module
Xymon Daemon Gather Information
| Disclosed | Created |
|---|---|
| N/A | Aug 15, 2019 |
Disclosed
N/A
Created
Aug 15, 2019
Description
This module retrieves information from a Xymon daemon service
(formerly Hobbit, based on Big Brother), including server
configuration information, a list of monitored hosts, and
associated client log for each host.
This module also retrieves usernames and password hashes from
the `xymonpasswd` config file from Xymon servers before 4.3.25,
which permit download arbitrary config files (CVE-2016-2055),
and servers configured with `ALLOWALLCONFIGFILES` enabled.
(formerly Hobbit, based on Big Brother), including server
configuration information, a list of monitored hosts, and
associated client log for each host.
This module also retrieves usernames and password hashes from
the `xymonpasswd` config file from Xymon servers before 4.3.25,
which permit download arbitrary config files (CVE-2016-2055),
and servers configured with `ALLOWALLCONFIGFILES` enabled.
Authors
Markus Krell
bcoles [email protected]
bcoles [email protected]
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.