14.-Osticket

1. Credential Dumping with Dehashed

Use Dehashed to find leaked credentials for company employees:

sudo python3 dehashed.py -q inlanefreight.local -pid : 5996447501

Note: Requires a valid Dehashed API key.

2. Subdomain Enumeration

Identify additional attack surfaces like VPN portals, internal tools, or exposed services:

cat ilfreight_subdomains

Tools to use: sublist3r, amass, assetfinder, etc.

3. osTicket Enumeration

Identifying osTicket Instances:

Run EyeWitness to capture web application screenshots.
Look for cookies like OSTSESSID, indicating an osTicket session.
Check the page footer for mentions of "powered by osTicket" or "Support Ticket System."

Creating a Ticket (to obtain email addresses):

Open the osTicket web portal.
Submit a new support ticket.
Note the assigned internal email address (e.g., 940288@inlanefreight.local).
Use this email to register for other company services (Slack, GitLab, etc.).

4. Credential Testing

Manually test leaked credentials on the osTicket portal and other discovered services.
Check support tickets for sensitive information like:
- Password reset details.
- Internal system configurations.
- Employee email addresses and usernames.

5. Exploiting osTicket Vulnerabilities

Searching for Known Exploits:

Check Exploit-DB for vulnerabilities in osTicket versions:

Remote File Inclusion (RFI)
SQL Injection (SQLi)
File Upload Exploits
Cross-Site Scripting (XSS)
Server-Side Request Forgery (SSRF)

Example - CVE-2020-24881 (SSRF in osTicket v1.14.1)

This vulnerability can be used for internal port scanning or accessing internal resources.

Contact support staff with fabricated technical issues to gather information.
Ask naive questions to elicit details about internal processes and systems.

7. Prevention & Mitigation

Reducing Exposure:

Minimize the number of externally exposed applications.
Enforce Multi-Factor Authentication (MFA) on all external portals.
Educate employees on social engineering threats and phishing attempts.
Implement strong password policies and enforce periodic password changes.

Key Takeaways

osTicket systems can leak valuable internal information.
Social engineering is an effective method to extract sensitive data.
Credential reuse poses a significant security risk.
Strong security practices are crucial to mitigating these risks.

🚨 Use these techniques only on systems you have explicit permission to test. Unauthorized testing is illegal and unethical.

Previous4. Customer Service Mgmt & Configuration Management Next15.Gitlab-discovery-and-enumeration

Last updated 12 days ago

14.-Osticket

1. Credential Dumping with Dehashed

Use Dehashed to find leaked credentials for company employees:

sudo python3 dehashed.py -q inlanefreight.local -pid : 5996447501

Note: Requires a valid Dehashed API key.

2. Subdomain Enumeration

Identify additional attack surfaces like VPN portals, internal tools, or exposed services:

cat ilfreight_subdomains

Tools to use: sublist3r, amass, assetfinder, etc.

3. osTicket Enumeration

Identifying osTicket Instances:

Run EyeWitness to capture web application screenshots.
Look for cookies like OSTSESSID, indicating an osTicket session.
Check the page footer for mentions of "powered by osTicket" or "Support Ticket System."

Creating a Ticket (to obtain email addresses):

Open the osTicket web portal.
Submit a new support ticket.
Note the assigned internal email address (e.g., 940288@inlanefreight.local).
Use this email to register for other company services (Slack, GitLab, etc.).

4. Credential Testing

Manually test leaked credentials on the osTicket portal and other discovered services.
Check support tickets for sensitive information like:
- Password reset details.
- Internal system configurations.
- Employee email addresses and usernames.

5. Exploiting osTicket Vulnerabilities

Searching for Known Exploits:

Check Exploit-DB for vulnerabilities in osTicket versions:

Remote File Inclusion (RFI)
SQL Injection (SQLi)
File Upload Exploits
Cross-Site Scripting (XSS)
Server-Side Request Forgery (SSRF)

Example - CVE-2020-24881 (SSRF in osTicket v1.14.1)

This vulnerability can be used for internal port scanning or accessing internal resources.

Contact support staff with fabricated technical issues to gather information.
Ask naive questions to elicit details about internal processes and systems.

7. Prevention & Mitigation

Reducing Exposure:

Minimize the number of externally exposed applications.
Enforce Multi-Factor Authentication (MFA) on all external portals.
Educate employees on social engineering threats and phishing attempts.
Implement strong password policies and enforce periodic password changes.

Key Takeaways

osTicket systems can leak valuable internal information.
Social engineering is an effective method to extract sensitive data.
Credential reuse poses a significant security risk.
Strong security practices are crucial to mitigating these risks.

🚨 Use these techniques only on systems you have explicit permission to test. Unauthorized testing is illegal and unethical.

Previous4. Customer Service Mgmt & Configuration Management Next15.Gitlab-discovery-and-enumeration

Last updated 12 days ago

1. Credential Dumping with Dehashed

2. Subdomain Enumeration

3. osTicket Enumeration

Identifying osTicket Instances:

Creating a Ticket (to obtain email addresses):

4. Credential Testing

5. Exploiting osTicket Vulnerabilities

Searching for Known Exploits:

Example - CVE-2020-24881 (SSRF in osTicket v1.14.1)

6. Social Engineering Tactics

7. Prevention & Mitigation

Reducing Exposure:

Key Takeaways

1. Credential Dumping with Dehashed

2. Subdomain Enumeration

3. osTicket Enumeration

Identifying osTicket Instances:

Creating a Ticket (to obtain email addresses):

4. Credential Testing

5. Exploiting osTicket Vulnerabilities

Searching for Known Exploits:

Example - CVE-2020-24881 (SSRF in osTicket v1.14.1)

6. Social Engineering Tactics

7. Prevention & Mitigation

Reducing Exposure:

Key Takeaways