New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
centreon useralias exec #6965
centreon useralias exec #6965
Conversation
super( | ||
update_info( | ||
info, | ||
'Name' => 'Centreon v2.5.3 Unauthenticated Command Execution', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Name field should begin with the name of the vendor, followed by the software. Ideally the "Root Cause" field means which component or function the bug is found. And finally, the type of vulnerability the module is exploiting.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And no version either. Leave that to the description or a version field (if we ever get around to it). In general, Name
should mimic the module name (or vice versa).
We have #6976 merged in now. It was an example for pull request training. :) |
) | ||
/LoginInvitVersion"><br \/>[\s]+(?<version_high>[\d]{1,2})\.(?<version_med>[\d]{1,2})\.(?<version_low>[\d]{1,2})[\s]+<\/td>/ =~ res.body | ||
|
||
if version_high && version_med && version_low && \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bwatters-r7 I know how much you love setting up difficult/multi-step software packages. this one screams your name! |
I'll hit this when I get back Thursday, unless someone else wants it. On Jun 21, 2016 19:26, h00die notifications@github.com wrote: @wvu-r7https://github.com/wvu-r7 @wchen-r7https://github.com/wchen-r7 anyone want to build a VM and try this? Don't want it to fall too far behind. Software install is ~30min (building the deps to get the website installed) — |
I tried for a couple minutes and then gave up. |
Abandon hope ye who enter here.So I spent several hours trying to get a test platform working, and it is extremely unpleasant and the documentation I saw on exploit-db is not really helpful, nor are the conflicting setup documents online, mostly for very old versions of Centreon. The process is pretty long and any one of the settings that you change could break the application and/or the vulnerability. Personally, I gave up on creating the test platform and I'm about to go drink a beer, but if anyone else would like to try, here are the steps I followed in my attempt. I had hoped to find a clear, concise set-up document, but I could not. I tried to make one here, but I gave up. If anyone has such a document, please post it. I think I got close, but got a seg fault when trying to start ndo2db, one of many dependencies. All that being said, I'm not a CentOS/Redhat guy, nor am I familiar with any of the dependency binaries that must be configured for Centreon to work. It is entirely possible that I took a left turn somewhere and the fix is easy. What I learned I needed to do before even trying to install Centreon:
EDIT..... installdb is actually in /tmp/ndoutils-2.0.0/db
At this point, I got a seg fault. Walking away for now.
Notes during the actual attempted installation of Centreon:
|
I will note that if you are in the Web site install portion, not just the command line install, there were like 2 folders or so that I didn't have and was like...... so I just gave it folders that existed. It got me through the install, I'm sure the app itself would be borked, but all you need is the Web login so whatever. |
@bwatters-r7 pending I get some time tomorrow, i'll rebuild my VM from scratch and take copious notes so you can give this a second try w/ hopefully a better outcome! |
@bwatters-r7 ok, I have now redone the instructions, from scratch. From the web install, you'll notice i flub many of the folders. Since we don't need anything to work except the login, its unimportant. This took me a little over an hour to do. 1 more chance? |
Sweet, @h00die ! I was off-grid last week, but I'll revisit this week. |
Test Run
|
Release NotesCentreon is a free network monitoring software suite, and this module takes advantage of security holes in how Centreon's web portal logs database errors to execute arbitrary code on the remote host. |
@h00die Thanks for the extra guidance; I ran into some other snags, but that was exactly what I needed to get me close enough! |
no problem at all! |
Adds exploit for Centreon web command injection as documented in EDB 39501
This application had many steps to get installed and working. Please see the doc, as it will assist with links to get your environment installed. I think it took me a little over an hour to install all the components and get the website to load.
Verification
List the steps needed to make sure this thing works
msfconsole
use exploit/linux/http/centreon_useralias_exec
set payload
set rhost
set verbose true
check
exploit