module
HP OpenView NNM 7.53, 7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow
| Disclosed | Created |
|---|---|
| 04/02/2008 | 05/30/2018 |
Disclosed
04/02/2008
Created
05/30/2018
Description
This module exploits a stack buffer overflow in HP OpenView Network Node Manager versions 7.53 and earlier.
Specifically this vulnerability is caused by a failure to properly handle user supplied input within the
HTTP request including headers and the actual URL GET request.
Exploitation is tricky due to character restrictions. It was necessary to utilize a egghunter shellcode
which was alphanumeric encoded by muts in the original exploit.
If you plan on using exploit this for a remote shell, you will likely want to migrate to a different process
as soon as possible. Any connections get reset after a short period of time. This is probably some timeout
handling code that causes this.
Specifically this vulnerability is caused by a failure to properly handle user supplied input within the
HTTP request including headers and the actual URL GET request.
Exploitation is tricky due to character restrictions. It was necessary to utilize a egghunter shellcode
which was alphanumeric encoded by muts in the original exploit.
If you plan on using exploit this for a remote shell, you will likely want to migrate to a different process
as soon as possible. Any connections get reset after a short period of time. This is probably some timeout
handling code that causes this.
Authors
bannedit muts
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/windows/http/hp_nnm_ovas
msf /(s) > show actions
...actions...
msf /(s) > set ACTION < action-name >
msf /(s) > show options
...show and set options...
msf /(s) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.