This Metasploit module exploits a well known remote code execution exploit after establishing encrypted control communications with a Data Protector agent. This allows exploitation of Data Protector agents that have been configured to only use encrypted control communications. This exploit works by executing the payload with Microsoft PowerShell so will only work against Windows Vista or newer. Tested against Data Protector 9.0 installed on Windows Server 2008 R2.
d6104ee164909d896d2db7f3faa4bb142889d586dbc1d543620408ee9bbbccf2
HP Data Protector version A.09.00 suffers from an arbitrary command execution vulnerability.
d3f1ffffb6eef9ed7cc7377227cb355ba26d3c2faa89427fe68466377916027e
HP Security Bulletin HPSBGN03580 1 - Potential security vulnerabilities have been identified in HP Data Protector that could allow the remote execution of code or the unauthorized disclosure of information. Revision 1 of this advisory.
fe555940ce11a58464ddf248fb5f34613b1577e3c29742dd8f78b82baddfc1de