Hello friends. Today we will see two exploits: credential disclosure and arbitrary text file download in WebNMS Framework server 5.2. To those newbies who don’t know what WebNMS Framework Server is, it is an industry-leading framework for building network management applications and has over 25,000 deployments worldwide.Its latest version consists two vulnerabilities : credential disclosure and arbitrary text file download.
First let us see the credential disclosure exploit. Start Metasploit and load the exploit as shown below. Type command “show options” to check its options. This server runs on port 9090.
Set the target and run the exploit. It will download the credentials and store it in a file as shown below.
The next vulnerability is arbitrary text file download. Load the exploit and see its options. It is automatically set to download shadow file in Linux.
Before running the exploit type command “info” to see the information about this exploit. As you can see below, it can only download text files and if it is a Windows instance the file should be in the same directory of WebNMS.
Since we are running WebNMS framework server on a Windows machine, I have created a text file called secret.txt in the same directory. Let us try the exploit now. Set the target address, file path as shown below and run the exploit. We can see that the file has benn successfully downloaded and saved in a directory.