search

14.-Osticket

hashtag
1. Credential Dumping with Dehashed

Use Dehashed to find leaked credentials for company employees:

sudo python3 dehashed.py -q inlanefreight.local -pid : 5996447501

Note: Requires a valid Dehashed API key.

hashtag
2. Subdomain Enumeration

Identify additional attack surfaces like VPN portals, internal tools, or exposed services:

cat ilfreight_subdomains

Tools to use: sublist3r, amass, assetfinder, etc.

hashtag
3. osTicket Enumeration

hashtag
Identifying osTicket Instances:

  • Run EyeWitness to capture web application screenshots.

  • Look for cookies like OSTSESSID, indicating an osTicket session.

  • Check the page footer for mentions of "powered by osTicket" or "Support Ticket System."

hashtag
Creating a Ticket (to obtain email addresses):

  1. Open the osTicket web portal.

  2. Submit a new support ticket.

  3. Note the assigned internal email address (e.g., 940288@inlanefreight.local).

  4. Use this email to register for other company services (Slack, GitLab, etc.).

hashtag
4. Credential Testing

  • Manually test leaked credentials on the osTicket portal and other discovered services.

  • Check support tickets for sensitive information like:

    • Password reset details.

    • Internal system configurations.

    • Employee email addresses and usernames.

hashtag
5. Exploiting osTicket Vulnerabilities

hashtag
Searching for Known Exploits:

Check Exploit-DB for vulnerabilities in osTicket versions:

  • Remote File Inclusion (RFI)

  • SQL Injection (SQLi)

  • File Upload Exploits

  • Cross-Site Scripting (XSS)

  • Server-Side Request Forgery (SSRF)

hashtag
Example - CVE-2020-24881 (SSRF in osTicket v1.14.1)

  • This vulnerability can be used for internal port scanning or accessing internal resources.

hashtag
6. Social Engineering Tactics

  • Contact support staff with fabricated technical issues to gather information.

  • Ask naive questions to elicit details about internal processes and systems.

hashtag
7. Prevention & Mitigation

hashtag
Reducing Exposure:

  • Minimize the number of externally exposed applications.

  • Enforce Multi-Factor Authentication (MFA) on all external portals.

  • Educate employees on social engineering threats and phishing attempts.

  • Implement strong password policies and enforce periodic password changes.

hashtag
Key Takeaways

  • osTicket systems can leak valuable internal information.

  • Social engineering is an effective method to extract sensitive data.

  • Credential reuse poses a significant security risk.

  • Strong security practices are crucial to mitigating these risks.

🚨 Use these techniques only on systems you have explicit permission to test. Unauthorized testing is illegal and unethical.

Previous4. Customer Service Mgmt & Configuration ManagementNext15.Gitlab-discovery-and-enumeration

Last updated