Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Gather Credential of WebNMS Framework Server using Metasploit

0
0

This module abuses two vulnerabilities in WebNMS Framework Server 5.2 to extract all user credentials. The first vulnerability is a unauthenticated file download in the FetchFile servlet, which is used to download the file containing the user credentials. The second vulnerability is that the the passwords in the file are obfuscated with a very weak algorithm which can be easily reversed. This module has been tested with WebNMS Framework Server 5.2 and 5.2 SP1 on windows and linux.

Exploit Targets

WebNMS Framework Server 5.2

Requirement

Attacker: kali Linux

Victim PC: WebNMS Framework Server 5.2

Open Kali terminal type msfconsole


Gather Credential of WebNMS Framework Server using Metasploit

Now type use auxiliary/admin/http/webnms_cred_disclosure

msf exploit( webnms_cred_disclosure )> set rhost 192.168.0.103 (IP of Remote Host)

msf exploit( webnms_cred_disclosure )> set rport 9090

msf exploit( webnms_cred_disclosure )> exploit


Gather Credential of WebNMS Framework Server using Metasploit

Viewing all articles
Browse latest Browse all 12749


click here for Latest and Popular articles on Intel Technologies