module

TeamCity Agent XML-RPC Command Execution

Disclosed	Created
Apr 14, 2015	Mar 19, 2019

Disclosed

Apr 14, 2015

Created

Mar 19, 2019

Description

This module allows remote code execution on TeamCity Agents configured
to use bidirectional communication via xml-rpc. In bidirectional mode
the TeamCity server pushes build commands to the Build Agents over port
TCP/9090 without requiring authentication. Up until version 10 this was
the default configuration. This module supports TeamCity agents from
version 6.0 onwards.

Author

Dylan Pindur [email protected]

Platform

Linux,Windows

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/multi/misc/teamcity_agent_xmlrpc_exec
    msf exploit(teamcity_agent_xmlrpc_exec) > show targets
        ...targets...
    msf exploit(teamcity_agent_xmlrpc_exec) > set TARGET < target-id >
    msf exploit(teamcity_agent_xmlrpc_exec) > show options
        ...show and set options...
    msf exploit(teamcity_agent_xmlrpc_exec) > exploit

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report