This Metasploit module exploits default admin credentials for the DataEngine Xnode server in DataSecurity Plus versions prior to 6.0.1 (6011) in order to dump the contents of Xnode data repositories (tables), which may contain (a limited amount of) Active Directory information including domain names, host names, usernames and SIDs. This Metasploit module can also be used against patched DataSecurity Plus versions if the correct credentials are provided. By default, this module dumps only the data repositories and fields (columns) specified in the configuration file (set via the CONFIG_FILE option). The configuration file is also used to add labels to the values sent by Xnode in response to a query. It is also possible to use the DUMP_ALL option to obtain all data in all known data repositories without specifying data field names. However, note that when using the DUMP_ALL option, the data wont be labeled. This Metasploit module has been successfully tested against ManageEngine DataSecurity Plus 6.0.1 (6010) running on Windows Server 2012 R2.
de6dde1377442590c48c5335bbcb930b72408e67a27d24ee356f1ed71693b573This Metasploit module exploits default admin credentials for the DataEngine Xnode server in ADAudit Plus versions prior to 6.0.3 (6032) in order to dump the contents of Xnode data repositories (tables), which may contain (a limited amount of) Active Directory information including domain names, host names, usernames and SIDs. This Metasploit module can also be used against patched ADAudit Plus versions if the correct credentials are provided. By default, this module dumps only the data repositories and fields (columns) specified in the configuration file (set via the CONFIG_FILE option). The configuration file is also used to add labels to the values sent by Xnode in response to a query. It is also possible to use the DUMP_ALL option to obtain all data in all known data repositories without specifying data field names. However, note that when using the DUMP_ALL option, the data wont be labeled. This Metasploit module has been successfully tested against ManageEngine ADAudit Plus 6.0.3 (6031) running on Windows Server 2012 R2 and ADAudit Plus 6.0.7 (6076) running on Windows Server 2019.
c2de94555ba89596372ca6b2811a8375a6619a106be79a7871fbd24fd83c6b11ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffer from an authentication bypass vulnerability.
4fdd0a374d4602e83df4826d1fa9df4688afc640985f07e5c06d6e72891299a4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed