首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
McAfee ePolicy Orchestrator 4.6.0-4.6.5 (ePowner) - Multiple Vulnerabilities
来源:st3n@funoverip.net 作者:st3n 发布时间:2014-04-29  
# Exploit Title: McAfee ePolicy Orchestrator 4.6.0-4.6.5 (ePowner) - Multiple vulnerabilities
# Date: 20 November 2012
# Exploit Author: st3n@funoverip.net (a.k.a. jerome.nokin@gmail.com)
# Vendor Homepage: http://www.mcafee.com/uk/products/epolicy-orchestrator.aspx
# Version: 4.6.0 -> 4.6.5
# Tested on: Windows 2003/2008
# CVE : CVE-2013-0140 , CVE-2013-0141
# More info on: http://funoverip.net/?p=1685
  
PoC: http://www.exploit-db.com/sploits/ePowner.0.1.tar.gz
  
=====================================================================================================
 INTRODUCTION
=====================================================================================================
  
- In short, this tool registers a rogue agent on the ePo server and then takes advantage of the 
  following vulnerabilities to perform multiple actions :
  
    - CVE-2013-0140 : Pre-auth SQL Injection
    - CVE-2013-0141 : Pre-auth Directory Path Traversal
  
- The tool manages the following actions, called "mode" :
  
     -r, --register          Register a new agent on the ePo server (it's free)
     --check                 Check the SQL Injection vunerability
     --add-admin             Add a new web admin account into the DB
     --readdb                Retrieve various information from the database
     --get-install-path      Retrieve the installation path of ePo software (needed for other modes)
     --ad-creds              Retrieve and decrypt cached domain credentials from ePo database.
     --wipe                  Wipe our traces from the database and file system
     --srv-exec              Perform remote command execution on the ePo server
     --srv-upload            Upload files on the ePo server
     --cli-deploy            Deploy commands or softwares on clients
  
  
- It is strongly advised to read the manual which explains how to use these modes (see below). 
  But basically, your two first actions must be :
  
    1) Register a rogue agent using '--register'
  
    2) Setup Remote Code execution using '--srv-exec --wizard'
         
  
- Usage examples are provided at the end of this file. It is recommended to read the doc before
  any of usage of them.
  
- You may find a vulnerable version of the ePo software on my blog. Deploy 2 VMs (eposrv + epocli) and
  test it !
  
- The tool was developed/tested on Backtrack 5r3, Kali Linux 1.0.6 and Ubuntu 12.04. 
  It won't work under Windows due to linux tools dependencies.
  . ePolicy Orchestrator was running on Win2003 and Win2003 R2
  . The managed station were running on WinXPsp3 and Win7
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·NTP ntpd monlist Query Reflect
·SEP Manager 12.1.2015.2015 Ove
·InfraRecorder 0.53 Unicode Buf
·Adobe Flash Player Type Confus
·GeoCore MAX DB 7.3.3 Blind SQL
·AlienVault OSSIM SQL Injection
·Mac OS X NFS Mount Privilege E
·Apache Struts ClassLoader Mani
·Wireshark 1.8.12/1.10.5 wireta
·F5 BIG-IQ 4.1.0.2013.0 - Privi
·Symantec Endpoint Protection M
·HP Laser Jet - JavaScript Pers
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved