Metasploit Penetration Testing Framework

modules / auxiliary / admin / http / hp_web_jetadmin_exec
OSVDB: CVE:
BID: MSB:
TEXT:

HP Web JetAdmin 6.5 Server Arbitrary Command Execution

This module abuses a command execution vulnerability within the web based management console of the Hewlett-Packard Web JetAdmin network printer tool v6.2 - v6.5. It is possible to execute commands as SYSTEM without authentication. The vulnerability also affects POSIX systems, however at this stage the module only works against Windows. This module does not apply to HP printers.

Rank

  • Normal

Authors

  • patrick < patrick [at] aushack.com >

References

Development

Similar Modules

Usage Information

$ msfconsole

                ##                          ###           ##    ##
 ##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use auxiliary/admin/http/hp_web_jetadmin_exec
msf auxiliary(hp_web_jetadmin_exec) > set RHOST [TARGET IP]
msf auxiliary(hp_web_jetadmin_exec) > run

Module Options

CMD The command to execute. (default: net user metasploit password /add)
Proxies Use a proxy chain
RHOST The target address
RPORT The target port (default: 8000)
VHOST HTTP server virtual host
BasicAuthPass The HTTP password to specify for basic authentication
BasicAuthUser The HTTP username to specify for basic authentication
FingerprintCheck Conduct a pre-exploit fingerprint verification
SSL Negotiate SSL for outgoing connections
SSLVersion Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
UserAgent The User-Agent header to use for all requests
WORKSPACE Specify the workspace for this module
HTTP::header_folding Enable folding of HTTP headers
HTTP::method_random_case Use random casing for the HTTP method
HTTP::method_random_invalid Use a random invalid, HTTP method for request
HTTP::method_random_valid Use a random, but valid, HTTP method for request
HTTP::pad_fake_headers Insert random, fake headers into the HTTP request
HTTP::pad_fake_headers_count How many fake headers to insert into the HTTP request
HTTP::pad_get_params Insert random, fake query string variables into the request
HTTP::pad_get_params_count How many fake query string variables to insert into the request
HTTP::pad_method_uri_count How many whitespace characters to use between the method and uri
HTTP::pad_method_uri_type What type of whitespace to use between the method and uri (accepted: space, tab, apache)
HTTP::pad_post_params Insert random, fake post variables into the request
HTTP::pad_post_params_count How many fake post variables to insert into the request
HTTP::pad_uri_version_count How many whitespace characters to use between the uri and version
HTTP::pad_uri_version_type What type of whitespace to use between the uri and version (accepted: space, tab, apache)
HTTP::uri_dir_fake_relative Insert fake relative directories into the uri
HTTP::uri_dir_self_reference Insert self-referential directories into the uri
HTTP::uri_encode_mode Enable URI encoding (accepted: none, hex-normal, hex-all, hex-random, u-normal, u-all, u-random)
HTTP::uri_fake_end Add a fake end of URI (eg: /%20HTTP/1.0/../../)
HTTP::uri_fake_params_start Add a fake start of params to the URI (eg: /%3fa=b/../)
HTTP::uri_full_url Use the full URL for all HTTP requests
HTTP::uri_use_backslashes Use back slashes instead of forward slashes in the uri

Copyright © 2003-2010 Rapid7 LLC
Rapid7 Privacy Statement