module
LANDesk Lenovo ThinkManagement Console Remote Command Execution
| Disclosed | Created |
|---|---|
| 2012-02-15 | 2018-05-30 |
Disclosed
2012-02-15
Created
2018-05-30
Description
This module can be used to execute a payload on LANDesk Lenovo
ThinkManagement Suite 9.0.2 and 9.0.3.
The payload is uploaded as an ASP script by sending a specially crafted
SOAP request to "/landesk/managementsuite/core/core.anonymous/ServerSetup.asmx"
, via a "RunAMTCommand" operation with the command '-PutUpdateFileCore'
as the argument.
After execution, the ASP script with the payload is deleted by sending
another specially crafted SOAP request to "WSVulnerabilityCore/VulCore.asmx"
via a "SetTaskLogByFile" operation.
ThinkManagement Suite 9.0.2 and 9.0.3.
The payload is uploaded as an ASP script by sending a specially crafted
SOAP request to "/landesk/managementsuite/core/core.anonymous/ServerSetup.asmx"
, via a "RunAMTCommand" operation with the command '-PutUpdateFileCore'
as the argument.
After execution, the ASP script with the payload is deleted by sending
another specially crafted SOAP request to "WSVulnerabilityCore/VulCore.asmx"
via a "SetTaskLogByFile" operation.
Authors
Andrea Micalizzi
juan vazquez juan.vazquez@metasploit.com
juan vazquez juan.vazquez@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.