[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

McAfee ePolicy Orchestrator 4.6.0-4.6.5 (ePowner) - Multiple Vulnerabilities

Author
st3n
Risk
[
Security Risk High
]
0day-ID
0day-ID-22191
Category
remote exploits
Date add
29-04-2014
CVE
CVE-2013-0140
Platform
windows
# Exploit Title: McAfee ePolicy Orchestrator 4.6.0-4.6.5 (ePowner) - Multiple vulnerabilities
# Date: 20 November 2012
# Exploit Author: st3n@funoverip.net (a.k.a. jerome.nokin@gmail.com)
# Vendor Homepage: http://www.mcafee.com/uk/products/epolicy-orchestrator.aspx
# Version: 4.6.0 -> 4.6.5
# Tested on: Windows 2003/2008
# CVE : CVE-2013-0140 , CVE-2013-0141
# More info on: http://funoverip.net/?p=1685
 
PoC: http://www.exploit-db.com/sploits/ePowner.0.1.tar.gz
 
=====================================================================================================
 INTRODUCTION
=====================================================================================================
 
- In short, this tool registers a rogue agent on the ePo server and then takes advantage of the
  following vulnerabilities to perform multiple actions :
 
    - CVE-2013-0140 : Pre-auth SQL Injection
    - CVE-2013-0141 : Pre-auth Directory Path Traversal
 
- The tool manages the following actions, called "mode" :
 
     -r, --register          Register a new agent on the ePo server (it's free)
     --check                 Check the SQL Injection vunerability
     --add-admin             Add a new web admin account into the DB
     --readdb                Retrieve various information from the database
     --get-install-path      Retrieve the installation path of ePo software (needed for other modes)
     --ad-creds              Retrieve and decrypt cached domain credentials from ePo database.
     --wipe                  Wipe our traces from the database and file system
     --srv-exec              Perform remote command execution on the ePo server
     --srv-upload            Upload files on the ePo server
     --cli-deploy            Deploy commands or softwares on clients
 
 
- It is strongly advised to read the manual which explains how to use these modes (see below).
  But basically, your two first actions must be :
 
    1) Register a rogue agent using '--register'
 
    2) Setup Remote Code execution using '--srv-exec --wizard'
        
 
- Usage examples are provided at the end of this file. It is recommended to read the doc before
  any of usage of them.
 
- You may find a vulnerable version of the ePo software on my blog. Deploy 2 VMs (eposrv + epocli) and
  test it !
 
- The tool was developed/tested on Backtrack 5r3, Kali Linux 1.0.6 and Ubuntu 12.04.
  It won't work under Windows due to linux tools dependencies.
  . ePolicy Orchestrator was running on Win2003 and Win2003 R2
  . The managed station were running on WinXPsp3 and Win7

#  0day.today [2024-12-24]  #