Sangfor Intranet roaming (breaking through remote application sandbox)
Sangfor Intranet roaming, Enterprise Security!
Sangfor is the vpn manufacturer. Is there any problem with the vpn security mechanism? Yesterday I found the mailbox security problem. As a result, today I found that the vpn also has the same problem, and the vpn has a problem, this means that the door of the enterprise is open to the outside! Enterprise Security deserves profound attention!
Vpn is commonly used for Domain Verification and pre-configured account and password verification. I am talking about common, does not contain other tall dynamic code or something. I have some knowledge about Sangfor vpn. I think it should not be a domain verification method, but it should be a further verification method. There is a risk of database hit. What if the idea is correct and the database is small?
# Start penetration
Sangfor is sure to use its own production vpn and try to guess the second-level domain name
vpn.sangfor.comsslvpn.sangfor.comssl.sangfor.com
The third hit
Search for Sangfor mailboxes in big data and pair them one by one to get a usable vpn account zhouxl zhoux132940
Bird in
Then there is a wonderful roaming.
Sensitive information.
Dedecms and account and password are all written on the title. This is why I am not going to penetrate further. It's really easy.
Let's take a look at the following fun and break through the Sangfor sandbox, so that the Remote Application address is exposed in the original way.
This is a convincing Remote Application function. An office word allows you to view the disk of the remote server when saving files. But how can you know the address? Write a file in word: // y
Then edit the hyperlink and you will get it done ?.. (Are you kidding me ?)
After all, the company's intranet doesn't go deep. People are at work!
Solution:
Or security mechanisms