ManageEngine ADAudit Plus Xnode Enumeration
Description
This module exploits default admin credentials for the DataEngine Xnode server in ADAudit Plus versions prior to 6.0.3 (6032) in order to dump the contents of Xnode data repositories (tables), which may contain (a limited amount of) Active Directory information including domain names, host names, usernames and SIDs. This module can also be used against patched ADAudit Plus versions if the correct credentials are provided. By default, this module dumps only the data repositories and fields (columns) specified in the configuration file (set via the CONFIG_FILE option). The configuration file is also used to add labels to the values sent by Xnode in response to a query. It is also possible to use the DUMP_ALL option to obtain all data in all known data repositories without specifying data field names. However, note that when using the DUMP_ALL option, the data won't be labeled. This module has been successfully tested against ManageEngine ADAudit Plus 6.0.3 (6031) running on Windows Server 2012 R2 and ADAudit Plus 6.0.7 (6076) running on Windows Server 2019.
Author(s)
- Sahil Dhar
- Erik Wynter
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use auxiliary/gather/manageengine_adaudit_plus_xnode_enum
msf auxiliary(manageengine_adaudit_plus_xnode_enum) > show actions
...actions...
msf auxiliary(manageengine_adaudit_plus_xnode_enum) > set ACTION < action-name >
msf auxiliary(manageengine_adaudit_plus_xnode_enum) > show options
...show and set options...
msf auxiliary(manageengine_adaudit_plus_xnode_enum) > run 
- Collect and share all the information you need to conduct a successful and efficient penetration test
- Simulate complex attacks against your systems and users
- Test your defenses to make sure they’re ready
- Automate Every Step of Your Penetration Test
Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.
– Jim O’Gorman | President, Offensive Security