Skip to content

Commit c8feb5c

Browse files
h4x-x0rh4x-x0r
committed
Updated formatting
1 parent c1bf8df commit c8feb5c

File tree

1 file changed

+13
-7
lines changed

1 file changed

+13
-7
lines changed

documentation/modules/exploit/windows/scada/mypro_cmdexe.md

Lines changed: 13 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4,15 +4,20 @@
44

55
This module exploits a command injection vulnerability in mySCADA MyPRO <= v8.28.0 (CVE-2023-28384).
66

7-
An authenticated remote attacker can exploit this vulnerability to inject arbitrary OS commands, which will get executed in the context of `NT AUTHORITY\SYSTEM`.
7+
An authenticated remote attacker can exploit this vulnerability to inject arbitrary OS commands, which will get executed in the context of
8+
`NT AUTHORITY\SYSTEM`.
89
This module uses the default admin:admin credentials, but any account configured on the system can be used to exploit this issue.
910

10-
Versions <= 8.28.0 are affected. CISA published [ICSA-23-096-06](https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06) to cover the security issues. The official changelog for the updated version, v8.29.0, is available [here](https://web.archive.org/web/20230320130928/https://www.myscada.org/changelog/?section=version-8-29-0), although it only mentions a "General security improvement" without further details.
11+
Versions <= 8.28.0 are affected. CISA published [ICSA-23-096-06](https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06) to cover
12+
the security issues. The official changelog for the updated version, v8.29.0, is available
13+
[here](https://web.archive.org/web/20230320130928/https://www.myscada.org/changelog/?section=version-8-29-0), although it only mentions a
14+
"General security improvement" without further details.
1115

1216
**Vulnerable Application Installation**
1317

1418
A trial version of the software can be obtained from [the vendor](http://nsa.myscada.org/myPRO/WIN/myPRO_x64_8.28.0.exe).
15-
For the product to work correctly, the project and log directories need to be configured first, which can be done through the web inteface (navigate to System > Storage).
19+
For the product to work correctly, the project and log directories need to be configured first, which can be done through the web inteface
20+
(navigate to System > Storage).
1621

1722
**Successfully tested on**
1823

@@ -36,17 +41,18 @@ msf6 exploit(windows/scada/mypro_cmdexe) > exploit
3641
You should get a meterpreter session in the context of `NT AUTHORITY\SYSTEM`.
3742

3843
## Options
39-
**USERNAME**
44+
### USERNAME
4045

4146
The username of a MyPRO user (default: admin)
4247

43-
**PASSWORD**
48+
### PASSWORD
4449

4550
The associated password of the MyPRO user (default: admin)
4651

4752
## Scenarios
4853

49-
Running the exploit against MyPRO v8.28.0 on Windows 10 22H2, using curl as a fetch command, should result in an output similar to the following:
54+
Running the exploit against MyPRO v8.28.0 on Windows 10 22H2, using curl as a fetch command, should result in an output similar to the
55+
following:
5056

5157
```
5258
msf6 exploit(windows/scada/mypro_cmdexe) > exploit
@@ -71,4 +77,4 @@ Microsoft Windows [Version 10.0.19045.4651]
7177
C:\WINDOWS\system32>whoami
7278
whoami
7379
nt authority\system
74-
```
80+
```

0 commit comments

Comments
 (0)