Reinforcing security before unseen vulnerabilities compromise your hard-won reputation
Our client, a major healthcare service, asked us to assess the security features of its application and infrastructure. Our penetration tests covered the client’s retail test environment and the VLANs used in the data centre. We also performed a review of the firewall ruleset.
The internal infrastructure proved to be insecure. It was very easy to escalate users’ privileges and gain unauthorised access to critical resources using simulated attacks. Even an inexperienced attacker could have conducted these attacks using ready-to-use exploitation tools downloaded from the internet.
Passwords presented another vulnerability. The privileged local administrator account shared the same password across a number of different systems. This meant that, if an attacker succeeded in exploiting one system, they would be able to gain access to any system using the same credentials. It took us less than 15 seconds to obtain the local administrator password. Even without cracking the password hash, we were able to authenticate to other hosts using the hashed password. Because one of the local administrator passwords we obtained also applied for the powerful 'Domain Administrator' account, we were able to gain complete access to the Windows domain and all devices and data held on it.
Further, the flat network structure allowed servers and workstations within the domain to communicate with virtually any other server or workstation. This represented a major security issue as it meant any client could attempt to connect to any device and potentially exploit vulnerabilities or configuration issues. Finally, we found the applications under review were not designed in line with basic security principles. The applications were mainly written in Java, which made them exceptionally easy to decompile. Potential attackers doing this would gain full access to the source code and access to valuable information about how the application worked and how it could be circumvented.
Our report contained extensive details about the issues to give our client a clear picture of the gaps in its applications and the underlying infrastructure. As a result of our work, our client has a good understanding of the steps it needs to take to secure its network and applications.
If you need help securing your applications and infrastructure, speak to one of our penetration testing experts or read more about our penetration testing services.
Or to develop your own knowledge and skills in the latest growing penetration testing techniques, find out about our leading ethical hacking training courses.