Jump to content

GeekOfTheSouth

Members
  • Content Count

    12
  • Joined

  • Last visited

Community Reputation

2 Neutral

My Information

  • Agent Count
    200+

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. GeekOfTheSouth

    Automate Security Issue- Patch 11 and 12

    There was a little more to it than that... I got pretty angry at T3 for various reasons when they initially looked at the problem. Regardless, I should have handled it better.
  2. GeekOfTheSouth

    Automate Security Issue- Patch 11 and 12

    Thank you... Sorry about posting publicly, but I was a little afraid it was going to go down the same path and the developer wouldn't be able to reproduce. Will my ticket still be updated when a resolution is in place?
  3. GeekOfTheSouth

    Automate Security Issue- Patch 11 and 12

    It is on a DMZ vlan, and I definitely could lock it down at the ASA... But I would rather just stop the service from answering. There are other servers on that vlan that I don't fully control security on. Same with windows firewall... Ours is maintained by GPO, and I don't have exclusive access. Curious, how does putting the LTShare on another volume stop the service from doing this?
  4. GeekOfTheSouth

    Automate Security Issue- Patch 11 and 12

    I've created a user than only has access to LTShare and am running fileservice as that... Not sure what all that will break, but better than my internal network being able to hit that service. While doing so, I was running procmon on the server and that service really does some strange things. It looked like it was running through all my scheduled report files over and over again, then it would start enumerating other folders in the windows directory... Very strange.
  5. GeekOfTheSouth

    Automate Security Issue- Patch 11 and 12

    My Ticket was moved to a board that CW says is not visible to their partners, so I won't be able to update much. The ticket is still not assigned, according to them. I don't really like that, but whatever.
  6. GeekOfTheSouth

    Automate Security Issue- Patch 11 and 12

    So a few things that seem to be a requirement: FileService must be started Automate 12 Patch 11 or above (possible patch 10) Must connect over HTTP (12413) Port must be accessible through the firewall (Windows or 3rd Party) You can read more on directory traversal here: https://null-byte.wonderhowto.com/how-to/perform-directory-traversal-extract-sensitive-information-0185558/
  7. GeekOfTheSouth

    Automate Security Issue- Patch 11 and 12

    Man, I was feeling like I had been doing something wrong! Okay, this is up to tier 3 support at CW... Please open your own tickets!
  8. GeekOfTheSouth

    Automate Security Issue- Patch 11 and 12

    These are servers configured by CW... anonymous permissions are on both the default IIS site and the labtech virtual directory.
  9. GeekOfTheSouth

    Automate Security Issue- Patch 11 and 12

    I do have screenconnect running on that same server...
  10. GeekOfTheSouth

    Automate Security Issue- Patch 11 and 12

    Looks like that is over https? It has to be over http and port 12413. I've confirmed it on two different LT servers and CW confirmed last night, finally.
  11. GeekOfTheSouth

    Automate Security Issue- Patch 11 and 12

    Hmm... Were you on the local subnet or going through a firewall that has that port closed?
  12. Found an issue and have raised it with CW multiple times... Feel like I am getting blown off. Patch 11 and 12 have a directory traversal bug that is pretty serious... Can any of you reproduce? Basically this url pattern: http://LTServer.yourdomain.com:12413/..../..../..../..../..../..../..../..../..../windows/win.ini Allows you to enumerate and download any file on the automate server... ANY file. With no authentication.
  13. GeekOfTheSouth

    SSH Enable on Cisco Switches

    Trying to script entering enable mode on a Cisco 2960 switch. The SSH session starts fine, I send the enable command fine, but it seems like there is a double carriage return at the end of the enable command that skips right past the password prompt. My password just sends to a regular switch prompt. Anybody know a trick to get this working?
×