Solarwinds Log and Event Manager/Trigeo SIM 6.1.0 - Remote Command Execution Exploit

ID 1337DAY-ID-24512
Type zdt
Reporter Chris Graham
Modified 2015-11-06T00:00:00


Exploit for windows platform in category remote exploits

Python 2.7
Tested on: 
Ubuntu 14.04 LTS
Vulnerable Appliance Version: 6.1.0
The script will need to be run sudo since it uses sockets
which bind to port 21 and 80. These could be changed, but the rest of 
the script would need to be modified as well. 
Prior to running the python script, set up a netcat listener for the
reverse shell: netcat -l 4444
Example: sudo python -t -b -l -lp 4444
After access has been gained to the appliance, a new admin user can be added to the web console
by editing /usr/local/contego/run/manager/UserContextLibrary.xml. Simply copy the xml structure 
for the admin user that is already in there and then change the fields to create a new user. In
order to get a valid password hash, use the script included with this package. 
Please note that a manager restart will be needed before you can login with the new user. This 
can be accomplished by running "/etc/init.d/contego-manager restart"
Proof of Concept:

# [2018-04-08]  #