- #WHAT HAPPENED TO SYMANTEC BACKUP EXEC 2014 SOFTWARE#
- #WHAT HAPPENED TO SYMANTEC BACKUP EXEC 2014 PASSWORD#
In the recovered database you will find a table called LoginAccounts that contains all the domain usernames and passwords that were configured by the administrators of the system, to let BE access different hosts on the network. bak file is just a standard MS SQL backup that you can parse with any SQL Server instance. After incrementing the infamous Lamer Counter a couple of times (#ProTip: if you use cURL to download something, don’t forget to remove the HTTP response headers from the output) I realized that this. So I grabbed the file and read Symantec’s documentation about the DB recovery process. However the database backup located at \data\bedb.bak was readable!
#WHAT HAPPENED TO SYMANTEC BACKUP EXEC 2014 SOFTWARE#
This software uses MS SQL Server to store all the information required to perform backup and restore, but unfortunately the database files were inaccessible by my user. But I knew, my old lady is listening at port 10000, so I started to enumerate the default files of Backup Exec.
#WHAT HAPPENED TO SYMANTEC BACKUP EXEC 2014 PASSWORD#
Since I didn’t have broad permissions and I didn’t know anything about the filesystem, I couldn’t access any interesting configuration files, password dumps or other precious loot. The software itself was the most recent version with all publicliy known bugs patched, but on the same host there was another “enterprice level” application that granted me limited file read rights through a pretty dumb vulnerability. My most recent “date” with Backup Exec turned out a bit unusual. In practice all Backup Exec installations I encountered had domain administrative access granted.īut how exactly can we escalate our privileges from a single Backup Exec instance? But this is not the best part from an attackers perspective.īackup Exec is a backup software (surprise!) that by definition needs access to the most important parts of the domain (why would you backup something you don’t care about?), so as you get access to a Backup Exec instance theoretically you also get access to the most important data on the network.
![what happened to symantec backup exec 2014 what happened to symantec backup exec 2014](https://i0.wp.com/www.alphr.com/wp-content/uploads/2014/11/it_photo_146110.jpg)
![what happened to symantec backup exec 2014 what happened to symantec backup exec 2014](http://allstarsite922.weebly.com/uploads/1/2/4/1/124145361/468316631.gif)
Although most of these vulnerabilities aren’t new, some users tend to accept the risk of running unsupported versions because purchasing the new releases isn’t cheap.
![what happened to symantec backup exec 2014 what happened to symantec backup exec 2014](http://heavenlyweightloss.weebly.com/uploads/1/2/3/7/123745027/558248835.jpg)
Symantec (formerly Veritas) Backup Exec is one of my all-time favorites in pentest projects: it has a very nice list of vulnerabilities ranging form basic stack overflows through a hardcoded password to arbitrary file reads.