![]() (root) NOPASSWD: /opt/zimbra/libexec/zmmailboxdmgr (root) NOPASSWD: /opt/zimbra/common/sbin/nginx (root) NOPASSWD: /opt/zimbra/common/sbin/amavis-mc (root) NOPASSWD: /opt/zimbra/libexec/zmmtastatus (root) NOPASSWD: /opt/zimbra/libexec/zmqstat (root) NOPASSWD: /opt/zimbra/common/sbin/postcat (root) NOPASSWD: /opt/zimbra/common/sbin/postsuper (root) NOPASSWD: /opt/zimbra/common/sbin/postconf (root) NOPASSWD: /opt/zimbra/common/sbin/ (root) NOPASSWD: /opt/zimbra/common/sbin/postalias (root) NOPASSWD: /opt/zimbra/common/sbin/postfix (root) NOPASSWD: /opt/zimbra/libexec/zmslapd (root) NOPASSWD: /opt/zimbra/libexec/zmunbound (root) NOPASSWD: /opt/zimbra/libexec/zmstat-fd * ![]() User zimbra may run the following commands on zimbratest: Matching Defaults entries for zimbra on zimbratest:Įnv_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, !requiretty Helpfully, there are a number of commands we can run with “sudo” and no sudo -l We go with the obvious: we check what we can run with “sudo”. The host platform I installed it on was an Ubuntu 18.04 virtual machine. Instead, given it is a huge pile of Java and other stuff, I decided to just assume you had code execution as the “zimbra” user (by exploiting some hole in the web services), and look for LPE (Local Privilege Escalation) bugs. I plan to get around to finding a remote in it at some point. Zimbra is largely a huge mess of Java webshit, so I decided to favour my sanity somewhat and not bother looking for remotes at that time. I also find that “responsible” disclosure in general is a crock of shit that lets vendors bully researchers into silence. I’m simply dropping these as full disclosure, because the Zimbra “disclosure policy” prohibits publication of exploit code, which is something I find incredibly disagreeable. Recently I decided to have a look at the somewhat popular email and collaboration platform, Zimbra, with the idea to go find some bugs in it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |