Dark ozpy

When Zimbra XXE and SSRF vulnerability has been found and published by tint0 in his blog i actively do the RnD to reproduce it by using Burp Suite and postman. The result is the CVE are working then i do broadcast to my team for the upgrade ASAP because at that time if anyone publishing the exploit it can lead to RCE (remote code execution) which a lot of things can do such as putting backdoor, etc.

Then i create a script for doing automation to scan several vulnerability zimbra (thanks to shodan and google dorks) if it's found then i do fetch some information and a POC after that i send them an email like this.

 
Some of them is replying for appreciation (also guide them to do patch) and a lot of them ignoring it :D, the purpose i doing this is purely not for profit just to make awareness. Until comes where the vulnerability has been published in exploit-db then they are screaming.

Here's a part of my automation script by extending my own python Zimbra SOAP api library namely ozpy.

What I Learn

These are some points of what i learn from this CVE in my Zimbra implementation:
  • Considering make a separation between user access end point servers such as Proxy (webmail, imap, pop3) and SMTP (submission, smtps) with mailbox server. by multiserver architecture.
  • Just open internet or public access only for necessary server. Mailbox server doesn't required here. DMZ may a good option.
  • Monitor for all community forum, mail list for the latest news.

Comments

Post a Comment

Popular posts from this blog

Disable sending telemetry data in DotNet

Recently i am working with an open source application which built using DotNet (C#), but while i watching some data flow outside using command netstat the DotNet is make connection outside, then when i figure it out it's belong to azure's in singapore. Then i do some search in google then what i'm found is DotNet is sending telemetry data then for disable it by set an environment variable export DOTNET_CLI_TELEMETRY_OPTOUT=1 For set permanently you may add it in /etc/profile , After that it disable sending telemetry data.
Read more

Running debug SMTP server with python

Python has builtin module for creating smtp server since version 2.x, sometime for me it's very useful when i just want to run lightweight smtp instance without need to run the actual one such as postfix (in zimbra distribution). the purpose of it may vary but i often used for debugging mail sending between smtp server. It's very easy to use it, no code need just execute following command. $ python -m smtpd -d -n -c DebuggingServer 0.0.0.0:10025 Explanation: -m : run inline command from specific module. -d : print out all smtp message in wire. -n : the daemon will run as nobody . -c : smtpd class that will be used, if you not specified it then it will use PureProxy (transfer received smtp message to another smtp instance) 0.0.0.0:25 specified in which IP and port where it will listen. Further more you can see more detail by from it's help message   $ python -m smtpd --help
Read more