Internal networks can have massive attack surfaces that organizations commonly overlook. Organizations will frequently prioritize hardening their external presence while missing major internal problems. Attackers can exploit these vulnerabilities to compromise the internal domain, get sensitive data, and potentially wreak havoc on the target company. Blue Goat’s team is well-versed in identifying and exploiting misconfigurations on the internal domain to ensure your network is fully hardened against attacks.
Initial Access
Internal tests can be done from an authenticated or unauthenticated standpoint. Authenticated tests will typically provide the tester with a low-privilege account to simulate an attacker starting with a compromised account. Unauthenticated tests work to see if attackers can get initial access to the domain through various means. This can involve social engineering attacks, exploitation of vulnerabilities, traffic sniffing, abusing misconfigurations, and other means depending on the unique environment.
One commonly overlooked area is miscellaneous network-connected devices, such as printers, thermostats, televisions, or anything that can access the domain. These can often have out-of-date software vulnerable to exploitation or weak credentials that give easy access to the device. These devices will often be connected to various domain services and store other valuable information.
Accessing this data can often provide a foothold into the network. Once initial access is achieved, it can be easy for attackers to move around the domain. Even simply abusing intended functionality can allow attackers to get deeper into the network. A good example is if a printer is compromised, the attacker can access the same resources that the printer has access to.
Case Study
During this internal test, our team at Blue Goat was starting from a completely unauthenticated black box approach. Initial enumeration revealed numerous devices across the network with default credentials. Some of these were Konica Minolta printers. All of these printers were kept fully up to date with the latest software, but our team was able to exploit the intended functionality of the printers.
Printers will be connected to SMB or FTP servers to send print jobs across the network. These printers will have elevated access with the ability to read and write to the file share. Some Konica Minolta printers have a flaw where the clear text credentials for the SMB and FTP servers can be extracted as long as the printer’s password is known. In this instance, we were able to get access to the printer by simply using the default credentials for the printer.
This exploit has publicly available code, further increasing the severity of the problem. When exploits do not have to be hand-crafted by attackers, they can open up the attack surface to a far greater number of attackers.
Upon identifying the default credentials being left in place, we attempted to exploit the printer to extract any stored credentials and were rewarded with SMB credentials that worked across the domain. Our team used these SMB credentials to access numerous file shares across the domain. Many of these shares held valuable and confidential information that would have been accessible to anyone able to access the printer.
Issue Remediation
This information falling into the hands of attackers could be disastrous. Our team at Blue Goat made a great effort to craft a remediation plan for the client and prevent similar problems from occurring again. Best practices and proper access control were implemented to prevent unauthorized access to network devices or sensitive information. This also assists with meeting various compliance requirements to ensure your organization is up to standard.
At Blue Goat, we take great pride in working with our clients to find solutions that fully remediate any vulnerabilities while avoiding impeding necessary business processes. Many fixes can be difficult to implement and frustrating for end users once put in place. We strive to find the proper solution to meet all of the customer’s needs while preventing cybercrime.
Evaluate Your Internal Domain’s Strength with Blue Goat Cyber
Blue Goat can work with your team to harden your internal network against malicious actors. We will use our years of experience to work with you and find the proper security solutions. Contact us to learn more.
