New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhance ManageEngine Endpoint Central and ServiceDesk Plus CVE-2022-47966 #18796
Conversation
Verification for manageengine servicedesk plus on linux
|
05a54c3
to
25804ed
Compare
modules/exploits/windows/http/manageengine_endpoint_central_saml_rce_cve_2022_47966.rb
Outdated
Show resolved
Hide resolved
modules/exploits/windows/http/manageengine_endpoint_central_saml_rce_cve_2022_47966.rb
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for updating this @errorxyz. I left a few other comments and suggestions after testing.
These also apply to the modules/exploits/multi/http/manageengine_servicedesk_plus_saml_rce_cve_2022_47966.rb
module, but I wasn't able to add the review inline. Note that for this module, I found an issue that prevented the Unix Command
target to work and it has been fixed here. You should rebase your branch to bring this fix and have this module work with this target.
modules/exploits/windows/http/manageengine_endpoint_central_saml_rce_cve_2022_47966.rb
Outdated
Show resolved
Hide resolved
modules/exploits/windows/http/manageengine_endpoint_central_saml_rce_cve_2022_47966.rb
Outdated
Show resolved
Hide resolved
modules/exploits/windows/http/manageengine_endpoint_central_saml_rce_cve_2022_47966.rb
Outdated
Show resolved
Hide resolved
Thank you for updating this @errorxyz. It looks good to me now. I tested both modules against Linux and Windows and verified I got a session each time. I'll go ahead and land it. Thank you again for your contribution. Note that, as I commented above, I'll update the default Java payload to Example outputManageEngine ServiceDesk PlusTarget 0 (Java) on Linux
Target 0 (Java) on Windows
Target 1 (Windows EXE Dropper)
Target 2 (Windows Command)
Target 3 (Unix Command)
Target 4 (Linux Dropper)
ManageEngine Endpoint CentralTarget 0 (Java) on Windows
Target 1 (Windows EXE Dropper)
Target 2 (Windows Command)
|
Release NotesThis updates the ManageEngine Endpoint Central and ServiceDesk Plus RCE modules for CVE-2022-47966. Particularly, it adds a Java target to be able to use Java-based payloads. |
Related to #17641
Continuation of #18515
Changes
endpoint_central
andservicedesk_plus
Verification
List the steps needed to make sure this thing works
msfconsole
use windows/http/manageengine_endpoint_central_saml_rce_cve_2022_47966
Example Usage - Endpoint Central on Windows Server 2019 - target java
Setup link