loading...

25 April 2021
Manage Engine Security Manager Plus Application Exploitation

Home / Blog

mouse

Hello everyone! I am Mark kalalo. I am a new guy in the field of cyber security. I just wanna share my very first write-up about penetration testing.

It is all about how I hacked into a computer with a vulnerable application.

I know you're very excited! Let's begin!

RECONNAISSANCE / SCANNING

I used nmap for scanning the victim machine with the command:

nmap 192.168.157.130 -sv -O

Task 1: How many ports are open?
Task 2: What is the version of applications?
Task 3: Seach for hackable stuff.

There's a lot of open ports but this open port 6262 running in http service give me a juicy information.

PORT STATE Service VERSION
6262/tcp open http Apache Tomcat/Coyote JSP engine 1.1
6767/tcp open ssl/bmc-perf-agent?

It means that we can access the http service using ip address and port number. -> 192.168.157.130:6262

VULNERABILITY ANALYSIS

I saw the application.

Manage Engine Security Manager Plus application Version Apache Tomcat/Coyote JSP engine 1.1

So I decided to conduct a research about this app and I found that this app is a network security application to monitor and manage the authorization devices in the particular network.

This app is also outdated version. This is something makes me so excited because there's a chance to have a known exploit about vulnerable app.

EXPLOITAION

So i started to search it on metasploit framework. This is the results:

0 auxiliary/scanner/http/manageengine_securitymanager_traversal normal ManageEngine SecurityManager Plus 5.5 Directory Traversal
1 exploit/multi/http/manageengine_search_sqli excellent ManageEngine Security Manager Plus 5.5 Build 5505 SQL Injection

The first 0 normal is a kind of sql injection to access the databases
The second 1 excellent is also a sql injection to access the your computer through this app.

After that, set the payload meterpreter and choose 1 run exploit.

If you see the meterpreter, you are successfully access the windows computer.

FINAL ANALYSIS, REVIEW AND REPORT

In this final review, analysis and report, we searched for the potential threats such as open ports, services, version etc. We used nmap, a tool used for networking scanning. After the analysis and research about we scanned, the application we see is vulnerable so we got the chance to exploit it. We used Metasploit Framework for exploitation.

Check this link -> https://www.exploit-db.com/exploits/22094

1. Always update the application.
2. Turn on the firewall (private and public) protection.
3. Always back up your files.
4. Always use strong passwords.