CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/linux/http/alienvault_exec.md
Views: 1904
Vulnerable Application
This module exploits object injection, authentication bypass and ip spoofing vulnerabities all together. Unauthenticated users can execute arbitrary commands under the context of the root user.
By abusing authentication bypass issue on gauge.php lead adversaries to exploit object injection vulnerability which leads to SQL injection attack that leaks an administrator session token. Attackers can create a rogue action and policy that enables to execute operating system commands by using captured session token. As a final step, SSH login attempt with a invalid credentials can trigger a created rogue policy which triggers an action that executes operating system command with root user privileges.
This module was tested against AlienVault USM 5.2.5.
Vulnerable Application Installation Steps
Major version of older releases can be found at following URL. http://downloads.eu.alienvault.com/c/download
You can download file named as AlienVault-USM_trial_5.2.5.zip which contains a OVA file. In order to complete installation phase, you have to apply https://www.alienvault.com/try-it-free . Once alienvault sales team validate your information, you will be able to complete the installation with your e-mail address.
Verification Steps
A successful check of the exploit will look like this: