New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpManager Version Check #8260
OpManager Version Check #8260
Conversation
It seems like you could skip the version check by having a more accepting regex in the key check, like so: if res && res.code == 200 && res.body =~ /window.(?:OPM.)?apiKey = "([a-z0-9])"/ Am I missing something or does that work? |
That works and it's way easier, my ruby is not brilliant (just tested on version 11 of OpManager) Then it might be healthy to change the target name to reflect other versions, as the exploit is valid for versions 11.0 - 11.6. Thank you egypt! |
Updated verification steps above in the description... |
Thanks for this module update, @cleorun! I made a couple of tweaks to this PR, see under the "commits" section. Verified on Windows Server 2012 with OpManager v11.4 (i.e. windows.apiKey) and v11.5 (i.e. windows.OPM.apiKey), both worked as expected with similar output:
It appears this module is missing a nice documentation markdown file, I'll add it and then land this PR. |
Release NotesA version check for OpManager has been added to the exploits/windows/http/manage_engine_opmanager_rce module. The exploit now uses the appropriate call for the API key value based on the version, which allows it to work on older versions that use a different call. |
TY, @alrosenthal-r7! |
thank you! |
Checks for the version of the OpManager. For version 11.6 the call for the api key value is different from the one in version 11.0, which stops the current exploit from working on older versions. The rest of the exploit works the same.
For versions 11.5 and up /window.OPM.apiKey
For version 11.0 /window.apiKey
Tested on version 11.0
Verification
msfconsole
use exploit/windows/http/manage_engine_opmanager_rce
set RHOST <IP addr of target system running OpManager>
exploit