How to Decrypt Manage Engine PMP Passwords for Fun and Domain Admin - a Red Teaming Tale
5 September 2022 at 10:00
TL;DR During a recent Red Teaming assessment we have found an internet-exposed instance of ManageEngine’s Password Manager Pro which was vulnerable to a pre-authentication Remote Code Execution (CVE-2022-35405). After gaining code execution we reverse engineered the password encryption/decryption routine to decrypt all the passwords and hack our way to become Domain Admin.
What’s a Red Teaming? Red Team(ing) is an abused word in the InfoSec world and it’s commonly used to define various things: