From 26545cbd68e4698b7251e849fcd55c93f0b85291 Mon Sep 17 00:00:00 2001 From: wchen-r7 Date: Fri, 21 Oct 2016 18:28:21 -0500 Subject: [PATCH] Add ManageEngine Desktop Central Vuln to Metasploitable3 --- Vagrantfile | 8 +++- resources/jenkins/jenkins.exe | Bin 204800 -> 192000 bytes resources/manageengine/setup.iss | 44 ++++++++++++++++++++++ scripts/configs/configure_firewall.bat | 5 ++- scripts/installs/install_manageengine.bat | 2 + 5 files changed, 56 insertions(+), 3 deletions(-) create mode 100644 resources/manageengine/setup.iss create mode 100644 scripts/installs/install_manageengine.bat diff --git a/Vagrantfile b/Vagrantfile index 9669742..d81d261 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -24,8 +24,8 @@ Vagrant.configure("2") do |config| config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 # Add users and add to groups - config.vm.provision :shell, path: "scripts/configs/create_users.bat" - config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + #config.vm.provision :shell, path: "scripts/configs/create_users.bat" + #config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 # Vulnerability - Unpatched IIS and FTP config.vm.provision :shell, path: "scripts/installs/setup_iis.bat" @@ -88,6 +88,10 @@ Vagrant.configure("2") do |config| config.vm.provision :shell, path: "scripts/installs/setup_mysql.bat" config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + # Vulnerability - ManageEngine Desktop Central + config.vm.provision :shell, path: "scripts/installs/install_manageengine.bat" + config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 + # Vulnerability - Axis2 config.vm.provision :shell, path: "scripts/installs/setup_axis2.bat" config.vm.provision :shell, inline: "rm C:\\tmp\\vagrant-shell.bat" # Hack for this bug: https://github.com/mitchellh/vagrant/issues/7614 diff --git a/resources/jenkins/jenkins.exe b/resources/jenkins/jenkins.exe index da00d06cf8cb3cc5058666fa8ab11855d0825067..339c277ac8d070908af739d03f200602b4bd611b 100755 GIT binary patch delta 1146 zcmZ8heN0zBj%hck(6_)- z8PdQPgNVQa!%Gf;xGw_Igcs=inrUe&8*g${GE%ju;-xj?=M@jpKJCj@Tc}!pc!6!u zHsfgQ3O6e=@ zg1ee#v}t!f{c=3xK9zA(EaPV1$9og~;l>Xyl-iA3dyy|2im)%zxxc-$+kdb-Xk9wI zQF=Zy;cq{kFTX~2+m17})@Z=7^=7Cj{)B67OV0IziINk4u77*efe&827#aF;C>FS~ zac|A&>A@@WT_?}Jaq`K;)%K@c=~s>oJ^1>TFG5EmN^5V|WZox_-R?`Jhqw3b_@TLf zK#DhQBUXW2UX=y^t5ZL8gRLvOyN(sVX`3kV7+y1B7q_Fat2fwA%3hw{HpOZz=Ij|` zBU7x;^fWd%Kf2lA8)E0Hr`jLzR|TqqHO7vJ=eeHXZ|8jhSjV$_cpG?|4|lb9KHF_D z8twsZbL$N^BOn9(wc)J~H*V#&PCt=kg|^}q*d4Np{IDqmETF8F_3k zV#BvssnDCkSuueWhL`jMrbUj=iGL#vFI94USu|4!lcJse!j$MFqB${-Qdku4qcrY_ zBb@1!5(vR3t)(1#Nb*r5o{=i36$hnjSWSb{23k#HoYRPyw2AKDTP>N+G`m%D=0#c%V&gg)sGLJ0hm`%!2 zSt(ZXC6zOk3bUCh(bx3Rc{aG*7~7TU?ARK0{cB)#pwK1oVdkGfY;u8l=p$KJG+TtF M4sis>)AR@Z2RCglBLDyZ delta 1190 zcmb7De@K*f82>!a-TU6Tdw1NO)~pV9$7_10ska{_u0JMQTS?9IL?uRr_QOq>WNm{j zrneiTt!AVz;~Uj5+Sovb;I4Y-AGK40DP_2eEJ?OIi8i5Ng~GNN?E8B9$Nm_!FMOZR z=lOo0Upx;_Y{nH!YR5lWf2{e(W-OgFm|WxperF(%ef$}=EDuOTb(VX2FFi$`-l-Dz zXYzZSWhuWSj^1Fd5u{!2JL#nWRv?dYjC9pw8QH{+(^T+8wG3tH9-HwC1ui>np&%ra?2+L}>I$GHb)fAki;+wlSmSQ~IL??eKy|=7Pr8FXmPqdAg?IVrBkovZkoKE)l1us2}>_Q1^k3BRkt)8Hjg%7mqfzZa*9EXlm_^_w^+jw^rA8yOmG#!JUhWXb}^O9g;i%{!}TselYV}O zMkm4b8 z@H&TV-P7n(#xaePi}G3fyyX4LU&uhG3dzqY4ywnfqR|{~D_(kld&&x$#=NqcGI*q% zl9pa|9Q7zxgY+lXt3_0U-Re5pj{Ry1Idnp;q#PQMHZ?HSYWZ&QRix7?tSX@NqO(qQ z)B=l7V@};AjUK9P6ch((5izo)6DkI10{8JZUZrO0phq^R zeUJF*CRd8cEzT2uDa?(x*zfcVKO9a>7LC93_2A`^FDfE0i2Z4vafNLGuo58htrg7~ zE?4Y;_dRhm!>hv|`Z}E;U+iOV>{BJcez!ZvVfS^qeQSOBYJkb@D|0y57wZw%GJIlj zeEqY$!i{rF>tl`Rni!eoH8#0X=C89{{8&qvT~uoo@0#vAJn#6g&9zM4aN3~BMCph* LG{y`6GlBUJ6vlBT diff --git a/resources/manageengine/setup.iss b/resources/manageengine/setup.iss new file mode 100644 index 0000000..02b486f --- /dev/null +++ b/resources/manageengine/setup.iss @@ -0,0 +1,44 @@ +[InstallShield Silent] +Version=v7.00 +File=Response File +[File Transfer] +OverwrittenReadOnly=NoToAll +[{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-DlgOrder] +Dlg0={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdWelcome-0 +Count=9 +Dlg1={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdLicense-0 +Dlg2={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdAskDestPath-0 +Dlg3={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-MessageBox-0 +Dlg4={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-AskText-0 +Dlg5={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdSelectFolder-0 +Dlg6={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdStartCopy-0 +Dlg7={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdShowMailPanel-20319 +Dlg8={BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdFinish-0 +[{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdWelcome-0] +Result=1 +[{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdLicense-0] +Result=1 +[{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdAskDestPath-0] +szDir=C:\ManageEngine +Result=1 +[{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-MessageBox-0] +Result=1 +[{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-AskText-0] +szText=8020 +Result=1 +[{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdSelectFolder-0] +szFolder=ManageEngine Desktop Central +Result=1 +[{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdStartCopy-0] +Result=1 +[Application] +Name=ManageEngine Desktop Central +Version=9.0.0 +Company=ZOHO Corp +Lang=0409 +[{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdShowMailPanel-20319] +Result=1 +[{BCEF6F6B-E530-4D5E-8DB7-C54F96DB9D2A}-SdFinish-0] +Result=1 +bOpt1=0 +bOpt2=1 diff --git a/scripts/configs/configure_firewall.bat b/scripts/configs/configure_firewall.bat index 8a11596..9cf8715 100644 --- a/scripts/configs/configure_firewall.bat +++ b/scripts/configs/configure_firewall.bat @@ -1,4 +1,4 @@ -netsh advfirewall firewall add rule name="Open Port 8383 for Jenkins" dir=in action=allow protocol=TCP localport=8383 +netsh advfirewall firewall add rule name="Open Port 8484 for Jenkins" dir=in action=allow protocol=TCP localport=8484 netsh advfirewall firewall add rule name="Open Port 5985 for WinRM" dir=in action=allow protocol=TCP localport=5985 netsh advfirewall firewall add rule name="Open Port 8282 for Apache Struts" dir=in action=allow protocol=TCP localport=8282 netsh advfirewall firewall add rule name="Open Port 80 for IIS" dir=in action=allow protocol=TCP localport=80 @@ -9,3 +9,6 @@ netsh advfirewall firewall add rule name="Open Port 8585 for Wordpress and phpMy netsh advfirewall firewall add rule name="Java 1.6 java.exe" dir=in action=allow program="C:\openjdk6\openjdk-1.6.0-unofficial-b27-windows-amd64\jre\bin\java.exe" enable=yes netsh advfirewall firewall add rule name="Open Port 3000 for Rails Server" dir=in action=allow protocol=TCP localport=3000 netsh advfirewall firewall add rule name="Open Port 3306 for MySQL" dir=in action=allow protocol=TCP localport=3306 +netsh advfirewall firewall add rule name="Open Port 8020 for ManageEngine Desktop Central" dir=in action=allow protocol=TCP localport=8020 +netsh advfirewall firewall add rule name="Open Port 8383 for ManageEngine Desktop Central" dir=in action=allow protocol=TCP localport=8383 +netsh advfirewall firewall add rule name="Open Port 8022 for ManageEngine Desktop Central" dir=in action=allow protocol=TCP localport=8022 diff --git a/scripts/installs/install_manageengine.bat b/scripts/installs/install_manageengine.bat new file mode 100644 index 0000000..5282b99 --- /dev/null +++ b/scripts/installs/install_manageengine.bat @@ -0,0 +1,2 @@ +powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://archives.manageengine.com/desktop-central/91084/ManageEngine_DesktopCentral.exe', 'C:\Windows\Temp\ManageEngine_DesktopCentral.exe')"