module

Network Shutdown Module sort_values Credential Dumper

Disclosed
2012-06-26
Created
2018-05-30

Description

This module will extract user credentials from Network Shutdown Module
versions 3.21 and earlier by exploiting a vulnerability found in
lib/dbtools.inc, which uses unsanitized user input inside a eval() call.
Please note that in order to extract credentials, the vulnerable service
must have at least one USV module (an entry in the "nodes" table in
mgedb.db).

Authors

h0ng10
sinn3r [email protected]

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


msf > use auxiliary/gather/eaton_nsm_creds
msf auxiliary(eaton_nsm_creds) > show actions
...actions...
msf auxiliary(eaton_nsm_creds) > set ACTION < action-name >
msf auxiliary(eaton_nsm_creds) > show options
...show and set options...
msf auxiliary(eaton_nsm_creds) > run

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.