Description
This module abuses a known default password in IBM Data Risk Manager. The 'a3user' has the default password 'idrm' and allows an attacker to log in to the virtual appliance via SSH. This can be escalate to full root access, as 'a3user' has sudo access with the default password. At the time of disclosure this was an 0day, but it was later confirmed and patched by IBM. Versions <= 2.0.6.1 are confirmed to be vulnerable.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/linux/ssh/ibm_drm_a3usermsf undefined(ibm_drm_a3user) > show actions ...actions...msf undefined(ibm_drm_a3user) > set ACTION < action-name >msf undefined(ibm_drm_a3user) > show options ...show and set options...msf undefined(ibm_drm_a3user) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub