Create exploit for CVE-2020-11858 / Micro Focus Operations Bridge Manager Local Privilege Escalation

[pedrib]

This creates a local Windows exploit for CVE-2020-11858. See details at:
https://github.com/pedrib/PoC/blob/master/advisories/Micro_Focus/Micro_Focus_OBM.md (vulnerability 7).

It allows an unpriviliged user (such as Guest) to escalate privileges to SYSTEM.

1. Install the application
2. Start msfconsole
3. use exploit/windows/local/microfocus_operations_privesc.rb
4. set session SESSION
5. set lhost YOUR_IP
6. run
7. You should get a shell.

pcap's available on request!

[agalway-r7]

Hey @pedrib, would you be able to either send PCAPs for this PR to the msfdev email or run a demo for this module? I'm not able to get a vulnerable version of OBM without forking out for a Micro Focus Licence

[pedrib]

@agalauner-r7 I have sent it to msfdev@metasploit.com, with subject "Captures for PR #14730"

Let me know if you need anything else!

[agalway-r7]

PCAP wasn't that useful for checking if the module worked as expected due to the exploit being local, but based on other modules landed by pedrib for OBM and my being able to get the payload written to a victim machine correctly, I'd say this is good to go in 👍

[agalway-r7]

Release Notes

New module exploits/windows/local/microfocus_operations_privesc achieves privilege escalation assuming target is running a vulnerable version of OBM and user already has a session on said machine which supports Powershell. This module writes a payload to specific folder, then sends request to OBM process via the loopback address to trigger payload execution.

[pedrib]

awesome, thank you!