New IT management 0day for sale!
This IT management system is used world-wide by thousands of companies even by fortune500 companies. It is usually connected straight to the company network, and can also be synced directly with active directory. The sync requires a domain user and you can usually find this user to be the domain admin user which is a foolish choice but is the case in many companies. This make is really useful for pwning networks and get straight into the network with AD privileges. The product can be run on both Linux and Windows, but is usually found to be running more on Windows environments.
Technical details,
The exploit comes in the form of a python script that exploits a preauth RCE which is uploaded as a Webshell to the server where the solutions run on. From this webshell you will achieve the same privileges as the service of the solution and execute arbitrary commands on it. It takes around 5 seconds to exploit the vulnerability and it does not have any dependencies.
FYI: We do not want to expose the name of the vulnerable product to not alert the vendor of this product and make them aware of any exploit attempts, we can provide more details in private.
The price for the exploit is $120,000 and we only communicate with serious buyers, we encourage deals to go through a trusted middleman.
Our team can also provide you with additional development of the exploit to include different exploit scenarios, automatic exploitation of multiple targets and other customized actions, we are a serious team of vulnerability researchers that are up to any challenges, we mainly research web / mobile apps, but also IoT and windows environments
contact us for more details on the exploit or any other enquiries.
This IT management system is used world-wide by thousands of companies even by fortune500 companies. It is usually connected straight to the company network, and can also be synced directly with active directory. The sync requires a domain user and you can usually find this user to be the domain admin user which is a foolish choice but is the case in many companies. This make is really useful for pwning networks and get straight into the network with AD privileges. The product can be run on both Linux and Windows, but is usually found to be running more on Windows environments.
Technical details,
The exploit comes in the form of a python script that exploits a preauth RCE which is uploaded as a Webshell to the server where the solutions run on. From this webshell you will achieve the same privileges as the service of the solution and execute arbitrary commands on it. It takes around 5 seconds to exploit the vulnerability and it does not have any dependencies.
FYI: We do not want to expose the name of the vulnerable product to not alert the vendor of this product and make them aware of any exploit attempts, we can provide more details in private.
The price for the exploit is $120,000 and we only communicate with serious buyers, we encourage deals to go through a trusted middleman.
Our team can also provide you with additional development of the exploit to include different exploit scenarios, automatic exploitation of multiple targets and other customized actions, we are a serious team of vulnerability researchers that are up to any challenges, we mainly research web / mobile apps, but also IoT and windows environments
contact us for more details on the exploit or any other enquiries.
