Once a member of the notorious hacktivist movement LulzSec, and now security researcher Darren Martyn (Darren Martyn) published an exploit for a vulnerability in the SonicWall VPN application. The exploit targets vulnerabilities exploited by the hacker Phineas Fisher to break into the Italian manufacturer of hacking tools Hacking Team.
Martin posted the exploit on his blog on Monday, January 25, a day after SonicWall reported that attackers had infiltrated its network through a zero-day vulnerability in its own hardware. According to the researcher, he decided to publish an exploit to demonstrate the security issues with SonicWall.
“Given the news that SonicWall has been hacked through zero-day vulnerabilities in its own products, it would be fun to post this,” Martin said.
The researcher wrote the exploit after reading a description of an attack on an offshore bank in 2019 provided by hacker Phineas Fisher. According to Phineas Fisher, in the course of hacking a financial organization, he exploited a zero-day vulnerability in the bank's SonicWall VPN solution. The same vulnerability was used by a hacker in an attack on the Hacking Team in 2015.
After reading the Phineas Fisher post, Martin was able to create his own exploit in just two minutes. According to the researcher, the description of the attack has "everything you need" for this.
As reported by SonicWall, the vulnerabilities exploited in the attacks were fixed in 2015 with the release of SonicWall SMA 18.104.22.168, and cannot be exploited in SonicWall SMA 9 and 10.
The last step in the chain of exploiting the vulnerability - obtaining administrative privileges in SonicWall VPN, the researcher decided not to publish, so that inexperienced hackers could not simply copy the exploit and use it to harm.