Tag Archives: Numara

BMC/Numara Track-It! Decrypt Pass Tool

Today during a Penetration Test of a client I came across a piece of software called “Track-It!” by Numara, who was since acquired by BMC. Now this application is used by IT Helpdesks to offer centralised control of assets, so it was definitely worth a look at from a testing point of view. I found an open (Readable by Domain Users) network share on the installation server named “TrackIt” which internally exposed configuration files such as trackit.cfg which contained intersting lines such as:

RemoteInstallPass=AAABASE64HEREAAA==
DomainAdminPass=BBBBASE64HEREBBB==

Continue reading: BMC/Numara Track-It! Decrypt Pass Tool