OverPass-the-Hash in 1C Enterprise
To gain access to 1C Enterprise, you need a username and password. In case 1C works with LDAP authentication and you only have the user's NTLM hash, you can use Rubeus to launch 1C using the OverPass-the-Hash attack. Thus, you can access 1C Enterprise without having a password in the plaintext.
If the compromised user has permissions to run "External data processors", you can get a reverse shell of the 1C server.
https://github.com/KraudSecurity/1C-Exploit-Kit/tree/master/1C-Shell
#1c #pth #rubeus #ad
To gain access to 1C Enterprise, you need a username and password. In case 1C works with LDAP authentication and you only have the user's NTLM hash, you can use Rubeus to launch 1C using the OverPass-the-Hash attack. Thus, you can access 1C Enterprise without having a password in the plaintext.
Invoke-Rubeus -Command "asktgt /user:i.ivanov /domain:APTNOTES.LOCAL /rc4:A87F3A337D73085C45F9416BE5787D86 /createnetonly:C:\1cestart.exe /show"
Bonus:If the compromised user has permissions to run "External data processors", you can get a reverse shell of the 1C server.
https://github.com/KraudSecurity/1C-Exploit-Kit/tree/master/1C-Shell
#1c #pth #rubeus #ad
🔥7👍2
🔐 Bitrix CMS Ultimate Pentest Guide
A detailed guide on penetration testing for 1C-Bitrix CMS, one of the most popular content management systems in CIS countries. The guide covers authentication bypasses, XSS, SSRF, LFI, RCE exploits, WAF bypass methods, and vulnerabilities in third-party modules (especially Aspro).
🔗 Source:
https://pentestnotes.ru/notes/bitrix_pentest_full/
#1c #bitrix #web
A detailed guide on penetration testing for 1C-Bitrix CMS, one of the most popular content management systems in CIS countries. The guide covers authentication bypasses, XSS, SSRF, LFI, RCE exploits, WAF bypass methods, and vulnerabilities in third-party modules (especially Aspro).
🔗 Source:
https://pentestnotes.ru/notes/bitrix_pentest_full/
#1c #bitrix #web
2🔥15👍8😁7❤2