module
ManageEngine DataSecurity Plus Xnode Enumeration
| Disclosed | Created |
|---|---|
| N/A | Sep 1, 2022 |
Disclosed
N/A
Created
Sep 1, 2022
Description
This module exploits default admin credentials for the DataEngine
Xnode server in DataSecurity Plus versions prior to 6.0.1 (6011)
in order to dump the contents of Xnode data repositories (tables),
which may contain (a limited amount of) Active Directory
information including domain names, host names, usernames and SIDs.
This module can also be used against patched DataSecurity Plus
versions if the correct credentials are provided.
By default, this module dumps only the data repositories and fields
(columns) specified in the configuration file (set via the
CONFIG_FILE option). The configuration file is also used to
add labels to the values sent by Xnode in response to a query.
It is also possible to use the DUMP_ALL option to obtain all data
in all known data repositories without specifying data field names.
However, note that when using the DUMP_ALL option, the data won't be labeled.
This module has been successfully tested against ManageEngine
DataSecurity Plus 6.0.1 (6010) running on Windows Server 2012 R2.
Xnode server in DataSecurity Plus versions prior to 6.0.1 (6011)
in order to dump the contents of Xnode data repositories (tables),
which may contain (a limited amount of) Active Directory
information including domain names, host names, usernames and SIDs.
This module can also be used against patched DataSecurity Plus
versions if the correct credentials are provided.
By default, this module dumps only the data repositories and fields
(columns) specified in the configuration file (set via the
CONFIG_FILE option). The configuration file is also used to
add labels to the values sent by Xnode in response to a query.
It is also possible to use the DUMP_ALL option to obtain all data
in all known data repositories without specifying data field names.
However, note that when using the DUMP_ALL option, the data won't be labeled.
This module has been successfully tested against ManageEngine
DataSecurity Plus 6.0.1 (6010) running on Windows Server 2012 R2.
Authors
Sahil Dhar
Erik Wynter
Erik Wynter
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.