves developing and enforcing a ruleset for controlling the communications between specific hosts and services.
In order to take advantage these potential flaws, external agents have abusing a vulnerability in File-Manager plugin – CVE-2020-25213 that allows the execution of arbitrary code on the server-side (RCE vulnerability). Figure 1 below emphasizes the problem here explained.
Figure 1: Workflow diagram from black-box exploitation to Domain Controller hashes NTLM dumped via CVE-2020-25213 and CVE-2020-1472.
According to WordFence, on September 4th, 2020, were recorded attacks on over 1.7 million sites, and by today, September 10, 2020, the total number of sites attacked has increased to over 2.6 million. Meanwhile, the CVE-2020-25213 that affects the WP-Manager WordPress plugin continues to be exploited by criminals.
Hello @WordPress @ExploitDB @offsectraining.
I am security researcher and have discovered this 0 day in wordpress (wp-file-manager). I’ve mailed and requested for my CVE and authorship for the exploit but didn’t get any response. Please help me, people are stealing my work. Thks! pic.twitter.com/LOPJoRMVJ8
(@w4fz5uck5) September 8, 2020:
According to the security researcher, “I’ve sent a writeup and POC for the vulnerable plugin for the project author but didn’t get any response, and my private post was deleted. http://elFinder.py issue is a common vulnerability with so many scripts on the internet… my script only changes to “wp-content” path“.
Exploit-code – GitHub”
History/Historie/Reference/Referenz/Other Sources/Andere Quellen: